Iran vows "revenge" over US killing of Soleimani (Credit: Nasser Nasser/AP)
Iran vows "revenge" over US killing of Soleimani (Credit: Nasser Nasser/AP)
One day after the killing of Iran's Major General Qassem Soleimani in a US drone strike, a group claiming to be Iranian hackers breached the website of a US government agency and posted messages vowing revenge.
The website of the Federal Depository Library Program was replaced with a page titled "Iranian Hackers!" that displayed images of Iran's supreme leader Ayatollah Ali Khamenei and the Iranian flag.
"Martyrdom was (Soleimani's)... reward for years of implacable efforts," read a graphic depicting US President Donald Trump being punched by a fist coming from Iran as missiles fly by.
"This is only small part of Iran's cyber ability! We're always ready. To be continues(sic)" another caption read on the black page.
Analysts are now warning that cyberattacks of a far more damaging kind could be the form of“revenge” that Iran will take for the killing of their top military strategist and national hero.
Screen grab of the hacked US Federal Depository Library Program website (Credit: www.fdlp.gov Federal Depository Library Program / AFP)
Screen grab of the hacked US Federal Depository Library Program website (Credit: www.fdlp.gov Federal Depository Library Program / AFP)
Dr Susan Landau, American cybersecurity policy expert and professor at Tufts University, told CGTN that "the Iranians may respond with a cyberattack…but one has to look at the context…unless the Iranians can respond in force, cyber may not be the best form of response for them."
"They would want a very expensive, highly disruptive attack (such as) shutting off electricity in a US region for days," Landau said.
Cybersecurity experts have warned that further escalation in hostilities could result in complete cyber warfare.
Cyberattacks are not new, but analysts believe Tehran has stepped up its capacity to attack key Western cyber infrastructure and has even built up a so-called "cyber army" that pledges allegiance to the Islamic Republic.
Last year, US federal officials issued an intelligence report in which it warned that "Iran continues to present a cyber espionage and attack threat."
The January 2019 report presented by the Director of National Intelligence stated that Iran has been preparing cyberattacks "capable of causing localized, temporary disruptive effects—such as disrupting a large company's corporate networks for days to weeks."
Cybersecurity firm FireEye says that Iranian government-aligned hackers like APT33 stepped up their efforts after Donald Trump pulled America from the nuclear deal. (Credit: Jon Gambrell/AP)
Cybersecurity firm FireEye says that Iranian government-aligned hackers like APT33 stepped up their efforts after Donald Trump pulled America from the nuclear deal. (Credit: Jon Gambrell/AP)
Iran-US: A history of cyberattacks
While Iran's cyber capabilities may not be among the world's most potent, its cyberattacks on US and other targets have shown them to be capable and destructive.
Loic Guezo, head of French information security group Clusif, said Iran's cyberattacks above all sought to damage industrial targets such as dams or power stations.
"What is feared here is the impact on society -- electricity cuts, poisoning, gas leaks, explosions, transport chaos and hospitals," he told AFP.
Hacking oil companies, disrupting banking and defacing US federal websites have been some of the successful cyberattacks carried out by Iran over the past few years.
Here's a timeline of successful cyberattacks allegedly carried out by the US and Iran on each other.
July 2010:
The most famous cyberattack against Iran was the unleashing of malicious computer worm, Stuxnet, which Iran accused the US and Israel of deploying. The malware was built to attack industrial systems used to monitor automated plants – from food and chemical facilities to power generators. Stuxnet was responsible for causing substantial damage to Iran's nuclear program. It is thought to have infected nearly 63,000 computers in Iran. Neither the US or Israel openly admitted responsibility.
April – May 2012:
The "Wiper" virus was also a piece of malware that spread through the Iranian Oil Ministry and National Iranian Oil Company, forcing Iran to take several oil terminals offline. Iran also admitted that another virus, dubbed "Flame" had infected government computers and was being used for targeted cyber espionage to steal data. Reuters says evidence suggests that those responsible for the virus were the same nation or nations which deployed Stuxnet.
A gas flare burns in part of South Pars gas field on the northern coast of the Persian Gulf in Iran. (Credit: Vahid Salemi/AP)
A gas flare burns in part of South Pars gas field on the northern coast of the Persian Gulf in Iran. (Credit: Vahid Salemi/AP)
August 2012:
The "Shamoon" virus was used against Saudi Arabia's oil company Saudi Aramco to attack 35,000 workstations, forcing the company to spend more than a week restoring their services. The virus erased three-quarters of all corporate computers owned by Saudi Aramco and replaced the data with an image of a burning American flag. Reuters reported that cybersecurity experts claimed the attacks were likely conducted by hackers working for the Iranian government.
