Do Not Underestimate Iran’s Cyber Threat
Iran is a cyber superpower and has been focusing its cyber effort over recent years to strengthen its position and with help from a few other states and form hundreds of volunteer hackers it is making considerable progress, based on the proposition that future conflicts will require advanced cyber capabilities.
The effort to assert regional dominance via the developmnet of nuclear weapons has benn stifled by a mixture of sabotage and international sanctions prevented these goals from materialising.
The regime has been developing its own cyber security software and Internet architecture in order to protect and insulate its networks, and it has been developing technological cyber expertise as a form of asymmetric warfare against superior conventional military forces in Israel.
The first steps came following the 2009 civil unrest in Iran, after which it was decided to set up a police cyber department. Its official role, like in most countries, was to act against crimes and fraud taking place online, but in truth their hackers actually focused on collecting information from Internet providers on those suspected to be opposed to the regime. The budget of the cyber department was estimated at around $80 million a year around a decade ago, but has likely multiplied several times since.
The experts that belong to the police cyber department are also thought to be the ones responsible for Iran's attacks against Israel, the US and Saudi Arabia over recent years. These attacks usually took place under different aliases in order to cover up the direct connection to the Ianian authorities.
- One example of this is the so-called Mabna Institute, charged by the US in 2018 with conducting a massive cyber theft campaign on behalf of the Islamic Revolutionary Guard, penetrating systems belonging to hundreds of universities, companies and other victims to steal research, academic and proprietary data, and intellectual property.
- The Basij, a paramilitary volunteer militia that answers to the Iranian Revolutionary Guard focuses on activity within Iran, including removing websites and content published by ant-regime activists.
- The National Passive Defense Organisation role is to minimise the damage the country's infrastructure would suffer in case of a war or a massive attack on Iran.
- Iranian experts have also been training a new generation of hackers in recent years belonging to organisations like Hamas, Hezbollah and militias loyal to the Assad regime in Syria.
In 2010 a computer worm known as Stuxnet was discovered by cyber security researchers to have infiltrated the computers that controlled nuclear centrifuges in Iran, causing physical damage and preventing operation. The Stuxnet worm was reported to have been a joint effort between the governments of the United States and Israel. Following the discovery of the Stuxnet malware, US assets experienced an increase in the severity and duration of cyber-attacks originating in Iran.
To date Iran are using the cyber-attacks largely in response to American actions rather than initiating them and that was the case following the killing of Qasem Soleimani, commander of the Revolutionary Guards' Quds Force, after which it was reported that attempts to infiltrate computer systems of US power plants were prevented.
The US Cybersecurity and Infrastructure Security Agency (CISA) has also warned that Iran has continuously improved its offensive cyber capabilities, going beyond DDoS and website defacement and that its hackers have demonstrated a willingness to go further with wiper malware and cyber-enabled physical attacks.
f-secure: CTech: US Congress: ZDNet:
You Might Also Read: