Has Iran become a Cyber Super Power?
by Callum Wood
The Stuxnet virus was about to make history. Transferred via USB into Iran’s Natanz uranium enrichment facility in mid-2009, the virus went to work, subtly tearing down the facility’s infrastructure. What made this historical was not its digital potency, but the fact that this virus impacted the physical, slowly wreaking havoc on the centrifuges, causing major delays to Iran’s nuclear program—precisely as Stuxnet’s creators had planned. The worm gradually increased pressure in the centrifuges, bemusing Iranian scientists and engineers. Under the increasing pressure, the centrifuges wore out quickly, forcing Tehran to replace them.
It was mid-2010 before Iran caught on and was able to tackle the virus. But then something happened. Something that Stuxnet’s creators didn’t plan for. A seed was planted in the minds of the Iranian elite: a plan to develop an Iranian cyber program capable of defending Iranian tech and attacking that of its enemies.
Today that program has blossomed to the point where Iran is considered the sixth member of a cyber superpower club.
The other members of the club are the United States, Israel, Britain, Russia and China. But there is something that separates these cyber powers from Iran: policy.
Iran’s cyberpower is broken down into three main groups. First is the domestic aspect. This works somewhat similar to Russia and China. According to a Financial Times report, this domestic cyber program consists of hackers under the guidance of members of the Islamic Revolutionary Guard Corps (IRGC). This group works social media and well-traversed public websites to keep a finger on the pulse of the population. If there is any word of protest or an uprising, the IRGC is the first to know. This ensures the IRGC can prevent the rise of another Green Movement protest like we saw in 2009.
This domestic hacker group also helps give a louder voice to the Iranian regime and its policies. One aspect of this arm of the cyber program is called the Basij Paramilitary Force. The group focuses on writing propaganda and disseminating it. The Basij Cyber Council was created to utilize hackers under IRGC supervision. Hinting at Iran’s cyber aspirations, it calls these trainees cyberwar commandos.
But this is a quantum leap from implanting Stuxnet-like viruses and malware. It is one thing to monitor blogs, it is another to actively attack or disrupt the operations and industry of other countries.
The second group highlighted in the Financial Times is the hacker allies. Iran doesn’t just provide cash and munitions to its friends in the Middle East, it is more than willing to provide cyber capabilities and weaponry as well. Iran willingly sends its damaging products to terrorists for their use. Financial Times called Tehran “one of the world’s most active cyber ‘proliferators,’ providing damaging malware to groups such as Hezbollah, the Lebanese Shia militants.” This is more like Stuxnet, but still lacks the finesse. Mass hiring and support of hackers provides Iran a more blunt tool to wield, but doesn’t allow the nation to specifically hone in on smaller targets.
And so we come to group three, by far the most dangerous. This group is the sophisticated and highly trained members of the IRGC. If the Basij Paramilitary Force are the commandos, these guys are the “elite cyber force” of Iran. And this is where Iran’s cyber program really breaks away from those of the other cyber superpowers.
The other cyber superpowers tend to lean more on espionage than inflicting actual damage on their targets. One example would be the fake company created by MalCrawler, a cyber security firm. This company created fake networks in order to lure in and track hacker activity—a digital honeypot.
MalCrawler observed the Russians delving deep into the system, mapping it out for future use. The Chinese stole anything they considered useful technical information. But then in came the Iranian hackers. MalCrawler knew who it was
because of the use of Farsi—the Persian language—and the malware that the hackers employed. They didn’t go plumbing the depths with Russia or stealing secrets with China. Instead, the Iranians used the opportunity to attack Saudi Arabia’s capital, successfully—in their own minds—shutting down the electricity grid, leaving millions without power.
The Chief Executive of MalCrawler told Financial Times, “The mind-set just seemed completely different—it wasn’t espionage or some kind of targeted operation necessarily, it was just to do as much damage as possible.”
Iran has a history of similar cyberattacks. In 2012, Tehran pulled off one of its greatest attacks, targeting Saudi Arabia’s national oil company, tearing apart its corporate IT infrastructure. The company was dragged to the brink of collapse, having to give oil away for days simply because it couldn’t process transactions.
In late 2014, Iran launched an attack campaign known as Operation Cleaver. It was a global attack, targeting critical infrastructure in companies from Korea to Canada. It even infiltrated the U.S. Navy.
In 2015, Iran was accused of taking out half of Turkey’s power grid, plunging more than 40 million people back into the Stone Age.
Stuart McClure, the CEO of Cylance, the company that alerted the world to Iran’s attack, noted, “They aren’t looking for credit cards or microchip designs; they are fortifying their hold on dozens of networks that, if crippled, would affect the lives of billions of people.”
These hackers all work under the IRGC, and the IRGC receives its direction from another council. This helps explain Iran’s infatuation with malware and global cyberattacks.
The High Council of Cyberspace may sound like it should be in the latest Star Wars flick, but it is actually the governing body of Iran’s cyber program.
Established in 2012 by Ayatollah Ali Khamenei, this council gives the hackers their marching orders. From its foundation, this government body has been controlled by hard-liners, including the president, heads of the judicial system and parliament.
One such leader, IRGC Brig. Gen. Hossein Hamedani, stated in 2010, “The Basij cyber council has trained over 1,500 active ‘cyber jihadis.’” That means Iran’s hackers are not lone wolves operating out of a dark basement. Rather, they are an organized and strictly governed body. There is top-level decision-making and direction to the cyber warfare coming out of Iran. The policymakers of the High Council of Cyberspace are the same movers and shakers of the nuclear program, the ballistic missile program and others that facilitate terror and instability across the Middle East.
As such, Iran’s cyber program is a direct threat to Sunni and Western interests at home and abroad.
The hacking of a dam in New York where massive flooding was narrowly averted due to routine maintenance is just one example of the reach of Iran. In the Middle East, Iran is threatening shipping in the Persian Gulf. Many ships are becoming automated, giving Iran more opportunity to do damage. Iran has the capability to skew or “spoof” GPS readings on ships. Subtle GPS manipulation allows Iran to guide ships that use the Strait of Hormuz.
North Korea has done this in the past, both on land and in the air. Iran also claims to have used spoofing to capture a U.S. drone in 2011. This ability poses a direct threat to economies that rely on safe passage of oil through the vital sea-lane.
As the use of technology and automation increase, a new form of terrorism is growing. It can be easy to look at Iran and focus only on President Hassan Rouhani or the nuclear deal or even the ballistic missiles, but Iran is rising in power in other ways too. In a few short years, it has grown from having no cyber power to being a cyber superpower. And as its hackers have proved, Iran is more than willing to use this program to wage worldwide cyberterrorism.