Published on October 27th, 2019 📆 | 6232 Views ⚑
0Has the US Already Declared a Cyber War on Iran?
Conventional battlefields have been replaced by cyber warfare and the U.S. has already conducted two cyber attacks on Iran in 2019.
The U.S. is believed to have launched at least two secretive cyber attacks on Iran in the last six months, the most recent came following two drone attacks on Saudi Arabian oil facilities on September 14. To the best of public knowledge, Iran has not conducted any cyber attacks on the U.S in recent months. But given the growing tensions between the two countries and their shared desire to avoid firing bullets, cyberspace could be emerging as the new alternative battlefield of choice.
Current US-Iran Situation
The ongoing U.S.-Iran tension was triggered by Washingtonâs withdrawal from the Iran Nuclear Deal, known as the Joint Comprehension Plan of Action (JCPOA). The U.S. under President Trump claimed the deal was not adequate in halting Iranâs nuclear ambitions despite repeated assurances by an international monitoring agency that Iran was in compliance with the deal. President Trump then also reimposed sanctions on Tehran after withdrawing from the JCPOA.
The rift escalated after Iran announced it would reduce its compliance to the JCPOA by enriching uranium exceeding the level allowed in the JCPOA. That announcement was followed by a series of attacks on oil tankers crossing the Strait of Hormuz which the U.S. blames on Iran despite a lack of evidence supporting the U.S. claims.
September US Cyber Attack on Iran
The September 14 cyber attack was reported by two unidentified American officials to Reuters who claimed the operation was aimed at crippling Iranâs ability to spread propaganda. The U.S. attack came in retaliation for the drone strikes on Saudi oil facilities which the U.S. believes Iran carried out despite Houthi rebels in Yemen claiming responsibility.Â
The American officials told Reuters the attack affected âphysical hardwareâ without specifying more detail.
The Pentagon refused to comment on the Reuters report, stating, âAs a matter of policy and for operational security, we do not discuss cyberspace operations, intelligence, or planning.â
Iran also denied the Reuters report with Iranâs Minister of Communications and Information Technology Mohammad Javad Azari-Jahromi telling Reuters: âThey must have dreamt it.â
Itâs possible but unknown whether Washington has carried out any other cyber attacks on Iran since the end of September. However, one thing is clear, the September attack on Iran was not a first and suggests cyber warfare may be increasingly favored by U.S. administrations intent on avoiding actual military confrontations.
June US Cyber Attack on Iran
The U.S. Army conducted a previous cyber attack targeting Tehran last June as retaliation following U.S. allegations that Iran shot down American surveillance drones in international airspace, but which Iran claims were in Iranian airspace.
According to The Washington Post, President Trump himself ordered the U.S. Cyber Command to carry out the Iran cyber attack following the drone shooting and recent attacks on oil tankers. The order for the attack reportedly came the same day that Trump called off airstrikes targeting Iran. The attack hit computers used to control the launching of rockets and missiles, but no casualties were reported, according to The Post.
U.S. officials claimed the June cyber attack hit a âcritical database used by Iranâs paramilitary arm to plot attacks against oil tankers and degraded Tehranâs ability to covertly target shipping traffic in the Persian Gulf,â as the N.Y. Times reported. Officials also brandished the attacks a widespread success, claiming the attacks crippled Iran for months.
The Obama administration also reportedly favored cyber attacks. In 2016, a documentary called Zero Days alleged the Obama administration spent millions developing a cyber operation known as Nitro Zeus to be used as a contingency plan if negotiations with Iran never came to fruition. The operation was never launched due to the successful signing of the JCPOA.
The Story of Stuxnet
Despite U.S. concern about an Iranian cyber threat, it is Iran that is more vulnerable to such cyber attacks and was on the receiving end of perhaps the most damaging industrial cyber attack of all time â Stuxnet.Â
Though neither has openly admitted it, the U.S. and Israel are believed to have jointly developed the malware Stuxnet, a powerful computer virus that paralyzed Iranâs nuclear program in 2010.Â
A 2012 report by the N.Y. Times said Stuxnet was a cyber threat effort started under the George W. Bush administration and continued by Barack Obama known among intelligence officials by the code name âOperation Olympic Games.â
The attack severely damaged Iranâs nuclear enrichment program by damaging an estimated 1,000 of the 5,000 centrifuges used for uranium enrichment at Iranâs Natanz facility. The N.Y. Times described the attack as âAmericaâs first sustained use of cyberweapons.â
While Stuxnet was initially used to target Iranâs nuclear facility in Natanz, the malware accidentally escaped and spread throughout the global web. Stuxnetâs legacy, however, is the escalation of cyber war, achieving results previously only obtained through conventional warfare.
