NCRI – The Iranian Regime is one of the leading cyber security threats to the United States, having conducted several highly damaging cyber-attacks so far, and experts believe it will only get worse.
Unlike many other US cyberspace adversaries, the Iranian Regime openly recruits hackers and supports their independent cyberattacks against enemies of the Regime. This includes not just enemy states but also dissidents, human rights activists, and journalists.
Their hackers became prominent in the mid-2000s for defacing tens of thousands of websites to show defences of the Iranian Regime but the Iranian Cyber Army (ICA)which launched a bit later is implicated in attacks against Twitter, Voice of America (after they supported Iran’s Green movement), and Iranian Resistance sites (prior to the 2013 Iranian elections).
The ICA operates on behalf of the militant Iranian Revolutionary Guard Corps (IRGC), which controls most of the Iranian economy and is only answerable to the Supreme Leader Ali Khamenei.
The IRGC runs a cyber warfare programme that employed about 2,400 professional hackers, as of 2008, and supports independent hacker groups such as Ashiyane and the ICA.
The attacks had gone beyond defacements and hijacking by 2012. Now Iran’s hackers destroyed data, introduced malware and shut down critical websites.
The hid behind their screennames- designed to distance themselves from the Regime by resembling other hackers who work for human rights- and sabotaged the Saudi Aramco oil company, Qatar’s RasGas, the Las Vegas Sands Corporation, several major US banks, the Bowman Avenue Dam in New York, and many others.
Why? The reasons for the attacks were either extracting a ransom, payback for perceived action against the Regime, or to cause panic.
There are also at least two groups that currently commit cyber espionage for the Iranian Regime. Named by cyber security research firm FireEye, Advanced Persistent Threat 33 targets the petrochemical, defence and aviation industries, while Advanced Persistent Threat 34 targets the financial, energy, telecom and chemical industries.
Worse still, the Reime may be getting help from foreign entities. Peter Hoekstra, former chair of the House’s Permanent Select Committee on Intelligence, said that he sees links to Russia in this rapid growth in Iran’s cyber-attacks. Matthew McInnis, a resident fellow at the American Enterprise Institute, also believes this.
Dorothy Denning, an Emeritus Distinguished Professor of Defense Analysis, wrote on Scientific American: “Iran may view cyber warfare as a means of overcoming its military disadvantage compared to the U.S. To that end, it will likely continue to improve its cyber capabilities. Containing Iran’s cyber warfare program would likely be even more challenging than containing its nuclear program. Computer code is easy to conceal, copy and distribute, making it extremely difficult to enforce controls placed on cyber weapons. That leaves cyber security and cyber deterrence as America’s best options for defending against the Iranian cyber threat.”