Tech

Irans retaliation could be hacking, not bombs

Iranian hackers in recent years have wiped the computer servers of Saudi Arabias state-owned oil company, crippled a Las Vegas casino, breached the networks of dozens of U.S. banks and been accused of trying to meddle in the 2020 presidential election.

Now Irans history of aggressive cyberattacks offers Tehran one potential avenue for striking back at the West for the U.S. killing of Maj. Gen. Qassem Soleimani, whose death prompted Supreme Leader Ayatollah Ali Khamenei to vow “harsh retaliation.”

The U.S. certainly has its own potent cyber weapons, which it most famously deployed by using a computer virus to wreck key parts of Irans nuclear program during the Obama administration. But a series of escalating digital salvos between the U.S. and Iran could inflict damage on a range of third parties, including American allies such as Saudi Arabia and critical resources such as the electric grid, cyber researchers said Friday.

“Iran has to do something,” one former U.S. intelligence official told POLITICO on Friday. The question: Would the Iranians go so far as to launch an obvious cyberattack on U.S. soil — running the risk that the United States might retaliate with bombs or drones?

A history of aggression

Tehran is widely considered to be one of the worlds most malicious online actors — alongside China, Russia and North Korea — and has a lengthy rap sheet of transgressions with an increasingly sophisticated arsenal of digital weapons.

One of its specialties is so-called wiper attacks, in which malicious software erases the hard drives of infected computers. Those include a massive 2012 hack on the Saudi Arabian oil company Saudi Aramco that is reported to have debilitated an estimated 30,000 computers.

In 2016, the U.S. brought indictments against seven Iranians on charges they had infiltrated the computers of dozens of American banks and attempted to take control of a small dam in a New York suburb. The defendants regularly worked for Irans Islamic Revolutionary Guards Corps, according to the Justice Department, which said the attacks disabled some of the banks computers by bombarding them with traffic from thousands of machines around the globe.

Iranian hackers were also held responsible for a cyberattack on GOP megadonor Sheldon Adelsons Las Vegas Sands Corp. in 2014. The assault temporarily crippled the casino and replaced the companys websites with a photograph of Adelson with Israeli Prime Minister Benjamin Netanyahu.

Iran “uses cyberspace operations as a tool of statecraft and internal security, and it continues to improve its capabilities,” the Defense Intelligence Agency warned in November in an examination of Tehrans military goals and intentions, including in cyberspace. The agency added that while Tehran “often masks its cyberoperations using proxies to maintain plausible deniability,” clear evidence often links the attacks “to Irans security apparatus.”

| Chip Somodevilla/Getty Images

A growing chorus of warnings

Those conclusions were just part of what has become a steady drumbeat in recent months by the government and private cybersecurity firms that Iran was becoming more aggressive online.

In October, Microsoft announced that hackers linked to the Iranian government have targeted the campaign of at least one 2020 White House contender, which Reuters reported was President Donald Trump. The technology giant also witnessed “significant” digital activity by the group against current and former U.S. government officials, journalists covering global politics and prominent Iranians living outside of Iran.

And last month, a Microsoft researcher presented evidence that an Iranian hacker group has narrowed its choice of infiltration targets to those linked to industrial control systems, the computers that operate facilities such as power plants and factories.

The warnings have experts predicting that Iran will once more turn to its army of hackers to retaliate for losing an elite commander like Soleimani.

“Given the gravity of the operation last evening we are anticipating an elevated threat from Iranian cyber actors,” John Hultquist, director of intelligence analysis at the security firm FireEye, said in a statement.

“We will probably see an uptick in espionage, primarily focused on government systems, as Iranian actors seek to gather intelligence and better understand the dynamic geopolitical environment,” he added. “We also anticipate disruptive and destructive cyberattacks against the private sector.”

According to a former U.S. intelligence official, the Saudis especially have reason for nervousness.

That doesnt mean that the Iranians could turn out the lights in New York City tomorrow.

Robert Lee, a former Air Force cyber operator and the CEO of security firm Dragos, told POLITICO he is “not worried about electric grid outages or safety related attacks at oil refineries and similar locations” in the United States. But Lee, whose company works with utilities, said the Iranians have shown skill at being “as disruptive as possible, deleting systems and trying to deny control to folks and access,” leading to temporary shutdowns of non-safety-related computer systems.

Lee said industry and federal security leaders were urging power companies on Friday to practice heightened vigilance about potential cyber vulnerabilities, including remote-access tools that “could already be compromised.”

US President Donald Trump and Crown Prince Mohammed bin Salman of the Kingdom of SaudRead More – Source