Iran Now Major Cyber-Threat

Peter Malcolm

Iran’s nuclear program may be only one of two frightening threats to the United States and the West; after President Hassan Rouhani took over the government in 2013, he handed the Islamic Revolutionary Guard Corps (IRGC) an annual cybersecurity budget of almost $20 million. Now the Iranians’ cyber-attack skills rival Russia and China’s according to David Kennedy, founder of information security firm Trusted Sec.

The Stuxnet worm, which destroyed roughly 20% of Iran’s nuclear centrifuges in 2010, prompted Iran to turn its cyber experts away from confronting internal dissidence and directing their energies toward attacking the West. The Middle East Media Research Institute reported IRGC commander Hossein Hamedani saying in November 2010 that the Basij Cyber Council had trained 1,500 cyber-warriors.

Last November, Dmitri Alperovitch, co-founder of cybersecurity firm CrowdStrike, told The Hill, “Out of any country on the planet, I can’t think of a country that has been more focused than Iran from the high levels of government on cyber, and that includes the United States.”

The Institute for National Security Studies reported in 2014:

The progress in Iranian cyber warfare capabilities can be seen in a number of attacks that occurred in the second half of 2012 and during 2013. These attacks made use of sophisticated techniques, had high quality targets, and were wider in scope than previous Iranian attacks. Among the most prominent of these was the large-scale attack on websites of major banks and financial institutions in the United States, which one information security expert described as unprecedented in scope and effectiveness.

James Clapper, the U.S. director of national intelligence, warned in February 2014 that Iran’s “development of cyber espionage or attack capabilities might be used in an attempt to either provoke or destabilize the United States or its partners.”

Kennedy explained who is behind the Iranian cyber-threat: “Russia has probably helped Iran a lot in stepping up its cyber capabilities in the event of a conflict with NATO. If they [the Iranians] want to topple the US’ financial sector, or cripple the military’s ability to communicate, they can do that.” He added that Iranian hackers have a single goal: to topple the West. He said, “Iran’s cyber warriors ask themselves one question. Can I entrench myself in key sensitive areas and take the US down in the event of a conflict?”

Jeff Bardin, chief intelligence officer of cyber intelligence firm Treadstone 71, warned, “At the Sharif University of Technology, which is like the MIT of Iran, students are participating in cyber ‘capture-the-flag’ games to hone their hacking skills. They compete to see who can find security holes and break through servers’ encryptions and firewalls the fastest.” He pointed out that colleges and universities pave the way for their students to work with hacker groups, noting the sad truth of exactly where the professors got their know-how: “The irony is that, after looking at some of the professors’ resumes, you’ll see that most of these cyber experts teaching students how to hack were initially trained in the US or UK.”