Even as Iran has applied the brakes to its nuclear program over the past 18 months and provisionally agreed last week to a deal lasting more than a decade, it has continued to advance its prowess in the field of cyber-attacks, experts say.
“It’s definitely not a ‘third tier’ cyber power anymore,” Andretta Towner, a senior intelligence analyst for the cyber-security firm, CrowdStrike, told an audience at the Atlantic Council on Wednesday. “It’s definitely progressing.”
Until recently, cyber specialists put Iran on a third rung below top actors such as the United States and Russia and second tier China. But Iran has now mastered more techniques of cyber intrusion and could be classified in the “final four” if using a “March madness” college basketball metaphor, Towner said.
For Iran, she said, cyber was mainly an area of domestic concern until 2010. Iranian government-supported hackers and security agents from organizations such as the Revolutionary Guards’ Cyber Defense Command focused on countering political dissidents in the wake of protests following fraud-tainted 2009 presidential elections.
But in 2010, a cyber worm allegedly developed by the U.S. and Israel infected computers controlling Iranian centrifuges – the machines that spin at high speed and enrich uranium – at Iran’s main enrichment plant at Natanz.
The worm – known as Stuxnet – caused the centrifuges to speed up and slow down erratically and eventually disabled about 1000 machines. The damage and psychological trauma is believed to have set back Iran’s nuclear program by a year or two, according to David Sanger of the New York Times.
Iran responded to Stuxnet and intensifying U.S.-led economic sanctions with a series of so-called distributed denial of service (DDoS) attacks on U.S. financial institutions in 2012. Websites crashed in the face of high traffic and it cost the banks millions to fend off the barrage.
Also, in 2012, Iran is believed to have infected desktop computers at the Saudi oil company Aramco, destroying data on 30,000 machines.
Since Hassan Rouhani became Iran’s president in 2013, there have been no similar assaults with one exception. On Feb. 10, 2014, computers and servers at the Las Vegas Sands Corporation started shutting down in the face of a massive cyber attack that wiped many hard drives clean.
It took months before the casino company – owned by arch Iran adversary Sheldon Adelson – admitted what had occurred. Only recently did the U.S. Director of National Intelligence, Gen. James Clapper, confirm that Iran was responsible.
Perhaps not coincidentally, Adelson had been quoted in late 2013 suggesting that the U.S. drop a nuclear bomb in the Iranian desert – and threaten to attack Tehran – if the Islamic Republic didn’t give up its nuclear program and stop threatening Israel.
While most of Iran’s cyber attacks appear to have been retaliatory in nature or aimed at acquiring intelligence, that doesn’t mean they will always remain so.
JD Work, research director at the Cyber Conflict Documentation Project, told the Atlantic Council audience that Iran has continued DDoS attacks and probes under the Rouhani administration and even during recent nuclear negotiations in Lausanne, Switzerland, directed against the U.S. financial sector.
“Whether this was an attack or simply a test of infrastructure, there’s debate on this point,” Work said, without revealing the specific targets. He said there have been similar Iranian intrusions against the oil sector as well.
According to Towner, Iran – despite sanctions-related budget constraints – has increased its budget for cyber security by more than 1200 percent in the past three years.
She cited a recent British report that said that funding for cyber security was 42,073 million Iranian rials (about $15 million) when Rouhani took office and 550,000 million ($195 million) now.
Given the attacks that Iran has faced – besides Stuxnet, there have been at least two other related assaults, Duqu and Flame – and the likelihood that the U.S. and Israel are continuing to gather intelligence about Iranian capabilities and prepare new offensive as well as defensive technques, cyber competition is certain to continue whether there is a comprehensive nuclear deal or not.
One way for the U.S. to reassure nervous Arab allies and Israel that a nuclear agreement will not come at their expense would be to provide more assistance against Iran in the cyber sphere.
Experts especially worry that cyber conflict could heat up if the negotiations break down, with potentially serious consequences for U.S. and international companies and consumers.
According to Work, “the difference between an intrusion to acquire intelligence and an intrusion which will result in a destructive termination scenario is merely a matter of flipping a bit and a piece of malware.”
The views and opinions expressed are those of the author and do not necessarily reflect the position of Voice of America.
Barbara Slavin is a senior fellow at the Atlantic Council’s South Asia Center and a correspondent for Al-Monitor.com, a website specializing in the Middle East. She is the author of a 2007 book, Bitter Friends, Bosom Enemies: Iran, the US and the Twisted Path to Confrontation, and is a regular commentator on U.S. foreign policy and Iran on NPR, PBS, C-SPAN and the Voice of America.