Science

Here's how Iran could seek revenge with cyberattacks on the U.S.

As the U.S. braces for blowback following its killing of a key Iranian commander, experts are warning of the possibility of cyberattacks targeting American institutions. Tehran and its proxies are thought to possess some of the most highly-developed cyber arsenals in the world.

Experts warn Tehran's 'harsh retaliation' may hit computer networks and affect Americans' everyday lives

A woman shows a photo of the late Iranian Maj.-Gen. Qassem Soleimani during a protest in front of the UN office in Tehran. (Nazanin Tabatabaee/Wana/Reuters)

As the U.S. braces for blowback following its killing of a key Iranian military commander, experts are warning of the possibility of cyberattacks targeting American institutions.

Tehran and its proxies are thought to possess some of the most highly developed cyber arsenals in the world — major tools in modern, asymmetrical warfare, where countries and non-state actors fight ruleless, virtual battles with real-world repercussions.

Cyberattacks, combined with violence aimed at U.S. targets, could form the "harsh retaliation" promised by Iran's supreme leader following the death of Maj.-Gen. Qassem Soleimani in a drone strike in Iraq.

A top U.S. cybersecurity official was among the first to sound the alarm about the threat to Americans.

Christopher Krebs, director of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), advised late Thursday that it's "time to brush up" on Iran's tactics.

He shared a Homeland Security statement first posted last June, warning that Iran and its proxies had stepped up cyberattacks on U.S. targets, and that they're "looking to do much more than just steal data and money."

Iranian cyberattacks, Krebs wrote, "can quickly become a situation where you've lost your whole network."

In an interview with Fox News on Friday, Secretary of State Mike Pompeo added that the U.S. is prepared for any possible retaliation, including a cyberattack.

Iran has shown it can indeed do damage, as well as disrupt the everyday lives of Americans.

Iranian demonstrators chant slogans during a protest against the deaths of Soleimani, who was head of Iran's elite Quds Force, and Iraqi militia commander Abu Mahdi al-Muhandis. The men were killed in an airstrike at Baghdad airport on Thursday. (Nazanin Tabatabaee/WANA/Reuters)

Previous attacks

Tehran was linked to a string of so-called "denial of service" (DoS) attacks in 2012, which overwhelmed, then slowed or crashed banking sites belonging to the Bank of America, JPMorgan Chase and others.

The Obama administration also blamed Iran for a 2014 cyberattack targeting a Las Vegas casino operator, reportedly destroying the company's data, disrupting email systems and even taking down phone lines.

Iran has also been known to target its own citizens, and several other countries, too.

Suspicion fell on Iran in 2017, when a cyberattack left dozens of British MPs — including then-Prime Minister Theresa May — unable to access their email.

Tehran has boasted about having a staggering 120,000 volunteers trained in cyber warfare, although foreign experts dispute the figure.

Iranians work in an internet cafe in central Tehran in this January 2011 file photo. Iranian authorities cracked down on internet access following the 2009 Green Movement protests. (Vahid Salemi/The Associated Press)

Jim Lewis, a researcher at the Washington-based Center for Strategic and International Studies, acknowledges that "Iran has improved significantly in the past 10 years" when it comes to mounting cyber offence.

"They put a lot of money into it, they're well organized and they get a lot of practice, because they're always attacking their neighbours," Lewis said.

Indeed, Maj.-Gen. Nadav Padan, the Israeli military general in charge of network security, said in 2017 its regional rival was regularly targeting Israel — and that Tehran was getting help from proxies such as the Lebanon-based Hezbollah.

Building up capabilities for years

Experts point to two key moments that spurred Iran to bolster its cyber capabilities.

Watch: Iran and the threat of a cyberattack on The Weekly with Wendy Mesley

Iran and the threat of a cyberattack | The Weekly with Wendy Mesley

5 years ago
Duration 10:36
Iran is threatening “harsh retaliation” after the U.S. killed its most powerful general, Qassem Soleimani. Secretary of State Mike Pompeo says the U.S. is prepared for any possible retaliation, including a cyberattack.

The first, known as the Green Movement, saw Iranians attempt to oust President Mahmoud Ahmadinejad in a popular uprising in 2009. It led authorities to clamp down on internet access and seek tighter control on its citizens' use of social media.

Then, around 2010, the Islamic republic suffered a massive cyberattack targeting its nuclear machinery, damaging facilities and setting back Iran's entire program. Known as Stuxnet, no country ever admitted to deploying the computer worm, but the U.S. and Israel are widely believed to have been behind it.

Stuxnet, a computer worm, greatly affected Iran's nuclear program in 2010. The U.S. and Israel are widely thought to have been responsible. (Vahid Salemi/The Associated Press)

Mahsa Alimardani, a researcher at the U.K.-based Oxford Internet Institute, suggested Iran's capabilities may be "overstated" and are certainly outmatched by the likes of the U.S., Britain and Israel.

She points to May 2018, when rumours were rampant that a surge of Iranian cyberattacks were imminent following the Trump administration's withdrawal from the international agreement limiting Tehran's uranium enrichment capabilities.

No major attack was reported.

"I really don't think they have a chance against U.S. capabilities," Alimardani said in a telephone interview.

Possible targets

Digital security experts say smaller attacks targeting American companies, such as regional banks or energy providers, may be more likely. While proving disruptive to Americans at home, the strategy may have a better chance of succeeding than to mount cyberstrikes on the U.S. government or large corporations who have built firewalls and other defences.

Tom Robertson, who manages Toronto-based risk consultancy 3i Partners, said such smaller attacks would give Iranian authorities "more bang for their buck."

Disrupting American farmers' access to credit through an attack on a midwestern bank, for instance, would "really wreak havoc in the hearts and minds of the American population," he said.

Robertson said while an attack on computer networks north of the American border is unlikely, it's possible a Canadian company with U.S. operations could get swept up in the conflict.

There's also no guarantee U.S. authorities would give credit to Iran if ever a cyberattack did damage.

Still, there have been no shortage of warnings.

"Experience with covert action gives Iran the ability to conceptualize how cyberattacks fit into the larger military picture," Jim Lewis wrote last year. "This is a space for conflict where the rules are unclear, and the risks not yet measured."

ABOUT THE AUTHOR

Thomas Daigle

Senior Reporter

Thomas is a CBC News reporter based in Toronto. In recent years, he has covered some of the biggest stories in the world, from the 2015 Paris attacks to the Tokyo Olympics and the funeral of Queen Elizabeth II. He's reported from the Lac-Mégantic rail disaster, the Freedom Convoy protest in Ottawa and the Pope's visit to Canada aimed at reconciliation with Indigenous people. Thomas can be reached at thomas.daigle@cbc.ca.

With files from Reuters