Iran's Cyber Attacks and Important U.S. Sectors
Iran's success in controlling the U.S. RQ-170 Sentinel drone on December 4, 2011, marked a watershed date and a turning point in Iran's "cyber" trajectory, which has become a concern for the West. Especially the United States and Israel, given Tehran's position in developing its "electronic" capabilities, and its possessors and the necessary tools that have come with it capable of repelling U.S. and Israeli "cyber-attacks" on its military and nuclear facilities and infrastructure. And most importantly its transition to attack mode in sometimes, when circumstances dictate to Iranian leaders.
Cyber or Cyber Warfare
"Cyber or cyber warfare" is usually absolutely secretive, and is felt only by both parties, the attacker and the target, because their leadership takes place from within the "closed rooms", leaving no direct physical damage, such as conventional military battles. In the last decade, this kind of war has become an ideal means for the major powers, in order to pounce on their opponents in order to subdue them without having to take human lives, which the United States has resorted to against both Venzola. Finally "its electrical installations were attacked by an American cyber attack that led to Tehran, which has faced, and continues to face, a "fierce electronic" U.S. war with Tel Aviv's participation years ago, and on several fronts, won rounds, while Tehran won another, recognized by U.S. and Israeli security institutions, and talked about the entry into force of what they called "Iranian pirates" to military installations. And a wish in Washington and Tel Aviv is very important, to then sound the electronic alarm from Iran.
Iran, like other countries and countries across the globe, has the right to obtain all electronic means in its defensive and offensive ways, but in a time of American hegemony and the reversal of international standards and morals. Tehran is robbed of its right, and is accused of "sabotage and aggression", simply because It has electronic power like other countries. It is placed on the "list of evil" and is a direct threat to America and the West, along with Israel and some Arab countries, primarily Saudi Arabia, which is in a state of "denial" about Iran's capabilities and military and electronic capabilities.
The "earthquake" on the oil company Aramco, by the Yemeni army and the "People's Committees", which was considered the strongest and toughest since the establishment of the Kingdom of Saud, did not get out of this framework. It is only hours until Tehran is satisfied with the charge, because the weapons used are Iranian-made as it was traded. To obscure the failure of Aramco's U.S. protection systems, the process was quickly linked to Iran's growing cyber technologies, without citing or providing any concrete evidence.
Tehran's demonization has become a strategic target for its enemies, with every achievement achieved at the "electronic" level, even for purely medical or social purposes, is included in the category of danger to international peace and security, and launches campaigns of intimidation and warning of Iran's "aggressive cyber" activities, which it takes over U.S. and Western intelligence agencies, cybersecurity agencies and experts.
The list in this area goes on, starting with Business Insider (interested in money, commerce and the latest technological advances). In a 2015 report, he asserted that "Iran is building a non-nuclear threat faster than experts had imagined". "In just over two years, the Iranian government has been able to build a sophisticated cyber system that experts now describe as capable of crippling the world's major infrastructure", he said.
Warnings of what Iran has reached "cyber", were the common denominator of these experts, and it seemed as if there was a consensus among them on this matter. Cybersecurity expert David Kennedy and founder of The Information Security Company TrustedSec Western, said in a 2015 statement: "Five years ago, I would never have imagined Iran being what it is today. Iran was once considered a D-class cyber threat. "If they [The Iranians] want to overthrow the U.S. financial sector, or cripple the military's ability to communicate, they can do it". Kennedy asserts that "although Chinese and Russian infiltrators are usually motivated, through competitive advantage or financial gain, Iranian infiltrators are trained to sneak into servers so they can destroy them".
