Iran’s cybertroops long have been among the world’s most capable and aggressive — disrupting banking, hacking oil companies, even trying to take control of a dam from afar — while typically stopping short of the most crippling possible actions, say experts on the country’s capabilities.
But the American airstrike that killed one of Iran’s top generals, Quds Force Commander Maj. Gen. Qassem Soleimani, now threatens to unleash a fully unshackled Iranian response, analysts and former U.S. officials warned. They said a variety of potential cyberattacks, possibly in conjunction with more traditional forms of lethal action, would be well within the digital arsenal of a nation that has vowed “severe revenge.”
“At this point, a cyberattack should be expected,” said Jon Bateman, a former Defense Intelligence Agency analyst on Iran’s cyber capabilities and now a cybersecurity fellow for the Carnegie Endowment for International Peace.
The range of possible tactics is long: The Iranians can overwhelm computerized systems to snarl business operations, as they did to U.S. banks from 2011 to 2013. They can also use malicious software to wipe out data, as they reportedly did in 2014 to the Las Vegas Sands casino, whose staunchly pro-Israel owner Sheldon Adelson had suggested the United States drop nuclear bombs on Iran.
Archrival Saudi Arabia’s oil giant Aramco suffered a similar fate in 2012, when a cyberattack reportedly emanating from Iran wiped out the memories of tens of thousands of computers, crimping oil production. The company’s frantic efforts to recover reportedly drove up the price of hard drives worldwide.
Hackers with ties to Tehran can potentially hijack crucial machinery over the internet, a tactic they experimented with at a New York state dam, whose control systems they penetrated in 2013. Or they could target sensitive political or diplomatic targets while mounting sophisticated information operations over Facebook, Twitter and other social media platforms. Last October, Microsoft accused a group tied to the country’s government of attempting to identify, attack and breach personal e-mail accounts associated with a U.S. presidential campaign, government officials and journalists.
And while the most appealing targets are likely to be in the U.S. homeland given Iran’s history of staging visible, politically potent attacks linked thematically to their grievances, it may be easier to strike U.S. military or diplomatic targets abroad, or similar targets in allied nations.
Cybersecurity expert James Lewis recently compiled a list of suspected Iranian hacks, cyberattacks and online spying incidents and was surprised to find 14 reported last year alone. The list included hacks aimed at the Trump campaign, telecommunications systems in Iraq, Pakistan, and Tajikistan, and intrusions into employee accounts of companies making and operating industrial control systems.
“They have enough capability that they don’t need to ask, ‘Can we do this?’ ” said Lewis, a senior vice president for the Center for Strategic & International Studies. “It’s, ‘Do you want to do this?’ ”
Experts tracking online disinformation said Friday they had already seen suspicious, early signs of accounts pivoting to push messages sympathetic to the Iranian government. Some potentially suspect accounts on Instagram, for example, started tagging the White House in images featuring flag-draped coffins, according to the Atlantic Council’s Digital Forensic Research Lab. Meanwhile, apparently bogus claims of an airstrike at the Ain Al-Asad air base, which hosts U.S. forces in western Iraq, were spreading in hard line Iranian media outlets, as well as on services including Twitter and Telegram, according to researchers.
“This is a new era,” said Ali Soufan, a former FBI agent. “We always had controlled escalation policies with Iranians. Now these rules don’t exist, and the Iranians are going to usher in an era of unrestrained responses — an era that’s going to be filled with even more chaos.”