Has the US Already Declared a Cyber War on Iran?
Conventional battlefields have been replaced by cyber warfare and the U.S. has already conducted two cyber attacks on Iran in 2019.
The U.S. is believed to have launched at least two secretive cyber attacks on Iran in the last six months, the most recent came following two drone attacks on Saudi Arabian oil facilities on September 14. To the best of public knowledge, Iran has not conducted any cyber attacks on the U.S in recent months. But given the growing tensions between the two countries and their shared desire to avoid firing bullets, cyberspace could be emerging as the new alternative battlefield of choice.
Current US-Iran Situation
The ongoing U.S.-Iran tension was triggered by Washington’s withdrawal from the Iran Nuclear Deal, known as the Joint Comprehension Plan of Action (JCPOA). The U.S. under President Trump claimed the deal was not adequate in halting Iran’s nuclear ambitions despite repeated assurances by an international monitoring agency that Iran was in compliance with the deal. President Trump then also reimposed sanctions on Tehran after withdrawing from the JCPOA.
The rift escalated after Iran announced it would reduce its compliance to the JCPOA by enriching uranium exceeding the level allowed in the JCPOA. That announcement was followed by a series of attacks on oil tankers crossing the Strait of Hormuz which the U.S. blames on Iran despite a lack of evidence supporting the U.S. claims.
September US Cyber Attack on Iran
The September 14 cyber attack was reported by two unidentified American officials to Reuters who claimed the operation was aimed at crippling Iran’s ability to spread propaganda. The U.S. attack came in retaliation for the drone strikes on Saudi oil facilities which the U.S. believes Iran carried out despite Houthi rebels in Yemen claiming responsibility.
The American officials told Reuters the attack affected “physical hardware” without specifying more detail.
The Pentagon refused to comment on the Reuters report, stating, “As a matter of policy and for operational security, we do not discuss cyberspace operations, intelligence, or planning.”
Iran also denied the Reuters report with Iran’s Minister of Communications and Information Technology Mohammad Javad Azari-Jahromi telling Reuters: “They must have dreamt it.”
It’s possible but unknown whether Washington has carried out any other cyber attacks on Iran since the end of September. However, one thing is clear, the September attack on Iran was not a first and suggests cyber warfare may be increasingly favored by U.S. administrations intent on avoiding actual military confrontations.
June US Cyber Attack on Iran
The U.S. Army conducted a previous cyber attack targeting Tehran last June as retaliation following U.S. allegations that Iran shot down American surveillance drones in international airspace, but which Iran claims were in Iranian airspace.
According to The Washington Post, President Trump himself ordered the U.S. Cyber Command to carry out the Iran cyber attack following the drone shooting and recent attacks on oil tankers. The order for the attack reportedly came the same day that Trump called off airstrikes targeting Iran. The attack hit computers used to control the launching of rockets and missiles, but no casualties were reported, according to The Post.
U.S. officials claimed the June cyber attack hit a “critical database used by Iran’s paramilitary arm to plot attacks against oil tankers and degraded Tehran’s ability to covertly target shipping traffic in the Persian Gulf,” as the N.Y. Times reported. Officials also brandished the attacks a widespread success, claiming the attacks crippled Iran for months.
The Obama administration also reportedly favored cyber attacks. In 2016, a documentary called Zero Days alleged the Obama administration spent millions developing a cyber operation known as Nitro Zeus to be used as a contingency plan if negotiations with Iran never came to fruition. The operation was never launched due to the successful signing of the JCPOA.
The Story of Stuxnet
Despite U.S. concern about an Iranian cyber threat, it is Iran that is more vulnerable to such cyber attacks and was on the receiving end of perhaps the most damaging industrial cyber attack of all time – Stuxnet.
Though neither has openly admitted it, the U.S. and Israel are believed to have jointly developed the malware Stuxnet, a powerful computer virus that paralyzed Iran’s nuclear program in 2010.
A 2012 report by the N.Y. Times said Stuxnet was a cyber threat effort started under the George W. Bush administration and continued by Barack Obama known among intelligence officials by the code name “Operation Olympic Games.”
The attack severely damaged Iran’s nuclear enrichment program by damaging an estimated 1,000 of the 5,000 centrifuges used for uranium enrichment at Iran’s Natanz facility. The N.Y. Times described the attack as “America’s first sustained use of cyberweapons.”
