Iran is said to be emerging as leading cyberthreat. While it falls behind Russia and China, nevertheless, it has conducted several highly damaging cyberattacks and it is believed that the attacks will only get worse. Iran’s history of cyberspace operations began with hackers. Reportedly, Iran’s government not only recruits hackers into its cyber forces but supports their independent operations.
By the mid-2000s, Iran’s hackers had begun to take over websites worldwide and post messages on them, a practice called “defacing.” Although it was often just for fun, some hackers, like Iran Hackers Sabotage, aimed to show the world that “Iranian hackers have something to say in the worldwide security.”
While this group’s website alleged to provide vulnerability testing and secure hosting services, it was said to be responsible for Web defacements. Allegedly, it replaced the U.S. Naval Station Guantanamo homepage with one defending Muslims and condemning terrorists in 2005. One of its defacements proclaimed “Atomic energy is our right.” By early 2008, the Zone-H defacement archive listed 3,763 Web defacements for the group, which has since disbanded.
Ashiyane Digital Security Team was another prominent group who ran a website offering free hacking tools and tutorials. 11,503 members were claimed by the site, in May of 2006. Ashiyane also claimed to provide security services, but its members’ were believed to deface websites with images such as a map of Iran and a reminder that “The correct name is Persian Gulf” for what some Arab states have called the “Arabian Gulf.”
In 2009, during the Israeli incursion into Gaza, Ashiyane reportedly defaced 500 websites — and in 2010, 1,000 sites in the U.S., United Kingdom, and France, for supporting what they called, “anti-Iranian terrorist groups.” Zone-H recorded 23,532 defacements by the group by May of 2011. Behrouz Kamalian, the group’s leader, said while they operated independently and spontaneously, they also cooperated with the Iranian military.
The Iranian Cyber Army has been implicated in several website attacks, including one against Twitter in 2009, and the Voice of America in 2011. The Iranian Cyber Army is said by some cybersecurity researchers to operate on behalf of Iran’s Islamic Revolutionary Guard Corps, who run a cyberwarfare program that in 2008 was estimated to employ about 2,400 professionals.
A group that called itself the Cutting Sword of Justice launched cyberattacks against the Saudi Aramco oil company in 2012, claiming to protest Saudi oppression and corruption financed by oil. More than 30,000 computers were rendered inoperable at Saudi Aramco and Qatar’s RasGas. U.S. intelligence officials blamed Iran for the attacks.
In the 2014 an attack against the Las Vegas Sands Corporation was launched. It was thought to be a response to remarks made by Sheldon Adelson, the company’s largest shareholder, who had suggested setting off a bomb in an Iranian desert to persuade the country to abandon nuclear weapons. In 2016, the Shamoon malware resurfaced, wiping data from thousands of computers in Saudi Arabia’s civil aviation agency.
As well, Iranian hackers have also conducted massive distributed denial-of-service attacks, rendering sites inaccessible. Attacks like these occurred from 2012 to 2013, by a group calling itself the Cyber Fighters of Izz ad-Din al-Qassam, who launched a series of denial-of-service attacks against major U.S. banks.
The U.S. indicted seven Iranian hackers in absentia in 2016. They were accused of working on behalf of the Revolutionary Guards to conduct those bank attacks, which were said to have caused tens of millions of dollars in losses. One of the seven indictments was of a man who allegedly obtained access to the computer control system for the Bowman Avenue Dam in New York state. The access would have allowed the intruder to “operate and manipulate” one of the dam’s gates, had it not been offline for maintenance.
Cyber warfare can be used as a means of overcoming Iran’s military disadvantages. Containing its cyber warfare program may be more challenging than containing its nuclear program. It is extremely difficult to enforce controls placed on cyberweapons. America’s best options to defend itself against the Iran’s cyberthreat are cybersecurity and cyberdeterrence.