Trump’s Actions Lead to Cyber Security Fears

Much of the world, particularly those living in the Middle East, are collectively holding their breaths hoping a storm may pass. One May 8 US President Donald Trump announced his country would be withdrawing from the Iranian nuclear deal. The president claimed that there is Israeli intelligence proving Iran is not in compliance with the agreement thus providing the reason to withdraw without alliance partner’s support. The move by President Trump sparked fears that the region would further be destabilized. As if to prove the point news broke early on May 10 about Iran using missiles to strike Israeli positions in the Golan Heights and with Israel responding in kind. While there appear to be legitimate fears of a further destabilized geopolitical landscape, there are also many fears regarding a cyber retaliation from Iran.

Iranian Cyber Warfare

Experts at security firms and within state departments are likewise holding their breath in anticipation of a cyberwarfare campaign conducted by Iran. This may occur within weeks according to researchers at Recorded Future. In a recent report published by the firm, the hierarchy of Iran state-sponsored hacking campaigns were analyzed. Their belief that another campaign is highly likely to begin is based on past analysis of the campaigns as well as Iran’s historical response to sanctions being imposed by the international community.

trump actions cyber security fears

Since 2009, Iran has regularly responded to sanctions or perceived provocations by conducting offensive cyber campaigns. The Islamic Republic has historically preferred to use proxies or front organizations both in physical conflict, as with Hezbollah against Israel and Yemen rebels against Saudi Arabia, and cyberattacks to achieve its policy goals. It is widely believed that in 2009 that the Iranian Government saw the need to conduct such operations, an excuse to employ such methods arose in 2012.  In that year then President Obama imposed severe financial sanctions on Iran, including removing Iran from the SWIFT money transfer system. Iran responded with Operation Ababil, which was a series of denial of service attacks. These were launched by the Cyber Fighters of Izz Ad-Din Al Qassam also known as Qassam Cyber Fighters believed to be working for the Iranian Government. The attacks were announced on September 18, 2012, via Pastebin where they criticized Israel and the United States. Their targets included the New York Stock Exchange as well as a number of banks including J.P. Morgan Chase. The result of the attacks was a limited disruption of the targeted websites. The attacks ended on October 23, 2012, because of the Eid al-Adha holiday at which point they offered to speak to the media through e-mail.

In 2013, the New York Times published an article about the hacking operation where it revealed that American authorities confirmed the hacking group acted as cover for Iran. The authorities believed that Iran was waging a cyber war in retaliation for Western economic sanctions and for a series of cyberattacks on its own systems. In the three years prior to Operation Ababil, three sophisticated pieces of malware, including the infamous Stuxnet, hit computers in Iran. The New York Times reported that the United States, together with Israel, was responsible for Stuxnet, the virus used to destroy centrifuges in an Iranian nuclear facility in 2010.

Again nearly a year after the New York Times report of 2013, Sheldon Adelson, the CEO of Sands Corporation, publicly suggested that the United States should attack Iran with an atomic weapon. In response to the poorly chosen words Iran launched a destructive attack on the Sands Las Vegas Corporation that caused significant network damage. The attack which occurred in February 2014 made headlines as the target is a publically traded company and the attackers not only managed to break into the computer systems but also managed to steal customers credit card data, Social Security numbers, and driver's licenses numbers. This resulted in major reputational damages to the company.

Possible Attack Scenarios

Given President Trump’s actions expecting a cyber retaliation from Iran may be perceived as wise. Based on previous campaigns the cyber attacks could be expected to follow the above pattern of quickly launching devastating attacks on American, European, Saudi Arabian, and Israeli businesses. It is also worth considering that they may also conduct slower far more methodical attacks through cyber proxies, many of them operating as contractors with some of them based at Iranian universities and technical colleges. These institutions are believed to work in conjunction with Iranian military and intelligence agencies.

Further research conducted by Recorded Future also suggests that because of the need for a quick response, the Islamic Republic may utilize contractors that are less politically and ideologically reliable (and trusted) and as a result, could be more difficult to control. It is possible that this dynamic could limit the ability of the government to control the scope and scale of these destructive attacks once they are unleashed. If this scenario plays out further destabilization could occur with calls from America and its allies for retaliation.

To this extent, researchers at Recorded Future advise that:

“Western businesses should closely monitor geopolitical events initiated by the United States or Europe that affect Iran. As demonstrated above, Western businesses are the logical victims of Iranian retaliation for perceived American policy transgressions; specifically businesses in financial services, government departments, critical infrastructure providers, and oil and energy sectors. In addition to carefully monitoring Iranian geopolitical developments, tracking emerging tactics, techniques, and procedures (TTPs) on Ashiyane {a hacking group linked to the Iranian Government}, specifically, is wise for any Western commercial threat intelligence program to determine the efficacy of existing security controls.”