As it weighs further response to the assassination of General Qasem Soleimani, Iran is almost certain to consider the use of cyber attacks. We talk with Levi Gundert at the firm Recorded Future about what cyber “payback” from Tehran might look like.
When missiles from Iran landed near U.S. military bases in Iraq, the world assumed that it was an escalation of tensions between Iran and the U.S. in response to the January 3rd U.S drone assassination of General Qasem Soleimani, a high-ranking member of the Iranian government and the architect of the country’s Middle East policy.
But fears of a shooting war between the U.S. and Iran have eased in the days following the Iranian missile launch, which caused no U.S. casualties and little damage and which were followed by mollifying comments from both the Iranian and U.S. leadership.
Disaster averted? Not so fast.
Disaster averted? Not so fast, say Middle East experts. “Killing Soleimani crossed a significant threshold in the US-Iran conflict,” Kiersten Todt, managing director of the Cyber Readiness Institute told CNN. “Iranians will certainly try to retaliate — definitely in the region and they will also look at options in our homeland. Of the options available to them, cyber is most compelling.”
With Iran’s kinetic response mostly symbolic, speculation is now focused on the cyber theater, where Iran’s government has used hacking to advance both domestic and geopolitical objectives before. In recent memory, for example, the country tapped the Chafer hacking group to target aviation repair and maintenance firms in 2018 in an apparent effort to obtain information needed to shore up the safety of that country’s fleet of domestic aircraft, according to research by the firm Symantec.
Those concerns prompted the U.S. Department of Homeland Security to issue a warning to private sector firms to prepare for the worst. But what might “the worst” look like?
A well-developed Offensive Cyber Program
Iran has a well-developed offensive cyber program and has been linked to attacks against public and private interests in Saudi Arabia, the United States and Europe, according to experts. The country already has successfully executed several known major cyber attacks against the United States, with two notable ones occurring in 2012 and 2014. The first targeted banks and crippled a number of online banking sites before they recovered. The second added critical infrastructure to Iran’s target in addition to dozens of banks, compromising the Bowman Avenue Dam in Rye, New York, and costing the banks millions of dollars in lost business. Seven Iranians were ultimately charged for those attacks.
Cyber attacks allow Iran to project power far beyond its borders and offer plausible deniability in a way that kinetic attacks cannot, experts agree. Still, the exact form that Iran’s cyber attacks may take isn’t known. While the country has a well developed offensive cyber operation, it has been less successful in penetrating deep into government organizations or critical infrastructure outside of its main rival: Saudi Arabia, a Carnegie Endowment report notes.
A Regime known for its Patience
As our guest this week point’s out, however, the Iranian regime is nothing if not methodical. If the country’s next move – or moves – play out online, they may not take place for days, weeks or even months.
Levi Gundert is the Senior Vice President of Global Intelligence at the cyber threat intelligence firm Recorded Future. In this interview, Gundert notes that Iran has a well developed offensive cyber capability – and a record of acting methodically and forcefully against both civilian and government targets. In this conversation, Levi and I talk about what distinguishes Iranian cyber actions from those of other nation states and how the nation might respond to U.S. aggression online.
As always, you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloud, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted.