20 January 2020

Iran-US conflict may stretch definitions of ‘war’


Amid an escalation of strike and counterstrike, conflict between the U.S. and Iran may never reach a stage similar to a traditional war. But the risks from both physical and cyber attacks are very real.

In this aerial photo released by an official website of the office of the Iranian supreme leader, mourners attend a funeral ceremony in Tehran on Jan. 6, 2020, for Iranian Gen. Qassem Soleimani and his comrades, who were killed in Iraq in a U.S. drone strike.

Refined Kitten – also known as APT33, Elfin, and Magnallium – is a shadowy hacker group that cybersecurity firms believe works in the interests of Iran. When tensions between Washington and Tehran spiked last June, Refined Kitten launched a broad phishing attack against a range of U.S. government agencies, including the Department of Energy and national labs.

Soon, Refined Kitten and other members of Iran’s capable cyber corps may be on the offensive again. Iran has vowed revenge in the wake of the U.S. killing of Maj. Gen. Qassem Soleimani in a drone strike on Friday, and digital disruption could well be one of its weapons.


That’s because Iran has long taken an asymmetric approach to confrontation with America. “War” between the two nations wouldn’t look at all like the Gulf War or the 2003 U.S. invasion of Iraq. Experts say it would likely be a shifting, hidden sort of conflict spread over the region and the world, in which Iran tries to surprise and strike quickly at its heavily armed adversary, via hackers, proxy militias, or other indirect means.

“The cyber piece of this is also in Iran’s immediate tool box,” says Elisa Catalano Ewers, adjunct senior fellow at the Center for a New American Security and a former director for the Middle East and North Africa on the National Security Council staff.

Patience may be part of the Iranian approach as well. Rather than responding quickly to the death of a man widely considered the second most powerful leader in the country, Iran appears to be calibrating its response to the U.S. strike, weighing what it deems might be effective while trying to avoid all-out war with the United States.

“They’re taking their time,” says Ms. Ewers.

Where Iran may respond next

The American decision to target General Soleimani as he left Baghdad International Airport likely shocked the Iranian leadership, say experts. He was not hard to find, as he traveled semi-openly throughout the region, visiting Iranian allies and proxies in Syria, Lebanon, and elsewhere.

Iraq, where the attack took place, is perhaps the first theater where Iran might respond. Iranian-linked Shiite militias in Iraq have been escalating activities in recent months and recently surrounded and attacked the U.S. embassy in Baghdad in response to American airstrikes against fellow militia members across Iraq and Syria.

Iraqi lawmakers were generally outraged at what they saw as a U.S. action that infringed on their sovereignty. On Sunday they approved a resolution calling for the expulsion of American troops in their country – something which, if carried out, would fundamentally tilt the regional power balance.

Iranian proxies elsewhere in the region might also target U.S. troops and American civilians in response to the Soleimani killing. Iran itself could undertake missile strikes on U.S. bases or on Saudi or United Arab Emirates oil facilities. It could increase its naval activity against oil tankers in Gulf waters.

Iran could also completely abandon the 2015 nuclear deal struck with the United States and Europe. On Sunday, Iran said it would feel free to produce as much nuclear material as it wanted, though Iranian officials did say they might reverse and reenter the deal in the future.

Iran might also resort to unconventional means of retaliation, such as individual acts of terrorism in the U.S. or Europe, or a ramping up of its shadowy cyber capability against international banks, power plants, or other vulnerable targets.

“We should be prepared for Iran [to retaliate] across its entire range of asymmetric capabilities, inside Iraq, across the region and elsewhere across the globe where they have active cells,” writes William Wechsler, director of Middle East programs at the Atlantic Council, in an analysis of what comes next.
Rising threats in cyberspace

Since Desert Storm, “literally in every armed conflict, we’ve seen increased action in the cyber domain,” says retired Brig. Gen. Gregory Touhill, adjunct professor at Carnegie Mellon University in Pittsburgh and America’s first federal chief information security officer, serving from 2016 to 2017.

Cyber warfare has proved particularly attractive to Iran, since a four-decade arms embargo has kept its conventional military from keeping up with other powers in the region.

“Between 2009-10 and 2019, and often via non-state proxies such as the Iranian Cyber Army, Iran has invested heavily in developing and using cyber capabilities, for propaganda, intelligence exploitation and disruption,” noted a November 2019 report by the International Institute for Strategic Studies (IISS), an international research firm.

Iran’s cyber capabilities are not on par with, say, Russia and China, cyber experts note. But it has shown increasing ability and willingness to use digital means. As far back as 2005, groups linked to Iran have hacked into websites to deface them with pro-Iranian messages. Over the weekend, hackers altered the website of an obscure U.S. government program to depict President Donald Trump being punched in the face by an Iranian fist.

There’s no evidence yet this was sponsored by Iran. But as early as 2005, groups linked to Iran have used such web “defacements” to get their message out. In 2016, the U.S. indicted seven Iranians for trying to gain control of a 20-foot computerized dam in New York.

Iran has also been linked to the Shamoon wiper virus, which in 2012 was used against Aramco, Saudi Arabia’s oil company, and destroyed data on at least 30,000 personal computers.

The cyber efforts are often carried out by nonstate partners affiliated with and often funded by Iran, part of a larger pattern of what the IISS report calls Iran’s “networks of influence.” These networks allow Iran to disavow responsibility for the attacks.

That said, the threats of Iranian retaliation following Friday’s U.S. airstrike killing General Soleimani should not be overblown, cyber experts say.

“It’s unlikely that there might be a large-scale financial attack,” says Rahul Telang, professor of information systems and management at Carnegie Mellon University’s Heinz College. “I don’t think Iran has the technical capability.”

Small and midsize businesses that have not assessed their digital risk could see some impact. And specific sectors of the economy might see some events.

Even in cyber warfare, Iran isn’t likely to go too far for fear of provoking a more devastating response – either on the ground or in cyberspace.

“A decision for a cyberattack on the United States will depend on Iranian calculations of the risk of a damaging U.S. response,” wrote James Andrew Lewis, senior vice president at the Center for Strategic and International Studies, in a commentary back in June. “If Iran does act in the United States, crippling a casino makes a point [about U.S. vulnerability]. Blacking out the power grid or destroying a pipeline risks crossing the line.”

The U.S. doesn’t only have superior capability in conventional warfare, it also has a decided edge in cyberspace. It was the Stuxnet virus, widely believed to have been developed by the U.S. and Israel, that severely damaged Iran’s nuclear program.

“While there’s great talk that the Iranians will act, they do so at their own peril,” says Mr. Touhill, the former federal information security officer.

No comments: