Iran's cyberwarriors are back in action. Late last fall, The New York Times reported that Iranian hackers had carried out an extensive hack on U.S. State Department employees. Among the victims were U.S. diplomats working on the Middle East and on Iran specifically, who had their email compromised and their social media accounts infiltrated. The hack was the latest in what U.S. officials say are increasingly aggressive attempts to glean information about U.S. policies toward Iran in the wake of this summer's P5+1 nuclear deal.
Iranian cyberwarfare is not new, of course. The past several years saw numerous and increasingly capable Iranian cyberattacks on Western and allied interests. Such strikes have receded in severity, frequency, and prominence as Iranian nuclear diplomacy has accelerated, culminating with the nuclear deal concluded in Vienna in July. Yet behind the scenes, Tehran has been quietly investing in the strength and capabilities of its cyber army.
A HISTORY OF HACKING
In the summer of 2012, Saudi Arabia's state oil giant, ARAMCO, was hit by the Shamoon virus, which infected three-quarters of the firm's computers. The attack was traced back to Iran. Between September of 2012 and January of 2013, an array of U.S. financial institutions (including Citigroup, Bank of America, and JP Morgan Chase) likewise experienced a series of distributed denial-of-service (DDoS) attacksthat disrupted their websites' functionality. Washington linked the DDoS attacks to the Iranian government, due to their sophistication.
Similarly, hackers, presumed to be Iranian, hit the U.S. Navy's unclassified computer network in October 2013, through which they accessed the service's broader network and potentially compromised email and other secure communications. Then, in February 2014, the Sands Corporation, owned by gambling magnate and pro-Israel philanthropist Sheldon Adelson, experienced a computer attack that temporarily crippled its systems. Last year, Director of National Intelligence James Clapper told the Senate Armed Services Committee that the U.S. intelligence community had determined the hack had been carried out by Iran. The attack disrupted email communication and phone systems, and it created havoc on daily operations at the Sands casino and elsewhere, in what observers suggest was punishment against Adelson for his political contributions. (Adelson is a prominent supporter of Israeli Prime Minister Benjamin Netanyahu, as well as a backer of various Republican political hopefuls.)
Three months later, cyberintelligence firm iSight Partners uncovered a complex Iranian phishing scheme, dubbed Newscaster, which was designed to compromise prominent political individuals, such as former U.S. ambassador. to the U.N. (and longtime Iran hawk) John Bolton, of interest to the Tehran through social media. That same spring, the Iranian hacking group Ajax Security Team targeted U.S. defense firms with malicious software in order to gain access to their computers. Throughout, Iranian hackers are known to have extensively mapped U.S. infrastructure, including the power grid, trains, and airline networks, and refineries, in what cyber experts fear could be a hostile contingency scenario in the event of a conflict with America.
A NEW CYBER MANDATE
Such incidents may have receded from the headlines of late. Over the past year and a half or so, experts have noted a marked decrease in Iranian hacking—a development that tracks closely with Iran's attempts to conclude an agreement with the West over its nuclear program. But now, in the wake of this summer's deal, the Islamic Republic is ramping up its offensive cyber capabilities, for both political and strategic reasons.
Domestically, Iran's hard-liners are eager to assert their primacy in national affairs following the nuclear agreement. At home, this has led to deepening domestic repression, including a spate of public executions and increasingly pervasive regime censorship. Abroad, meanwhile, Iranian regime adventurism is growing, manifested in expanded involvement in both Yemen and Syria and a more aggressive profile in the Persian Gulf. Military provocations have increased, too. In October and December, Iran conducted very public ballistic missile tests in violation of existing U.N. Security Council resolutions. Most recently, it has disclosed the details of a new, and previously unknown, ballistic missile base in a not-so-subtle show of its strategic capabilities.
Stepped-up cyberactivities are part and parcel of this redoubled activism. Indeed, Iranian leaders have made an expansion of their country's cyber capabilities a top regime priority. Last spring, in the midst of his government's ongoing negotiations with the West, no less senior an official than Supreme Leader Ali Khamenei publicly called on Iranian youth to prepare for "cyber-war" with the West. Now, with the country's nuclear program (at least) temporarily constrained, such a mobilization has become more urgent than ever.
Nevertheless, the cyberthreat from Iran is still nascent. U.S. intelligence officials say that, at least for the moment, the Iran's cyber capabilities are less sophisticated than Russia and China. But, as the recent targeting of State Department personnel suggests, the country's skills are growing. Moreover, with an anticipated $100 billion or more in economic relief due to be rendered to Iranian regime shortly, pursuant to the nuclear deal, the resources available to the Islamic Republic to invest in its cyber capabilities are poised to expand greatly.
Given the emphasis that Iranian leaders place on the exploitation of cyberspace, this confluence of political priorities and anticipated capital suggests that Iran is on track to become an increasingly formidable cyberpower in the not-too-distant future. In the process, Iranian cyberwarfare will become an increasingly grave challenge to the United States. Policymakers in Washington should be planning accordingly.