15 January 2018

Cyber weapons Now A ‘Core Tool’ Of Iranian Statecraft


A new report by the Carnegie Endowment says Iran’s cyberoperations have become increasingly sophisticated and damaging to its adversaries and are now a prime policy tool for its security agencies. The report, released on January 4, said Tehran has used offensive cyberoperations to influence regional affairs, thwart opponents and rivals like Saudi Arabia and the United States, and conduct espionage. “Iran has demonstrated how militarily weaker countries can use [cybertools] to contend with more advanced adversaries,” the report said.


Much of Iran’s cybercapability is homegrown, the report said, and is frequently guided by the country’s main security organizations: the Ministry of Intelligence and the hard-line Islamic Revolutionary Guards Corps (IRGC).

“Tehran has become increasingly adept at conducting cyberespionage and disruptive attacks against opponents at home and abroad, ranging from Iranian civil society organizations to governmental and commercial institutions in Israel, Saudi Arabia, and the United States,” the report said.

Over the past decade, offensive cyberoperations have become a core tool of Iranian statecraft, for the purposes of “espionage, signaling, and coercion,” it said.

Iranian intelligence and security agencies have also used hackers and malicious cybertools to go after civil society activists and antigovernment organizations, the report said.

For example, a group calling itself the Iranian Cyber Army between 2009 and 2013 targeted websites associated with political opposition groups, as well as Israeli businesses and independent Persian-language media, defacing the sites and posting pro-government messages.

The recent outbreak of antigovernment protests nationwide has also highlighted Iranian authorities’ efforts to control or limit information and independent media in cyberspace and social-media platforms.

The government blocked popular social-media application Instagram and a widely used messaging app in Iran called Telegram, both of which are popular among Iranians, used to help set up gathering points for demonstrators.

Known formally as the Carnegie Endowment for International Peace, the Washington, D.C.-based think tank specializes in foreign policy issues. Founded by the late American philanthropist Andrew Carnegie, the center now receives funding from private and governmental sources.

Incidents involving Iran have been among the most sophisticated, costly, and consequential attacks in the history of the internet. The four-decade-long U.S.-Iran cold war has increasingly moved into cyberspace, and Tehran has been among the leading targets of uniquely invasive and destructive cyber operations by the United States and its allies. At the same time, Tehran has become increasingly adept at conducting cyber espionage and disruptive attacks against opponents at home and abroad, ranging from Iranian civil society organizations to governmental and commercial institutions in Israel, Saudi Arabia, and the United States.

Collin Anderson

Collin Anderson is a Washington, DC–based researcher focused on cybersecurity and internet regulation, with an emphasis on countries that restrict the free flow of information.

Iran’s Cyber Threat Environment

· Offensive cyber operations have become a core tool of Iranian statecraft, providing Tehran less risky opportunities to gather information and retaliate against perceived enemies at home and abroad.

· Just as Iran uses proxies to project its regional power, Tehran often masks its cyber operations using proxies to maintain plausible deniability. Yet there are clear indications that such operations are conducted by Iranians and frequently can be linked to the country’s security apparatus, namely the Ministry of Intelligence and Islamic Revolutionary Guard Corps.

· Iran’s cyber capabilities appear to be indigenously developed, arising from local universities and hacking communities. This ecosystem is unique, involving diverse state-aligned operators with differing capabilities and affiliations. Over the decade that Iranians have been engaged in cyber operations, threat actors seemingly arise from nowhere and operate in a dedicated manner until their campaigns dissipate, often due to their discovery by researchers.

· Though Iran is generally perceived as a third-tier cyber power—lacking the capabilities of China, Russia, and the United States—it has effectively exploited the lack of preparedness of targets inside and outside Iran. Just as Russia’s compromise of Democratic Party institutions during the 2016 U.S. presidential election demonstrated that information warfare can be conducted through basic tactics, Iran’s simple means have exacted sometimes enormous political and financial costs on unsuspecting adversaries.

· The same Iranian actors responsible for espionage against the private sector also conduct surveillance of human rights defenders. These attacks on Iranian civil society often foreshadow the tactics and tools that will be employed against other targets and better describe the risks posed by Iranian cyberwarfare.

· Through technical forensics of cyber attacks, researchers documenting these campaigns can provide a unique window into the worldview and capabilities of Iran’s security services and how it responds to a rapidly changing technological and geopolitical environment.

U.S. Responses Going Forward

· While Iran does not have a public strategic policy with respect to cyberspace, its history demonstrates a rationale for when and why it will engage in attacks. Iran uses its capabilities in response to domestic and international events. As conflict between Tehran and Washington subsided after the 2015 nuclear deal, so too did the cycle of disruptive attacks. However, Iran’s decisionmaking process is obscured and its cyber capabilities are not controlled by the presidency, as evident in cases of intragovernmental hacking.

· The United States is reliant on an inadequately guarded cyberspace and should anticipate that future conflicts, online or offline, could trigger cyber attacks on U.S. infrastructure. The first priority should be to extend efforts to protect infrastructure and the public, including increased collaboration with regional partners and nongovernmental organizations targeted by Iran.

· Narrowly targeted sanctions could be used to deter foreign countries or other actors from providing assistance to Iranian offensive cyber operations. Such restrictions should still prioritize allowing Iranian society wide access to the internet and information technologies, to mitigate the regime’s ability to control information and communications.

· The United States has pursued a name and shame strategy against Iranian threat actors, and should continue to do so. The Justice Department has issued indictments against Iranians implicated in disruptive campaigns and has successfully obtained the extradition from a third country of a hacker involved in the theft of military secrets. Because of the small operational footprint of the groups, targeted sanctions or legal proceedings are more symbolic than disruptive. These indictments may at least chill participation by talented individuals who wish to travel or emigrate.

· Iran continues to pursue its interests through cyber operations, engaging in attacks against its regional opponents and espionage against other foreign governments. A better understanding of the history and strategic rationale of Iran’s cyber activities is critical to assessing Washington’s broader cyberwarfare posture against adversaries, and prudent U.S. responses to future cyber threats from Iran and elsewhere.

No comments: