Iran’s cyber capability is the focus of a detailed study called “Iran’s Cyber Threat,” to be published soon by Collin Anderson and Karim Sadjadpour of the Carnegie Endowment for International Peace.
The disclosures about Iran’s cyberattacks are a reminder that America and its allies live in a dangerous electronic ecosystem. Russia’s hacking of the 2016 U.S. presidential campaign gets daily coverage, and China’s theft of American secrets has also been well-publicized. What gets too little attention are the less-sophisticated but still-toxic weapons available to dozens of smaller countries.
The Iran study is timely: The Trump administration has declared its desire to help Saudi Arabia and other allies push back against Iran’s proxies. But Tehran’s allies can fight back, sometimes in ways that are hard to identify or attribute. That’s especially true with cyberweapons.
The Carnegie study describes a small but capable Iranian cyber capability that evolved partly to gather foreign intelligence and partly to spy on domestic opposition groups that coalesced in the 2009 Green Movement. Iranian hackers developed payback motive, too, after 2012 newspaper reports about the U.S. and Israeli “Stuxnet” malware attacks on the Iranian nuclear program that had started in 2007.
A decade ago, Iran began mobilizing its own resources. This home-grown hacking culture is one of the report’s most interesting findings, because it can probably be duplicated in dozens of other emerging economies. “Iran’s cyber capabilities appear to be indigenously developed, arising from local universities and hacking communities,” the report notes. “Threat actors seemingly arise from nowhere and operate in a dedicated manner until campaigns dissipate, often due to their discovery by researchers.”
The Iranian hackers began slowly in 2007, with cyber pinpricks. A group calling itself the Iranian Cyber Army defaced dissident Twitter accounts in 2009 and, soon after, websites belonging to the Voice of America. But the attacks became more serious in 2011, after a hacker penetrated a Dutch security firm called DigiNotar, opening Gmail users in Iran to government surveillance, according to the Carnegie study.
Then came Iranian counterattacks, simple but destructive. After Iran’s oil industry was hit in April 2012 by malware, the Iranians launched an attack on the Saudi Aramco oil company, using a wiper virus known as “shamoon.”
In September 2012, a hacker group that called itself the Izz ad-Din al-Qassam Cyber Fighters began attacking U.S. banks and financial institutions with a primitive but destructive assault known as a “distributed denial of service,” which basically flooded targeted computers with so much traffic that their systems crashed.
The FBI concluded that from 2012 to 2013, the Iranian operation “locked hundreds of thousands of banking customers out of accounts for long periods of time and resulted in tens of millions of costs to remediate,” the Carnegie analysts explain.
Iran’s cyber capabilities suggest the Trump administration’s new anti-Tehran campaign may not be costless, even if open conflict is avoided. A website called The Cipher Brief headed that “Iran’s … Cyber Hackers Poised to Strike If Trump Shreds Nuke Deal.” A computer security firm called “FireEye” reported this month that a group of Iranian hackers, dubbed “APT34,” have developed a new backdoor cyber-surveillance technique.
Iran has an arsenal of cyber-stones, ready to throw. The U.S., meanwhile, lives in the world’s biggest glass house.
Source » mysanantonio