The same vision is adopted by British technology research firm Small Media, which said in a report that "Iran has increased its spending on cybersecurity by 12 times since President Hassan Rouhani took office in 2013". While the Israeli Institute for National Security Studies explained in a 2012 report that the IRGC has recruited some 120,000 personnel over the past three years to resist the "soft electronic war against Iran". Intelligence documents released by Edward Snowden in 2013 spoke of Former NSA advisers, who leaked details of the U.S. spy program in 2013, on Iran's cyber ambitions, revealed that Tehran has been able to build an internet capability that competes with the United States, China, Russia, the United Kingdom, and Israel. The most dominant actors in cyberspace, as well as intensifying their surveillance of the U.S. government". A document written by former NSA director Keith Alexander described the "Iranian threat" as "dangerous enough for the United States to ask Britain to help contain the damage caused by Iran's discovery of computer network exploitation tools".
Dmitry Alperovich, one of the founders of the cybersecurity firm, told The Hill newspaper in 2019: "Outside of any country on this planet, I can't think of a country that was more focused than Iran, at the top levels of government, on the Internet, including the United States".
"Unlike Iran's nuclear program, which has drawn the attention of world powers and forced Iran to negotiate with the United States to ease harsh sanctions, Iran's cyber power is drawing much less attention and cannot be easily monitored", many Western experts say. Nuclear program, Worse still, Iran's hidden development of its electronic capabilities seems to expand". Among them, the president of global consulting firm Eurasia Group and time magazine's senior editor, Ian Bremer, wrote on Twitter in 2015: "In 10 years, Iran's electronic capabilities will be more troubling than its nuclear program".
Cybersecurity has become a thriving industry in Iran, prompting more Iranian students to choose to study defense computer networks and cyber wars in high schools and colleges. "At Sharif University of Technology in Iran, which is similar to the famous Massachusetts Institute of Technology, it participates in Students in games" pick up the flag "online to hone their hacking skills", pointing out that they "are competing to find who can find security vulnerabilities and break into the encryption of servers and firewalls faster".
In practice, Iran benefited from the lessons of the so-called "Green Revolution" in June 2009, and from the "cyber" attack on its nuclear program in June 2010 (which Washington and Tel Aviv boasted of), with a computer worm. An American (a virus developed in 2007) known as Stuxnet, on Iranian government servers, destroyed nearly one-fifth of nuclear centrifuges, according to Business Insider.
Iran has invested these ill-organized and creative incidents closely, turning the threat into an opportunity, to prevent it from being repeated, by having an effective electronic defense system and effective control over the Internet. To this end, it has worked on three main pathways for the creation of a multidimensional electronic defense system:
- Create a defense against cyber-attacks on Iran's critical infrastructure, to ensure the security of sensitive information.
- Paralyze the cyber operations of opposition elements and opponents of the Iranian regime.
- Excluding Western ideas and content, which could contribute to a "soft revolution" that would harm the stability of the regime, outside Iranian cyberspace.
Moreover, in late 2011, Tehran invested at least $1 billion in Internet technology, infrastructure, expertise and electronic capacity to protect against threats such as Stuxnet, and to carry out attacks of its own, according to the army's Institute for Strategic Studies. Al-Amriki, who recorded an increase in Iran's electronic power in 2014.
As usual, the link between Tehran and its allies now applies to every small and large, so it is no surprise that it is accused by the United States, Israel, and some European countries of "nurturing and strengthening the electronic capabilities of terrorist organizations in Lebanon, Yemen, and Syria". The first indication of this, in their view, came from Hezbollah, whose online activity received America's attention, in early 2008, and has become more powerful in the same field since then.
The Christian Science Monitor published an article on June 1, 2015, stating that "a complex malicious software campaign recently discovered by an Israeli company has been linked to Hezbollah," suggesting that the armed group has a more advanced technological skill than previously thought.
In the same year, "Security researchers in Israel discovered something different – a large-scale cyber espionage campaign by skilled hackers who targeted military suppliers, telecommunications companies, media outlets, and universities, with malware aimed at stealing sensitive data and monitoring its victims". "The campaign seems to have been going on since 2012, and it has been found in networks in about a dozen other countries as well. The hackers hacked into sensitive systems with specially designed malware, named Explosive by the Israeli security company, which discovered that it was attacking a web server on a private network".
