What will an Iranian Cyber Attack on the US Look Like?

As a result of the recent assassination of Iranian General Qasem Soleimani by the United States there has been a major uptick in cyber activity by Iran aka the Kittens. This should come as no surprise because Iran would like to take some retaliatory measures, and a kinetic response is more or less off the table. This leaves cyber as their only current recourse.

Knowing the Kittens are engaging in cyber threat activity, what will an Iranian cyber attack against the United States actually look like? Fred Guterl of Newsweek thinks the following is reasonable:

The most worrying cyber threat from Iran are those that could result in a loss of life. In this respect, Iran is capable of using hackers to support some kind of conventional military action, such as a bombing or the assassination of an individual or a kidnapping. It could also use cyber espionage or data collection techniques to monitor the movement of troops, ships or planes in the Middle east and target them for attack.

To conduct a targeted assassination, Iran would need to bring together a variety of streams of intelligence. Infecting mobile phones with malware would give it access to a cornucopia of information—including potentially the real-time whereabouts of targets. A phone hack could provide what experts call "pattern of life" information—where an individual tends to go, and when—that could be used to predict a target's whereabouts. By gaining access to phone calls, emails, text message and contact lists, hackers could even manipulate a target to walk unwittingly into a trap. "Iran has conducted many targeted killings abroad through its proxies and, perhaps, directly," says Bateman. "In 2020 that would include a cyber element. Any state would use that."

He goes on to add the following to his hypothetical:

Although Iran doesn't have the kind of massive misinformation apparatus in place to sow division, the way Russia did in the run-up to 2016, it's conceivable that Iran could seek to influence the 2020 election, if it wanted to, by other means. Iran has good cyber-attack chops in breaking and entering computer systems. These skills could be useful for finding and leaking sensitive information—similar to Russia's hack of the Democratic National Committee in 2016. Security experts suspect that Iran was behind the 2015 attack on the Saudi Ministry of Foreign Affairs, which uncovered confidential diplomatic cables that were subsequently leaked, according to Bateman.

And this as well:

Disrupting corporations is both in character for Iran and well within its current cyber capabilities. Although Iran wouldn't be able to make much headway with tech giants like Apple, Google, Facebook, Amazon and Microsoft, myriad other organizations are vulnerable to hacking, including many banks, chemical plants, oil refineries, pharmaceutical companies, water treatment plans and the electrical grid. It's likely that Iran has been installing malware in such organizations over the past decade, to lie dormant for many years until the right moment. "It's called 'preparing the battlefield'," says Steven Bellovin, a computer-science professor at Columbia University in New York who consults for defense organizations. "You wait, like sleeper cells, until you have three or four chemical plants and a couple of power plants, and then you act."

Of the three suggestions, I find the one buried deepest in the article to be the most plausible. Iran is well known for attacking critical infrastructure like oil and gas refineries, and the electrical grid. Their strength is not in loss-of-life nor English-focused disinformation campaigns. This is not to say they could not pull off either of the latter two scenarios, I just do not find either of those threats credible.

Iran has already commenced online trolling and geopolitical campaigns similar to what Russia accomplished during the 2016 US Presidential Election, but there have not been any signs these are producing anything of value ... yet. The US electrical grid - like most around the globe - is scary. The speed in which these networks have been connected to the internet coupled with their lack of security controls, and expertise to make the right cyber defense decisions, is astounding. It is amazing nothing major has happened in the US to-date.

Maybe Iran will be the first nation state adversary to conduct a true cyber attack against the US electrical grid? If that does occur, the lights will surely go dark that night.

Show Comments