Iran’s cyberwarriors are becoming a rapidly growing and persistent threat that must be dealt with immediately, according to a new report, even as diplomats deal with a potential nuclear threat from the country in the future.
Cyberattacks from Iranian Internet addresses increased 128 percent from January 2014 to mid-March, according to a report released Friday by the American Enterprise Institute and the Norse Corp. The study on which the report was built used a network of several million sensors around the world to lure hackers into making attacks and detect their methods.
The initial report of “Project Pistachio Harvest” builds on what U.S. officials and cybersecurity companies have said about the growing threat of Iranian hacking and notes that the lifting of economic sanctions as a result of any nuclear deal “will create an influx of resources that will fuel the expansion of these capabilities.”
“It would be comforting to imagine that the recently announced nuclear framework agreement will put a stop to all of this, that a new era of detente will end this cyber arms race,” the report said. “There is, unfortunately, no reason to believe that that will be the case.”
The report also found a 508-percent increase in the infrastructure in Iran devoted to hacking, which co-author Frederick Kagan of the American Enterprise Institute suggests is an alarming sign that the ruling Shiite Muslim theocracy is seeking a nonmilitary way to retaliate against any attempt by the United States or its allies to limit its activities.
“They are building more attack infrastructure than they are using,” Kagan said. “They are preparing capability that they might want to be able to use later.”
It’s not the first evidence that Iran has become a major threat in the cyber world.
A December report by the cybersecurity firm Cylance Corp. referred to Iran as “the new China” and said hackers working for the Iranian government have penetrated critical computer systems around the world over the past two years, including the system used by the Navy and Marine Corps to send emails.
Cylance said it rushed the report to publication ahead of schedule because the worldwide threat of what it called “Operation Cleaver” was so great, even though its experts had uncovered only a small fraction of its scope.
Other targets have included U.S. airlines, educational and transportation networks, chemical, energy and utility companies, and parts of the defense industrial base, the report said. Networks in other countries, including Britain, Canada, China, France, Germany, India, Israel, Kuwait, Mexico, Pakistan, Qatar, Saudi Arabia, South Korea, Turkey and the United Arab Emirates, have also been targeted.
The threat by hackers to critical infrastructure such as the electric power grid or water systems came into sharp focus Nov. 20, when National Security Agency Director Adm. Michael Rogers for the first time publicly revealed that China and at least one other country were capable of potentially causing “catastrophic failures” that could kill Americans or damage property with cyberattacks, saying it was only a matter of time before such an attack occurred.
Rogers did not mention Iran by name, but the Cylance report makes clear that the Iranian hackers’ skills were rapidly increasing to the point where they could pose such a threat.
An April 2013 document made public in February from the trove stolen by NSA leaker Edward Snowden suggests that Iran has learned from cyberattacks launched against its nuclear program by the United States and Israel, such as the Stuxnet virus, to build its capabilities.
“These are well-educated people. They’re very smart people and they’re very talented people.” Kagan said, noting that Iran has invested a lot of money in its information technology infrastructure.
Among the attacks cited by Friday’s report was a February 2014 penetration into the computer systems of Las Vegas-based Sands Casino Corp. The Sands’ owner, billionaire Republican donor and Israel supporter Sheldon Adelson, had suggested the year before that the United States launch a nuclear attack on Iran.
President Obama on April 1 issued an executive order declaring the cyber threat from Iran and other countries a national emergency. It authorizes the Treasury Department, in consultation with the attorney general and secretary of state, to impose sanctions on individuals that engage in “significant malicious cyber-enabled activities” against the U.S. government or American businesses.
The move gives the administration more legal leverage to punish and try to prevent such attacks.
Congress is again working on legislation designed to improve information-sharing by government and private businesses to better defend against cyberattacks, after past efforts to do so failed over privacy concerns.
But the AEI-Norse report notes that U.S. defenses against such attacks are lagging, a point reinforced by retired Gen. Keith Alexander, a former NSA chief, who said “this is going to get worse” if the proper technology and resources are not applied to better shield communications networks.
“The theft of intellectual property by other countries against us is the greatest transfer of wealth in history … we should fix our security and explain to people why we do that,” Alexander said. “It’s incredible what’s been taken.”
