Crossroads Blog | Institute National Security and Counterterrorism

Cyber, Cyberwar, Iran, National Security

Iran’s Cyber Revenge

In 2010, the United States and Israel reportedly attacked Iran’s nuclear enrichment center using a computer worm that caused about 1,000 centrifuges to self-destruct.  From recent reports by cybersecurity firms Norse and Cylance*, it appears that Iranians have begun a cycle of cyber retaliation. Unlike nuclear technology, cyber tools provide Iran with a usable weapon with the added bonus of plausible deniability.

The New York Times examined the Norse and Cylance* reports, as well as information gathered from American intelligence officials, and detailed their findings in an article on Iran’s recent cyber developments.  According to the article, despite international sanctions, Iran has greatly increased the frequency and skill of its cyberattacks.

American intelligence officials are concerned about Iran’s cyber capabilities, but according to the article, the concern has nothing to do with sophistication.  While Iran’s cyber capabilities are not as advanced as Russia or China, their attacks are the most concerning because they are aimed more at destruction. The destructive cyber attacks are the category of attacks that could escalate into attacks on critical infrastructure.

Norse and Cylance* report the same thing: Iran’s cyber attacks are politically motivated with a focus on retaliation.  Iran is believed by many to have attacked American banks in retaliation for sanctions. Iran has also been identified as the source of the 2012 attack on Saudi Aramco, in which hackers wiped out data on 30,000 computers, replacing it with an image of a burning American flag.

However, the reports also indicate a move away from ostentatious attacks toward quieter reconnaissance.  As for the degree of escalation, the reports are mixed.  Cylance* reports that in the recent months (potentially due to the recent nuclear negotiation talks) there has been a notable drop in cyber activity.  On the other hand, Norse (“which says it maintains thousands of sensors across the Internet to collect intelligence on attackers’ methods”) detected more than 900 attacks, on average, every day in the first half of March, showing no signs of Iran slowing down.

There is also evidence in the reports supporting the fear that Iran will escalate cyber attacks by targeting critical infrastructure: From the NYTimes article:

In some cases, they appear to be probing for critical infrastructure systems that could provide opportunities for more dangerous and destructive attacks. . . . Cylance researchers, for example, noted that Iranian hackers were using tools to spy on and potentially shut down critical control systems and computer networks in the United States, as well as in Canada, Israel, Saudi Arabia, the United Arab Emirates and a handful of other countries. . . . Norse says it saw evidence that Iranian hackers probed the network of Telvent, a company now owned by Schneider Electric that designs software to allow energy companies and power grid operators to control their valves and switches from afar.

In 2010 the Stuxnet worm proved to be a cyber “win” for the United States, but just as in non-cyber warfare, winning the battle is not the same as winning the war.  To read the full New York Times article, click here.

For the full Norse report, click here: Norse: The Growing Cyber Threat from Iran

*It is unclear which Cylance report NYTimes is referring to, as they do not link any report to their article.  The most recent report concerning Iran is the Operation Cleaver report. The Crossroads Blog posted an in-depth discussion of this report, accessible here:  For the report itself, click here: Cylance – Operation Cleaver Report

 

Leave a Reply

Bitnami