âIt appears to be the first time the United States has repeatedly used cyberweapons to cripple another countryâs infrastructure, achieving with computer code what, until then, could be accomplished only by bombing a country or sending in agents to plant explosives,â the Times reported.
Flame, Stuxnet Part 2
Following Stuxnet was another cyber attack on Iran named Flame, discovered in 2012 but possibly developed around the same time as Stuxnet. The Russian anti-virus firm Kaspersky Lab told Wired that Flame âdwarfedâ Stuxnet in size and complexity. but that its similarity to Stuxnet suggested it was likely developed by a nation-state and perhaps by the same group that developed Stuxnet.Â
According to Wired, Flame was able to turn on a computerâs microphone and record audio, take frequent screenshots of a computerâs activity and send them to an unknown recipient, as well as act as a Bluetooth beacon and scan for Bluetooth devices to grab contact information from.
Though the U.S. has not admitted to developing Flame, the Washington Post wrote in 2012 that the U.S. and Israel were responsible for the development and deployment of Flame on Iranian targets as part of the original Operation Olympic Games.
Can Iran Retaliate Against the US in a Cyber War?
Itâs unclear how sophisticated Iranian cyber capability is and how serious of a cyber threat Iran can pose. However, the Stuxnet attack is credited with accelerating Iranâs cyber capability and providing Iran with many valuable lessons to help develop its cyber warfare technology.
A June 2019 assessment of Iranâs cyber capabilities by the Center for Strategic & International Studies (CSIS) described Iran as having ârapidly improved its cyber capabilitiesâ though âit is still not in the top rank of cyber powers.â
âThree military organizations play leading roles in cyber operations: the Iranian Revolutionary Guard Corps (IRGC), the Basij, and Iranâs âPassive Defense Organization (NPDO).â The IRGC is the perpetrator behind a series of incidents aimed at American targets, Israeli critical infrastructure, Saudi Arabia, and other Gulf States. The Basij, a civilian paramilitary organization controlled by the IGRC, manages what Basij leaders say are 120,000 cyberwar volunteers. The number is probably exaggerated, but the Basij uses its connections with universities and religious schools to recruit a proxy hacker force,â the CSIS report detailed.
While the CSIS report admits Iranâs cyber sophistication is far from the U.S.â it warns that poorly defended U.S. targets are vulnerable:
âIran has probed U.S. critical infrastructure for targeting purposes. How successful an attack would be is another matter. The kind of massive denial of service attacks Iran used against major banks in 2011-2013 would be less effective today given improved defenses. The most sophisticated kinds of cyberattack (such as Stuxnet or the Russian actions in the Ukraine) are still beyond Iranian capabilities, but poorly defended targets in the United States (of which there are many) are vulnerableâsmaller banks or local power companies, for example, or poorly secured pipeline control systems. What stops Iranian action is not a shortage of targets but rather questions about the utility of such attacks.â
In addition to the 2011-2013 Iranian attack on the U.S. financial industry, Iran reportedly launched a successful malware attack on Saudi Aramco in 2012 and attempted to gain remote access to gate controls of a New York dam in 2013.
Last May, the Cybersecurity and Infrastructure Security Agency, a federal agency tasked to protect the U.S. from cyber threats, claimed that Iran is likely to carry out digital attacks on the U.S. using destructive malware.
âIranian regime actors and proxies are increasingly using destructive âwiperâ attacks, looking to do much more than steal data and money. These efforts are often enabled through common tactics like spear phishing, password spraying, and credential stuffing. What might start as an account compromise, where you think you might just lose data, can quickly become a situation where youâve lost your whole network,â CISA said in a statement.
However as the CSIS report stated, âIranâs development of cyber power is a reaction to its vulnerabilities. Iran is the regular target of foreign cyber espionage.â
Iran, most likely, does not want a cyber war with the U.S. knowing it is outmatched, but Iran may already be trapped in just that.
If one believes the CSIS report, âWhat Iranâs leaders fear most, however, is their own population and the risk that the internet will unleash something like the Arab Spring.â
Yet, as IRGC Deputy Commander Hossein Salami said in May of 2019, Iran is already caught âin an atmosphere of a full-blown intelligence war with the US and the front of enemies of the Revolution and the Islamic system . . . This atmosphere is a combination of psychological warfare and cyber operation, military provocations, public diplomacy, and intimidation tactics.â
Gloss