Twitter Facebook Google RSS
Homeland Security News 

Iran’s Ability to Carry Out Attacks in Cyberspace May Be Improving 


By Stew Magnuson 

Only a few years ago, network security experts didn’t rank Iran’s abilities to carry out sabotage and cyber-espionage very highly compared to China, Russia and the United States.

That may be changing.

After falling victim to industrial sabotage in the now-famous Stuxnet attack, which went after centrifuges in Iran’s Nantz Nuclear Facility, the nation may be looking at ways to reach out and cause similar mayhem inside the borders of its adversaries.

Gen. William Shelton, Air Force Space Command commander, when asked how Iran racked and stacked as a cyberpower today, said he couldn’t say much publicly about it. Shelton also oversees the service’s cyber-operations.

“It is clear the Nantz situation generated a reaction by them. They are going to be a force to be reckoned with. And let me just leave it at that,” he told reporters.

A cyber-attack against Saudi Arabia’s state-owned oil company Aramco left 30,000 company computers down for a week, and scrambled data so it could no longer be retrieved. Suspicions have fallen on regional rival Iran, although it is often difficult to attribute these attacks. A group called “Sword of Justice” claimed responsibility, citing repression against Shiites in countries such as Saudi Arabia and Bahrain.

More recently, a shadowy group called the al-Qassam Cyber Fighters has launched a series of distributed denial of service (DDoS) attacks against U.S. banks.

It is tough to know what the truth is because the facts are often classified, said Jon Iadonisi, co-founder of Alexandria, Va.-based White Canvas Group, which specializes in network security.

“Whether or not those are attributed to Iran, I’m not sure it even matters anymore what country they are from when everything is pretty much for hire,” he said.

It isn’t necessary anymore to have deep technical knowledge of software codes. Readily available and easy-to-use tools allow an ordinary person — or nation — to launch DDoS attacks.

However, “If you look at the breadth, the planning and the complexity of mainly the al-Qassam Cyber Fighter attacks … they are much more advanced than a simple DDoS attack,” he said.

They required months of planning. The social engineering, or spearphishing attacks, were well engineered. The group claimed the attacks were in response to an anti-Islamic video, The Innocence of Muslims, posted on YouTube. Iadonisi believed that was a red herring since there is evidence the operation was being planned before the video was released, he said.

Iadonisi thinks Iran has a cyber-unit. The question is whether the government would risk exposing itself by employing it.

“I wouldn’t if I were them. I would use a freelance unit,” he said. “You can hire somebody with any sort of technical background, and they are nationality agnostic.”

As far as the Aramco attack, “Somebody had to do a lot of planning to understand all their vulnerabilities and their network. Who is that planning being done by? I don’t necessarily know, and I can’t necessarily talk about that,” he said.

More recently, a virus that went after the hardware at an unnamed U.S. gas turbine company had the goal of taking control of the machinery, much like the Stuxnet virus, he said.

The ability to carry out attacks from across the world that can do real physical or economic damage without ever launching a jet fighter or sending in suicide squads is tempting for adversaries such as Iran, U.S. officials and cybersecurity experts have pointed out. 

“An individual or a group of people can wield, in some cases, their own elements of national power,” said Iadonisi.

Photo Credit: Thinkstock
Submit Your Reader's Comment Below
The content of this field is kept private and will not be shown publicly.
Please enter the text displayed in the image.
The picture contains 6 characters.
*Legal Notice

NDIA is not responsible for screening, policing, editing, or monitoring your or another user's postings and encourages all of its users to use reasonable discretion and caution in evaluating or reviewing any posting. Moreover, and except as provided below with respect to NDIA's right and ability to delete or remove a posting (or any part thereof), NDIA does not endorse, oppose, or edit any opinion or information provided by you or another user and does not make any representation with respect to, nor does it endorse the accuracy, completeness, timeliness, or reliability of any advice, opinion, statement, or other material displayed, uploaded, or distributed by you or any other user. Nevertheless, NDIA reserves the right to delete or take other action with respect to postings (or parts thereof) that NDIA believes in good faith violate this Legal Notice and/or are potentially harmful or unlawful. If you violate this Legal Notice, NDIA may, in its sole discretion, delete the unacceptable content from your posting, remove or delete the posting in its entirety, issue you a warning, and/or terminate your use of the NDIA site. Moreover, it is a policy of NDIA to take appropriate actions under the Digital Millennium Copyright Act and other applicable intellectual property laws. If you become aware of postings that violate these rules regarding acceptable behavior or content, you may contact NDIA at 703.522.1820.

  Bookmark and Share