Cyber war is just a "matter of time": Iran is functional "offline", unlike the USA

Cyber war is just a "matter of time": Iran is functional "offline", unlike the USA

Deutsche Welle asked security experts: What would be the strength of Iran in such a cyber war?

The day after the US drone attack killed Iranian General Qasim Soleimani, the US Department of Homeland Security issued a warning against possible cyber-attacks by Iran and its proxies.

"Iran maintains a robust cyberprogram and can execute cyberattacks against the United States," the advisory read. "Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States." The authorities asked citizens to be prepared for "cyberdisruptions, suspicious emails, and network delays."

Cyber war is just a "matter of time"

Within hours after the warning was issued, a federal government's website was hacked by allegedly Iran-affiliated hackers: they altered the photo of President Donald Trump to look like he was being punched in the face and also paid tribute to the murdered Soleimani.

"Hacked by Iran Cyber Security Group Hackers. This is only small part of Iran's cyber ability! We are always ready," the hackers signed off.

It's not yet known if the hackers were affiliated with Tehran, but the attack on the nondescript US website was consistent with similar intrusions in the past by Iranian hackers. Iran has vowed "forceful revenge" in the aftermath of the killing of Soleimani and cyberwarfare is expected to be a major component of that retaliation. Could the attack of the hackers be a continuation of retaliation?

"I don't think Iran would use cyberattacks as the primary mechanism for revenge but as part of the wider revenge package," Philip Ingram, a former British military intelligence officer, told DW. "It's not if, it's definitely when".

Sophisticated cyber army

Iran is said to have developed advanced cybercapabilities in response to the 2010 Stuxnet virus attack on an Iranian nuclear facility. The attack is widely believed to have been carried out by the US and Israel to derail Tehran's nuclear ambitions, DW reports.

Tehran has since been accused of mounting sophisticated, disruptive cyberattacks on its rivals. The most notable of them was an attack on a Saudi Aramco oil company in 2017. The malware attack forced the company to completely replace the network and all the hardware that was on it.

Iran-affiliated hackers have also been linked to cyberattacks on critical infrastructure, large banks and academic institutions in the United States, including one that saw hackers breach the systems of a dam just outside New York.

"Iran has developed, notably under the watch of late Soleimani, sophisticated cybercapabilities over the past couple of years to compensate for the weak conventional military force of the country and prepare Iran for indirect reprisals," Yana Popkostova, Director at the European Centre for Energy and Geopolitical Analysis, told DW.

Popkostova says Iran will, however, try to avoid a direct military confrontation or state-sponsored cyberwar. "While cyberattacks will be used for sure, they will be done via a proxy, hence allowing plausible deniability of sorts on behalf of the state," she said.

Jens Monrad, head of intelligence at cybersecurity firm FireEye, does not expect an imminent destructive cyberattack by Iran on critical US infrastructure as such attacks require a lot of planning and preparation.

"I don't necessarily foresee that Iran would be able to, let's say, push a red button today and then carry out such an attack," he told DW. " It is probably more likely that we would see attempts to carry out espionage campaigns against government and military operations and organizations to either learn about policies that are in the making or get sensitive information related to future attacks."

Russia to the rescue?

Stung by past attacks, the US has over the years built a robust defense against hackers looking to target critical infrastructure. But the country's greater reliance on the internet to run everything from dams to financial markets makes it more vulnerable to a cyberattack. Iran, 0n the other hand, can still function offline - outside of internet domain.

While Iran's cybercapabilities have come a long way since the Stuxnet attack, they still do not match up to the cyberprowess of countries such as the US, China, Russia and Israel.

"I would put Russia and China into tier-one bracket and when we come to the western nations' capabilities, tier 1 would be the likes of the US, the United Kingdom and Israel." Ingram said. "Iran is slightly behind them principally because it is suffering from a lot of sanctions. It's more difficult for it to get its people trained in the better academic institutions, to get them the technologies and everything else that they need. But they're not completely isolated."

Experts say Iran could potentially make up for its shortcomings by launching cyberattacks in coordination with close ally Russia.

"There's an increasingly close relationship there," Ingram said. "Russia has got an aggressive, active cyber and wider disinformation campaign that's going on out there. If they could use Iran as a plausibly deniable outlet for Russian attacks in different places or use Russian influence to gain access to more Iranian oil and other things, I think that coordinated attacks are distinctly possible if not probable", Ingram concluded.