September 2012:
Operation Ababil was a series of cyberattacks targeting American financial institutions carried out by a group called the Cyber fighters of Izz Ad-Din Al Qassam. The distributed denial-of-service attack (DDoS) targeted the New York Stock Exchange and a number of major American banks including J.P. Morgan Chase. The result of the attacks was a disruption of the targeted websites. The Washington Post reported that the Iranian government was behind the attack, citing U.S. Senator Joseph I. Lieberman who believed Iran was sponsoring the group's attacks.
2013:
Iranian hackers hacked into a New York dam and managed to get control of the flood gates according to The Wall Street Journal. The cyberattack was not thought to be extremely intrusive, but revealed information on the computerized flood control system. The US charged seven hackers they say were tied to the Iranian government.
The Bowman Avenue Dam in Rye Brook, N.Y. was reportedly the target of Iranian hackers. (Credit: Seth Wenig/AP)
The Bowman Avenue Dam in Rye Brook, N.Y. was reportedly the target of Iranian hackers. (Credit: Seth Wenig/AP)
February 2014:
The US government blamed Iranian hackers for targeting American billionaire Sheldon Adelson's casino company, Las Vegas Sands Corp. The attack resulted in customer data being stolen including credit card details, Social Security numbers and driver's license numbers. It also reportedly wiped hard drives clean and shut down communications systems.
March 2018:
The US said Iranians were responsible for a ransomware attack known as "SamSam" that crippled several US states. The 34-month long hacking scheme caused havoc in hospitals, schools, companies and government agencies, including the cities of Atlanta, Georgia, and Newark, New Jersey. It caused over $30 million in losses to victims and allowing the alleged hackers to collect over $6 million in ransom payments. The US indicted two Iranian hackers who they said were responsible for the attack.
Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27, are accused of creating ransomware known as SamSam. (Credit: Jose Luis Magana/AP)
Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27, are accused of creating ransomware known as SamSam. (Credit: Jose Luis Magana/AP)
June 2019:
A US cyberattack was conducted against Iran in response to the downing of a US Navy drone and attacks against oil tankers in the Strait of Hormuz. US officials said the attack wiped out a critical Revolutionary Guards database used by Tehran to plan further oil tanker attacks.
September 2019:
The US carried out a "secret" cyberattack against Iran after Tehran was accused of a drone and missile attack against Saudi oil facilities. US officials told Reuters the operation targeted physical hardware related to Iran's ability to disseminate propaganda.
Tensions between Iran and the US are showing no signs of abating as the entire region watches with bated breath.
A day after the US said it will deploy 3,000 more Army troops to the Middle East, President Trump warned that Washington is targeting 52 sites in Iran and will hit them "very fast and very hard" if the Islamic republic attacks American personnel or assets.
With Iran's vow of "severe revenge", analysts are warning the US to prepare for a fallout of any size or shape.
"It all goes back to whether this is worth it to the Iranians," says cybersecurity expert Dr Susan Landau.
"Cyber gives them a way to attack from a distance and that's an advantage. But they may not have the capability to hurt the US commensurate with General Soleimani's death, and they may choose to take other actions instead."
Iranian lawmakers chant anti-American and anti-Israeli slogans to protest against the U.S. killing of top Iranian general Qassem Soleimani (Credit: Mohammad Hassanzadeh/Tasnim News Agency via AP)
Iranian lawmakers chant anti-American and anti-Israeli slogans to protest against the U.S. killing of top Iranian general Qassem Soleimani (Credit: Mohammad Hassanzadeh/Tasnim News Agency via AP)
In the case of a full-blown cyber war, experts are saying that there is a range of possible tactics for Iran to use, either building on previously used attacks, or using new cyberattacks that have not yet been seen.
"The US has become better at handling DDoS attacks, a technique the Iranians used against US banks in 2012-2013 to keep them offline," says Landau.
"But security hasn't kept pace with systems going online, so there are plenty of vulnerable systems out there, including ones whose going down would be highly disruptive to society, including possibly causing deaths."
Experts have also warned that cyberattacks could come in the form of online disinformation and propaganda spreading on all forms of social media, to disseminate messages sympathetic to Iran.