President Donald Trump came within minutes of starting another war in the Middle East last week when he ordered, and then abruptly canceled, a missile strike against Iranian bases. Instead, he launched another strike: a long-planned cyberattack, designed to quietly cripple Iran’s missile defense systems.
Anonymous U.S. officials claimed an instant victory, although Iran insists it failed to penetrate its systems.
The impact of last week’s attacks may remain up for debate, but a consensus among security experts is abundantly clear: Tehran will hit back, targeting both U.S. government sites and private companies with rudimentary but effective cyberattacks.
"Its simplicity belies its effectiveness,” said Sergio Caltagirone, a former NSA hacker who now works for Dragos, a cybersecurity firm that specializes in protecting industrial systems.
“And that is what those of us in the information security field are most concerned about — a lot of organizations who can't protect themselves even against simple attacks that are effective. There is a swathe of targets available to [Iran] with very simple tools and techniques."
In the wake of the American attack on Iran’s missile systems, some experts worried Tehran would respond in kind:
But most cyber analysts don’t think U.S. missile systems are in any real danger.
“Iranian hackers don't have the capability that I'm aware of to disrupt U.S. missile systems,” Michael Carpenter, who served on the national security council during the Obama administration, told VICE News.
Caltagirone agreed, saying that while some external systems may be vulnerable, there is little danger to core networks.
"They do have the ability to cause some disruption in military systems, but I would say the ability for them to disrupt the military command and control across the U.S. armed forces is quite low, given how complex and fortified those systems are," he said.
Instead, analysts expect Iran to focus on easier targets, namely; U.S. infrastructure like oil, gas and electricity companies and private industry.
Such attacks would be well-tread territory for Iran.
After U.S. and Israeli hackers launched a crippling Stuxnet attack on the Natanz uranium enrichment facility in 2010, Iran responded with a spread of rudimentary attacks on major U.S. banks over an 18-month period.
The DDoS attacks wreaked havoc on JP Morgan, Bank of America, and Capital One, leaving hundreds if thousands of customers unable to access their accounts for hours-long stretches over multiple days. The attacks also affected the New York Stock Exchange and the Nasdaq.
Iranian hackers have continued to target U.S. infrastructure and businesses since.
- In 2013 Iranian hackers remotely took control of the command-and-control network of a dam just outside New York.
- In 2014, Iranian hackers were behind an attack on one of Sheldon Adelson’s Las Vegas casinos after the billionaire advocated the use of nuclear weapons against Iran.
- In 2018, Iranian hackers were blamed for crippling the city of Atlanta with SamSam ransomware. The attacks cost the city millions to clean-up.
The Iranian regime has denied involvement in all of these attacks, but they haven’t been shy about their intentions for the U.S. under Trump. In May, Tehran announced that it would use cyberattacks against U.S. targets as a countermeasure for Trump’s latest round of economic sanctions.
“U.S. civilian government systems are very weak”
They may now be making good on those promises. Last week, researchers at U.S. cybersecurity firms FireEye and Crowdstrike said they had observed suspected Iranian state-sponsored hacking attempts to access government networks and those of private industry targets using spear-phishing attacks.
Such concerns were shared this week by Chris Krebs, the director of DHS' Cybersecurity and Infrastructure Security Agency, who told NPR on Monday that he’d seen “a significant increase in targeting by Iranian actors of U.S. agencies, U.S. industry.”
As the recent spike in ransomware attacks has shown, there are numerous government and private companies vulnerable to outside attacks.
“U.S. civilian government systems are very weak,” Richard Clarke, cybersecurity czar for the Bush and Clinton administrations, told VICE News, “but I also believe they will go after private sector companies and critical infrastructure.”
Cover: President Donald Trump speaks after signing an executive order to increase sanctions on Iran, in the Oval Office of the White House, Monday, June 24, 2019, in Washington. Trump is accompanied by Treasury Secretary Steve Mnuchin, left, and Vice President Mike Pence. (AP Photo/Alex Brandon)