While Stuxnet was initially used to target Iran’s nuclear facility in Natanz, the malware accidentally escaped and spread throughout the global web. Stuxnet’s legacy, however, is the escalation of cyber war, achieving results previously only obtained through conventional warfare.
“It appears to be the first time the United States has repeatedly used cyberweapons to cripple another country’s infrastructure, achieving with computer code what, until then, could be accomplished only by bombing a country or sending in agents to plant explosives,” the Times reported.
Flame, Stuxnet Part 2
Following Stuxnet was another cyber attack on Iran named Flame, discovered in 2012 but possibly developed around the same time as Stuxnet. The Russian anti-virus firm Kaspersky Lab told Wired that Flame “dwarfed” Stuxnet in size and complexity. but that its similarity to Stuxnet suggested it was likely developed by a nation-state and perhaps by the same group that developed Stuxnet.
According to Wired, Flame was able to turn on a computer’s microphone and record audio, take frequent screenshots of a computer’s activity and send them to an unknown recipient, as well as act as a Bluetooth beacon and scan for Bluetooth devices to grab contact information from.
Though the U.S. has not admitted to developing Flame, the Washington Post wrote in 2012 that the U.S. and Israel were responsible for the development and deployment of Flame on Iranian targets as part of the original Operation Olympic Games.
Can Iran Retaliate Against the US in a Cyber War?
It’s unclear how sophisticated Iranian cyber capability is and how serious of a cyber threat Iran can pose. However, the Stuxnet attack is credited with accelerating Iran’s cyber capability and providing Iran with many valuable lessons to help develop its cyber warfare technology.
A June 2019 assessment of Iran’s cyber capabilities by the Center for Strategic & International Studies (CSIS) described Iran as having “rapidly improved its cyber capabilities” though “it is still not in the top rank of cyber powers.”
“Three military organizations play leading roles in cyber operations: the Iranian Revolutionary Guard Corps (IRGC), the Basij, and Iran’s ‘Passive Defense Organization (NPDO).’ The IRGC is the perpetrator behind a series of incidents aimed at American targets, Israeli critical infrastructure, Saudi Arabia, and other Gulf States. The Basij, a civilian paramilitary organization controlled by the IGRC, manages what Basij leaders say are 120,000 cyberwar volunteers. The number is probably exaggerated, but the Basij uses its connections with universities and religious schools to recruit a proxy hacker force,” the CSIS report detailed.
While the CSIS report admits Iran’s cyber sophistication is far from the U.S.’ it warns that poorly defended U.S. targets are vulnerable:
“Iran has probed U.S. critical infrastructure for targeting purposes. How successful an attack would be is another matter. The kind of massive denial of service attacks Iran used against major banks in 2011-2013 would be less effective today given improved defenses. The most sophisticated kinds of cyberattack (such as Stuxnet or the Russian actions in the Ukraine) are still beyond Iranian capabilities, but poorly defended targets in the United States (of which there are many) are vulnerable—smaller banks or local power companies, for example, or poorly secured pipeline control systems. What stops Iranian action is not a shortage of targets but rather questions about the utility of such attacks.”
In addition to the 2011-2013 Iranian attack on the U.S. financial industry, Iran reportedly launched a successful malware attack on Saudi Aramco in 2012 and attempted to gain remote access to gate controls of a New York dam in 2013.
Last May, the Cybersecurity and Infrastructure Security Agency, a federal agency tasked to protect the U.S. from cyber threats, claimed that Iran is likely to carry out digital attacks on the U.S. using destructive malware.
“Iranian regime actors and proxies are increasingly using destructive ‘wiper’ attacks, looking to do much more than steal data and money. These efforts are often enabled through common tactics like spear phishing, password spraying, and credential stuffing. What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network,” CISA said in a statement.
However as the CSIS report stated, “Iran’s development of cyber power is a reaction to its vulnerabilities. Iran is the regular target of foreign cyber espionage.”
Iran, most likely, does not want a cyber war with the U.S. knowing it is outmatched, but Iran may already be trapped in just that.
If one believes the CSIS report, “What Iran’s leaders fear most, however, is their own population and the risk that the internet will unleash something like the Arab Spring.”
Yet, as IRGC Deputy Commander Hossein Salami said in May of 2019, Iran is already caught “in an atmosphere of a full-blown intelligence war with the US and the front of enemies of the Revolution and the Islamic system . . . This atmosphere is a combination of psychological warfare and cyber operation, military provocations, public diplomacy, and intimidation tactics.”