London, 18 Dec - The Iranian Regime poses an ever-increasing cyber threat to the US, as evidenced by their many attacks against US entities and interests over the past few months, but experts fear this could be significantly amplified if Donald Trump decides to end the nuclear deal in January.
James Lewis, Senior Vice President and Program Director at the Center for Strategic and International Studies (CSIS), said: “The Iranians don’t want the nuclear deal to go away, and so that is the thing that shapes their behaviour to the U.S. If we did cancel the nuclear deal, I think in some ways that would take the leash off when it comes to cyber actions.”
While Leslie Ireland, former Assistant Secretary of the Treasury for Intelligence and Analysis, said: “The costs of Iran walking away from the [nuclear deal] are too great still, and what they will rely upon are the asymmetric measures that they have—cyber and proxy activity on the ground.”
Birth of a hacking enterprise
The Regime’s cyber attacks began in the early 2000s- with hackers defacing websites- but since then, they have conducted much more sophisticated campaigns including disruptive denial of service (DDoS) attacks and the probing of networks for critical infrastructure facilities.
They have targeted US banks, a New-York dam, and many other US governmental, financial, and military entities as well as attacking US allies like Israel and Saudi Arabia.
Rhea Siers, former Deputy Associate Director for Policy at the National Security Agency, said: “Iranians are using cyber capabilities and information operations to shore up its conflict with the Gulf States and Saudi Arabia. They are using cyber on a continuous basis to confront Israel and other US partners in the Middle East. The latest reports on their capabilities provide clear information that the Iranians have prepared their contingency planning to strike back at the U.S., Israel, Saudi Arabia and others. The number of Iranian-originated or assisted attacks is rising rapidly. Additionally, it is safe to assume that the Iranians have also learned how effective information operations can be, given the Russian experience, as well as recent events in Qatar.”
State sponsored cyber attacks
According to technology analyst Levi Maxey on The Cipher Brief, Iran conducts state sponsored cyber attacks through a veil of hacktivism, claiming that the hacker are individuals. In reality, they are overseen by the Supreme Council of Cyberspace, established by Ayatollah Ali Khamenei in March 2012.
Lewis said: “They are very often organized through the Basij – which is an Iranian paramilitary group. People who have these abilities are on the payroll or getting some support from the Iranian government, but aren’t necessarily Iranian government employees. They have a network of individuals who are private, but will carry out government instructions.”
One such group, the Islamic Cyber Resistance, is controlled by Iran-back Hezbollah. It leaked sensitive material about the Saudi army and the Israeli Defense Forces.
There are also links between the Regime’s hacking operations and that of Syrian dictator Bashar Assad, according to former CIA and NSA Chief Michael Hayden.
But why are the Regime turning to cyber attacks and why all the secrecy?
Well, political scientist Dr. Majid Rafizadeh wrote on Arab News that this was a “key element” of the Regime’s foreign policy, national security and long-term strategic agenda. It fits in perfectly with the Iranian Regime’s strategy of attacking its enemies while minimising retaliation.
Dr. Majid Rafizadeh wrote: “Before the age of the internet, Tehran relied heavily on proxies, mercenaries and militias. Using indirect methods gives the ruling mullahs an advantage, and lowers the risk and cost. It helps the Iranian leaders dodge responsibility and accountability and provides them with the powerful tool of deniability on the international stage. Iran has never been held accountable when its puppets were caught attacking another nation, smuggling weapons, or violating international laws.”