The Iranian Cyber Threat can no Longer be Underestimated

Iran may not be a cyber superpower, but it has been making a concentrated effort over recent years to strengthen its position in the field. The aid from China and Russia, the loyalty of hundreds of volunteer hackers, and its audacity make it an enemy that should be reckoned with

Doron Peskin 11:2529.05.20
Last week's cyberattack during which a screensaver showing Tel Aviv going up in flames supplanted hundreds of Israeli websites may have been an unpleasant reminder of anti-Israeli sentiment, but it didn't cause any irreversible damage. The obvious suspect was, of course, Iran, but that suspicion was quickly dispelled with the understanding that the attack was extremely unsophisticated. The experts explained that if it were Iran, the attack would have aimed to cause significant damage to infrastructure, similar to its attempts two weeks ago when it tried to cyberattack Israel's water systems.


The unfolding of recent events teaches us a thing or two about Iran's improvement in the field of cyber. Iran may still be far behind Israel and other cyber superpowers, but it continues to evolve and develop new abilities. In addition, it is displaying a growing audacity in using these abilities against its sworn enemies — Israel, the U.S. and Saudi Arabia. Over recent years, the country has been making a clear effort to develop both defensive and offensive capabilities in virtual space, something which can be seen in the allocation of resources and the creation of a clear organizational structure to consolidate its efforts.


Supreme Leader Ali Khamenei ordered in 2012 to set up the Supreme Council of Virtual Space. Photo: Reuters Supreme Leader Ali Khamenei ordered in 2012 to set up the Supreme Council of Virtual Space. Photo: Reuters


Iran's increased cyber effort is part of the perception among senior officials that the virtual space is an important component in Iran's national security. The Iranians are acting according to the assessment that the conflict in the coming years will demand advanced cyber capabilities that would allow Teheran to solidify its position as a regional superpower. And when the cyber capabilities of international superpowers the likes of China and Russia are available to Iran, this is a threat that clearly can't be underestimated.


The first advance in the field of cyber in Iran came following the 2009 civil unrest after which it was decided to set up a police cyber department. Its official role, like in most countries, was to act against crimes and fraud taking place online, but in truth their hackers actually focused on collecting information from internet providers on those suspected to be opposed to the Ayatollah’s regime. Another advance occurred in the second half of 2010 after Iran's nuclear facility in Bushehr was attacked by a malicious computer worm Stuxnet, believed to be a cyberweapon built jointly by the U.S. and Israel.


Iran's cyber efforts are currently coordinated by three military bodies: The Revolutionary Guards, The Basij and the National Passive Defense Organization. Above all these and with the aim of coordinating the different activities in the field, Supreme Leader Ali Khamenei ordered in 2012 to set up the Supreme Council of Virtual Space. The council is in charge of the country's internet policy and includes representatives from the Islamic Republic's executive branch (the president), the legislative branch (the parliament) and the judicial system. In addition, the Revolutionary Guard is also represented, as are the police and the ministries of intelligence, culture and communications.


Like in most aspects of life in Iran, the cyber department of the Revolutionary Guard is the most significant and has the most resources. The budget of the Revolutionary Guard's cyber department was estimated at around $80 million a year around a decade ago, but has likely multiplied several times since. The experts that belong to the Guard's cyber department are the ones responsible for Iran's attacks against Israel, the U.S. and Saudi Arabia over recent years. These attacks usually took place under different aliases in order to cover up the direct connection to the Guards. The Revolutionary Guards also use private companies and supposedly innocent research centers in order to conceal the direct connection to the regime. One of the clearest examples of this is the Mabna Institute, the heads of which were charged by the U.S. in 2018 with conducting a massive cyber theft campaign on behalf of the Islamic Revolutionary Guard, penetrating systems belonging to hundreds of universities, companies and other victims to steal research, academic and proprietary data, and intellectual property.


The Basij, a paramilitary volunteer militia that answers to the Revolutionary Guard, set up its own cyber council in 2014. This branch focuses mainly on activity within Iran, including removing websites and content published by ant-regime activists. Cyberattacks have also been attributed to the Besij, although less sophisticated than the ones conducted by the Revolutionary Guard. The heads of the Basij boasted in the past that their cyber branch includes over 100,000 volunteers, mostly students that identify with the regime's conservative religious approach.


The National Passive Defense Organization was set up in 2010. The target of this organization is to minimize as much as possible the damage the country's infrastructure would suffer in case of a war or a massive attack on Iran. Iranian experts have also been training a new generation of hackers in recent years belonging to organizations like Hamas, Hezbollah and militias loyal to the Assad regime in Syria.


Iran is no longer content with developing its defensive cyber capabilities and is determined to prove to the world that it can cause its enemies significant economic damage. A significant turning point occurred in December 2011 when the Iranians managed to capture a U.S. Sentinel unmanned aerial vehicle (UAV) via its cyberwarfare unit which commandeered the aircraft and landed it safely.


In 2012, the country committed one of the largest cyberattacks in history at the time against the computers of Saudi Arabia's national oil company Saudi Aramco. Within several hours, as many as 35,000 computers belonging to the company were disabled, disconnecting Aramco and creating a concern that the company, which is responsible for the production of around 10% of the world's oil, would have to shut down its operations.


During 2014, the Iranians hacked into the computer network of the Sundance Casino in Las Vegas belonging to staunch Israel supporter, Sheldon Adelson. The U.S. intelligence announced a year later that the Iranian government was behind the cyberattack in which personal information of casino clients, including credit card details, were stolen.


Other attacks of smaller magnitude against Aramco and other companies have also taken place over recent years. Nevertheless, it seems the Iranians are using the cyberattacks largely in response to American actions rather than initiating them. That was the case following the killing of Qasem Soleimani, commander of the Revolutionary Guards' Quds Force, after which it was reported in the U.S. that attempts to infiltrate computer systems of American power plants were prevented.


The writer is the manager of Concord.