The Growing Iranian Cyber Security Threat

The most underestimated weapon in Iran's arsenal.

When it comes to cyber security, much attention has been focused on Russia due to that nation’s recent cyber efforts to interfere with the 2016 general election. This includes the creation of bots to spread fake news as well as attempts to penetrate voter registration rolls. China too is active in this new realm of virtual warfare engaging in systematic efforts to steal Western technology. China’s J-20 and J-31 fifth generation jet fighters are said to be based on stealth technology stolen from the United States. China also hacked into U.S. Steel’s computers and stole trade secrets for advanced, high-strength steel and then incorporated that technology in its own manufacturing processes. Other bad actors include North Korea which, in 2014, infamously hacked Sony Pictures Entertainment and also engaged in attempts to digitally loot banking institutions including an unsuccessful effort to loot the Federal Reserve to the tune of $1 billion.

But when it comes to mischief-making, it’s a sure bet that the Islamic Republic is lurking and cyber terrorism is no exception. While Iran’s cyber hacking operatives have not reached the level of sophistication and capability of their Russian and Chinese partners in crime, they are very active in this new area of virtual warfare and are learning quickly.

Iran first connected to the internet in 1992, and by 2000, most Iranians were connected to the information superhighway in some form. Iranian cyber terrorists operating at the behest of the regime initially focused their activities internally; spying on dissidents and those deemed to be headaches for the regime but soon exported their mischief globally.

In 2009, Iranian hackers, calling themselves “Iranian Cyber Army” forced Twitter to shut down for several hours after the hackers defaced the site. Twitter had been used by Green Revolution activists to spread the word about Iran’s rigged 2009 elections.

In the summer of 2011, Iranian hackers struck again, this time targeting the prestigious Dutch certificate authority security company DigiNotar. The hack, which sent shudders through the world of cyber security, enabled Iranian cyber operatives to compromise the Gmail accounts of some 300,000 Iranian citizens. Iranian internal spy agencies were then able access the contents of those accounts. The embarrassing but audacious security breach forced DigiNotar into bankruptcy and dissolution.

Iranian hackers graduated from defacing Twitter and compromising Gmail accounts to destroying critical infrastructure. On the morning of August 15, 2012 at precisely 11:08, an Iranian virus known as Shamoon infected the corporate PCs of one of the world’s largest oil companies, the Saudi firm Aramco. August 15 was a religious holiday in Saudi Arabia so most employees stayed home. When they returned to work the following morning and switched on their PCs, they discovered that their data vanished, replaced by a burning American flag. The attack, which destroyed data on some 35,000 computers, was regarded by cyber security experts as among one of the most destructive of its kind.

The following month, Iranian hackers struck again launching a series of denial-of-service attacks directed at U.S. banks. DoS attacks flood a website with volumes of traffic until the site crashes. Customers of Bank of America, Citigroup, HSBC, Wells Fargo, and Capital One among others were not able to access their accounts online.

Iranian cyber-attacks tapered off in 2015 following the signing of the catastrophic Joint Comprehensive Plan of Action but have since resumed. In November 2016 and January 2017, Saudi agencies and companies became targets of Shamoon 2, a variant of the virus that wreaked havoc on Aramco’s computers in 2012.

Iran has become adept in using proxies to carry out its dirty work in Syria, Lebanon, Yemen and other regions throughout the Mideast. By doing so, Iran limits its own casualties and can also deny direct involvement by claiming that these proxies are indigenous movements fighting against U.S.-backed imperialism. This strategy extends to hostile Iranian cyber activities. Hackers directed by the Islamic Republic have become proficient at hiding their tracks. Often, they will leave red herring clues designed to deflect suspicion away from the Iranian government.

In addition to its rogue nuclear activities (which have not ceased despite the signing of the JCPOA), its advanced ICBM program, its use of proxies to spread misery throughout the Mideast, its narco-terror and money laundering schemes, the West now has to contend with growing Iranian cyber security menace.

While the Iranians are lightyears behind their American and Israeli counterparts in the fields of cyber warfare and cyber security, the menace posed by the Islamic Republic in this relatively new area of warfare cannot be overstated. The only way to stop this Iranian sponsored aggression is by remaining vigilant and by informing the mullahs in no uncertain terms that attacks of this nature will be met by responses that are manifestly more destructive in size and scope. Iran may be expert at killing women and children and suppressing internal dissent with ruthless efficiency but this is one theater of warfare where Iran is at a distinct disadvantage and will remain so for decades to come.