Girding For Iran’s Cyberattacks On The US — Where Past May Be Prologue

Tensions between the U.S. and Iran have gone up several notches with the killing of Qassem Soleimani, which might raise the risk for cyberattacks. If past is prologue, banks, hospitals and energy infrastructure may be targets as a new decade dawns.

At the dawn of a new decade, the wars will be fought on virtual battlefields, with ones and zeros as the weapons.

The damage? It may be immediate and far-reaching, disrupting lives and wreaking havoc across the basic technological and tangible infrastructure that underpins daily life. (The infrastructure touches everything from energy to finance.)

The enemies? Unseen, behind screens.

In the wake of an airstrike on Friday (Jan. 3) by the U.S. that killed Qassem Soleimani, head of Iran’s Quds force, the battlefield is likely to broaden — and go digital.

The First Salvo

News came on Saturday (Jan. 4) that, in at least one initial strike against the U.S. by pro-Iranian hackers, the homepage for the U.S. Federal Depository Library Program (FDLP) was defaced over the weekend to show an altered image of President Donald Trump — bloodied, and being struck in the face with a closed fist.

A posting tied to the image stated the page had been “hacked by Iran Cyber Security Group Hackers. This is only [a] small part of Iran’s cyber ability! We’re always ready.” According to news reports, the website was rendered inaccessible in the wake of the hack.

Let’s call it a toe in the water, for now. After all, the internet-equivalent of scribbling across a web page — in this case, tied to a program that provides access to government documents, such as bills and statutes — is hardly crippling.

As reported by CBS News, a spokesperson for the Cybersecurity and Infrastructure Security Agency (CISA), which operates as a division of the Department of Homeland Security (DHS), said, “We are aware [that] the website of the [FDLP] was defaced with pro-Iranian, anti-U.S. messaging. At this time, there is no confirmation that this was the action of Iranian state-sponsored actors. The website was taken offline, and is no longer accessible. CISA is monitoring the situation with FDLP and our federal partners.”

An unnamed senior U.S. official told CBS News that “this is a nothing event. Small, under-resourced agency. A defacement is small-time stakes.”

Small-time stakes, as noted, can become big-time stakes, though, which can eventually become table stakes, where battling over key infrastructure — the energy grid, for example — becomes part of the daily push and pull of geopolitics.

As the DHS said in a statement, “Iran maintains a robust cyber program, and can execute cyberattacks against the United States. Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.”

The cyberwar can be waged in symbolic ways (such as by defacing websites and scrawling messages), as well as create confusion and even fear. They can also, if done with much more malicious intent and skill, probe critical targets. The fact that the weekend attack was carried out by a thus-far-unknown group known as the Iran Cyber Security Group Hackers shows that small groups, perhaps even individuals, can have immediate impact. The impact may be limited to one-off attacks, as pro-Iranian actors probe various weaknesses here, but the impact and headlines are — and will be — there nonetheless.

The attacks will, no doubt, not only take aim at government agencies, but commercial companies. Get ready, then, for a scramble from chief information security officers and their teams to shore up various sites — on-premise and in the cloud.

As quoted by Forbes, Oded Vanunu, a researcher for Check Point Software Technologies, said, “Iran will go for targets that create headlines — health, financial services, social media. The outcome will not be casualties, but hitting reputations, creating fear.”

Past Is Prologue

Beyond fear, let’s take the old adage that “past is prologue” in determining what to expect from Iran, and its proxies, in terms of cyberattacks.

In 2016, seven Iranian hackers were indicted by the U.S. for conducting a coordinated cyberattack on dozens of U.S. banks. They also tried, unsuccessfully, to shut down a New York dam. The indictment charged that the individuals were working on behalf of the Iranian government.

Drilling down a bit, the campaigns targeted 46 financial firms — among them, marquee names such as JPMorgan Chase, American Express and Wells Fargo. In a nod toward attacks on other types of key, everyday services, the telecom giant AT&T was also targeted.

The denial-of-service attacks occurred from 2011 to 2013, and reports at the time said that the attacks from Iran were intended as retaliation for the American-led attack — done through cyber means — on nuclear-enrichment plants tied to the Stuxnet virus, dating back to 2010. Denial-of-service attacks attempt to overwhelm systems with huge volumes of requests, which cause servers to crash. The attack on the dam was a new front in cyberwarfare, as it meant that hackers tried to take over the dam’s controls (the dam, reported The New York Times, was under repair and was offline).

In another, more recent wave of attacks, two Iranian hackers were charged at the end of 2018 with launching hacking sprees on hospitals, with targets that spanned 43 states, collecting $6 million through extortion and causing $30 million in losses. The hackers targeted computer systems at hospitals and healthcare networks, such as Hollywood Presbyterian Hospital, based in Los Angeles. City and local government agencies were also targeted, including the city of Atlanta and the Colorado Department of Transportation.

In another targeted attack in 2014, backed by the Iranian government, hackers broke into the Las Vegas Sands Corporation and wiped out computers, destroying data. In a similar 2012 attack, they managed to cripple 30,000 Saudi Aramco computers.

Cyberattacks may offer a compelling avenue (for Iran) in a world where it is outgunned, literally, in terms of military might. Thousands of years ago, Sun Tzu advised that, in war, a key strategy is to “avoid what is strong, and strike at what is weak.” If past is prologue, where Iran has demonstrated a willingness to probe and strike at perceived weaknesses, we may find out just how robust our cyber defenses can be.