Without nuclear pact, US expects resurgence in Iranian cyber attacks

Iranian hackers have in recent years demonstrated that they have an increasingly sophisticated arsenal of digital weapons.
Iranian hackers have in recent years demonstrated that they have an increasingly sophisticated arsenal of digital weapons. PHOTO: REUTERS

WASHINGTON • Inside the Pentagon's cyber warfare unit, analysts have been closely monitoring Internet traffic out of Iran. About 10,000km away, Israel's elite cyber intelligence Unit 8200 has been running war games in anticipation of Iranian strikes on Israeli computer networks.

Government and private-sector cyber security experts in the United States and Israel worry that President Donald Trump's decision to pull out of the Iran nuclear deal will lead to a surge in retaliatory cyber attacks from Iran.

Within 24 hours of Mr Trump announcing last Tuesday that the US would exit the deal, researchers at security firm CrowdStrike warned customers they had seen a "notable" shift in Iranian cyber activity. Iranian hackers were sending e-mails containing malware to diplomats who work in the foreign affairs offices of US allies and employees at telecom companies, trying to infiltrate their computer systems.

And security researchers discovered that Iranian hackers, most likely in an intelligence-gathering effort, have been quietly probing Internet addresses that belong to US military installations in Europe over the last two months. Those researchers would not publicly discuss the activity because they were still in the process of warning the targets.

Iranian hackers have in recent years demonstrated that they have an increasingly sophisticated arsenal of digital weapons. But since the nuclear deal was signed three years ago, Iran's Middle Eastern neighbours have usually been those hackers' targets.

Now cyber security experts believe that list could quickly expand to include businesses and infrastructure in the US. Those concerns grew more urgent last Thursday after Israeli fighter jets fired on Iranian military targets in Syria, in response to what Israel said was a rocket attack launched by Iranian forces.

"Until today, Iran was constrained," said Mr James A. Lewis, a former government official and cyber security expert at the Centre for Strategic and International Studies in Washington.

"They weren't going to do anything to justify breaking the deal. With the deal's collapse, they will inevitably ask, 'What do we have to lose?'"

The warnings from Mr Lewis were echoed by nearly a dozen current and former US and Israeli intelligence officials and private security contractors contacted by The New York Times.

"With the nuclear deal ripped up, our nation and our allies should be prepared for what we've seen in the past," General Keith Alexander, former director of the National Security Agency, said in an interview last Friday.

Over the years, state-backed Iranian hackers have showed both the proclivity and skill to pull off destructive cyber attacks. After the US tightened economic sanctions against Teheran in 2012, state-supported Iranian hackers retaliated by disabling the websites of nearly every major US bank with what is known as a denial-of-service attack. The attacks prevented hundreds of thousands of customers from accessing their bank accounts.

But after the nuclear deal with Teheran was signed, Iran's destructive attacks on US targets cooled off. Instead, its hackers resorted to traditional cyber espionage and intellectual property theft.

"We're probably one of the most automated technology countries in the world," said Gen Alexander.

"We are an innovation nation and our technology is at the forefront of that innovation. We could have a very good offence, but so do they. And unfortunately, we have more to lose."

NYTIMES

A version of this article appeared in the print edition of The Sunday Times on May 13, 2018, with the headline 'Without nuclear pact, US expects resurgence in Iranian cyber attacks'. Print Edition | Subscribe