The Israeli company did not specifically attribute the malware to a particular group or organization, but other technical experts. According to the newspaper, say that "the attack bears all the signs of the campaign organized by the Lebanese Shiite group Hezbollah, which maintains close ties with Iran and its guards". According to the newspaper, these experts identified the "Fly Rice" campaign for its suspected Lebanese origins, and discovered that the servers used in the attack were registered in Lebanon. They also revealed the identity of a Lebanese suspected of involvement. "The malware used in the attack on a computer originating in Lebanon has been assembled, and then there is the Iranian contribution and the sudden emphasis on espionage against Israeli institutional targets," she said.
The newspaper's above statement intersects with what the Israel National Security Institute said about the 2012 attack on Israeli companies that bore Hezbollah's fingerprints. In parallel, Daniel Cohen, coordinator of the Cyber Warfare Program at the Institute for National Security Studies, considers that "attacks (Hezbollah) have become more sophisticated, and the tools are more sophisticated, they enter the system's databases and try to obtain intelligence – password and details of People".
Not far from Hezbollah, officials in Washington and Tel Aviv are firmly convinced that Tehran "trained the Syrian Electronic Army (SEA), which uses cyber warfare to support the regime of President Bashar al-Assad. His mission is to embarrass media organizations in the West that spread atrocities committed by the Assad regime, as well as to track and monitor the activities of Syrian dissidents". These officials consider that "this military has been successful in these two missions" and attributes it to attacking a number of media outlets such as the Washington Post, Chicago Tribune, Financial Times, Forbes, and others. He also managed to hack into software for companies such as Dell, Microsoft, Ferrari and even UNICEF software.
This has not stopped, and in recent years a group called the Yemeni Cyber Army (YCA) has emerged, which has been able to penetrate saudi foreign, interior and defense ministries, as well as the website of the Saudi newspaper Al-Hayat. Once again, attention has been drawn to Iran, for which it is appointed.
On the other hand, the Foundation for the Defense of Democracies (a U.S. think tank focused on national security and foreign policy, known for its absolute loyalty to Israel, and its far-right views on Islam, and receiving funding from the World Jewish Congress Organization) spoke of key actors In Iran, which regulates cyber attacks, i summarized them as follows:
- The Supreme Council for Cyberspace: It oversees Internet and cyberspace policy, responsible for "protecting the country from negative cyber-content". He reports to Supreme Leader Ali Khamenei, whose members include the president, some ministers, the commander of Iran's Revolutionary Guard, and other high-ranking intelligence and security officials.
- The National Cyberspace Council, whose mission is to defend the Islamic Republic against the "cultural war" on the Internet.
- Revolutionary Guard Battalion: a semi-autonomous electronic group that oversees offensive cyber activities.
- Cyber Defense and Cyber Warfare: Monitors the content of publications, newspapers, radio and television programs and all publications.
- Basij Cyber Council: Includes non-professional elements who hack into the regime's enemies.
- Iranian Cyber Police: Which filters web content, monitors the behavior of political dissidents from the regime, and hacks their postal accounts.
According to the Washington Institute for Near East Policy, Iran has carried out cyber operations in response to conflicts, tensions, or actions it considers offensive, designed to cost significantly and demonstrate strategic targeting capability, while maintaining reasonable denial and avoiding escalation. The most notable of these attacks were Operation Ababil, which targeted U.S. financial institutions, the 2012 Shamun attack against Saudi oil giant Aramco, and the 2014 Las Vegas sands strike.
In an October 3, 2019 article, The Hill reported on what it described as "some of Tehran's first cyber warfare invasions between 2011 and 2013, which cost Iranian infiltrators tens of millions of dollars to U.S. financial institutions". "Over the past two years, Iranian infiltrators have hit more than 200 companies around the world, causing hundreds of millions of dollars in damage, according to a new Microsoft report", she said. "In fact, a week ago (late September 2019), the Department of Homeland Security issued emergency directives to all federal agencies to take steps to protect their infrastructure from a process that poses significant and imminent risks to the agency's information systems". "While the Department of Homeland Security did not attribute the operation to Iran, the emergency directive coincided with the release of a report by FireEye (U.S. Digital Security Company) on a global campaign targeting the infrastructure itself", the paper said. The company confirmed that "its preliminary research indicates Iran's responsibility".
On the opposite bank, the Israeli cybersecurity company "Clearsky", in mid-2014, announced an Iranian electronic campaign called Thamar Reservoir, "it seems that its goal was not money or destructive cyber attacks, but instead, the attackers spied, and stole Information". "The majority of the targets included academics, researchers and practitioners in the social sciences, journalists, human rights activists, physicists, security companies and defense companies," she said. By the end of 2106, and early 2017, a virus called Shamoon 2 infected about 15 government agencies and companies in Saudi civil and defense sectors. In a testimony before Congress in March 2018, Director of National Intelligence Dan Coats publicly attributed the attack to Iran.
Saudi Aramco was attacked in 2012, causing extensive damage to the infiltrators and quickly disappearing. Within hours, 35,000 computers in the company were partially scanned, or completely destroyed. One of the most valuable companies on earth was brought back to 1970s technology, using typewriters and faxes. This time, however, after the Shamoon 2 attack, the infiltrators hacked into networks and set up a remote control to gather intelligence on planned future survey attacks. U.S. experts have considered the Saudi Aramco incident a warning to the United States, "evidence of Iran's growing internet prowess, while attacking a regional rival." In September 2019, the Justice Department charged a U.S. citizen and four Iranian activists who were targeting the U.S. government and intelligence agents.
Iran's intelligence-gathering strategy, according to a former U.S. intelligence official, exploits so-called "social engineering", using social media to search for vulnerable sailors on U.S. military vessels, as well as Other naval vessels. Iranians pretend to be attractive young women who are looking to reach out to a "lone sailor", to gather intelligence on the movement of ships. "There have been many successful examples of these Iranian cyber operations. They were doing it on a large scale".
U.S. Frustration with The Failure of The Electronic War against Iran
Following the downing of an unmanned U.S. spy plane in June 2019, Israeli intelligence sources reported that U.S. President Donald Trump had ordered cyber attacks against Iranian networks, but suffered a major setback. That failure prompted Trump to relieve the Central Command of the mission, authorize the CIA's Cyber Command, and assign it to the tasks of disrupting Iranian missile and battery computer systems, and other military devices such as Revolutionary Guard speedboat engines used in attacks on Gulf oil tankers. The early stages of the CIA's adventure proved that this kind of war is not as easy as it thought.
The administration's biggest problem has been to identify target locations, particularly missile launchers and mobile command centers that are difficult to track and disrupt in a timely manner. Especially since Iran relies on technologies imported from North Korea, which enjoys With extensive experience in avoiding cyber-attacks, by dividing missiles into small, untraceable mobile parts, as well as disrupting internet connectivity. Similar to the Korean test, Over the past few months, Tehran has moved batteries and missile control units to border areas or out of the country, and has divided surface-to-air and ballistic missile groups into smaller mobile units, with the aim of dispersing the operations unit. American cyber and the failure of its mission.
Iran uses complex technology to avoid cyber warfare, by deploying a large number of "secret" command centers on a large scale, separate from each other, and isolating them by cutting off their internet connection, in conjunction with the establishment of cyber warfare centers beyond its borders. Where intelligence agencies have picked up Israeli signals from secret centers located in Western Europe and Central Asia, according to the source. In parallel with that resounding failure, U.S. authorities opened an investigation into why the ground control base of the U.S. MQ-4C escort aircraft and the accompanying P-8 failed to detect the Iranian snare to shoot down the world's largest drone. U.S. intelligence believes that the Iranians have received Chinese support in tracking and shooting down the U.S. drone, as happened to the RQ-170, which was shot down by Iranian forces with the help of Chinese cyber-men at the time.
The same sources also revealed that "U.S. intelligence launched a cyber attack on June 23, 2019, targeting a communication system controlling the launch of a missile for The Iraqi Hezbollah Brigades, but the operation was a complete failure, causing panic in Tel Aviv and some Gulf capitals".