Iran is rapidly emerging as the sixth member of the cyber superpower club. Denuded of its nuclear ambitions by the landmark deal struck last year to limit uranium and plutonium enrichment, some fear Tehran will wield its cyber arsenal as an equally long-range weapon with which to menace its adversaries, The FT’s Sam Jones reports:
In December 2014, Cylance, a US cyber security firm, informed its clients of the activities of Iranian hackers engaged in a project it called Operation Cleaver. Based on a forensic analysis of the hackers’ activities, Cylance pointed to a group that dubbed itself “Tarh Andishan” — “the thinkers” in Farsi — as being behind the action. Thanks to domains, IP and residential addresses used by the hackers in Tehran the research pointed to government-backed organisations as being ultimately responsible.
Cylance declared Iran “the new China” for its aggressive actions in cyber space. Its report detailed a sophisticated online campaign, tracked over two years, that was using custom-built malware to deliberately infect and gain access to sensitive industrial control systems and critical infrastructure in companies across the globe.
“Before the [nuclear] deal, cyber was just one option they used for leverage, but now, post deal, it is even more central to their toolkit,” says one senior Middle Eastern intelligence official. “Iran is poised to do something in cyber that will change the way the world looks at it . . . the US knows this. [The US] saw what they [Iran] did during the agreement and they know what they are doing after it.”
Much of Iran’s capability in cyber space stems from its efforts to control dissent and monitor émigrés in the wake of protests triggered by the flawed 2009 election and emergence of the Green movement, Jones adds:
The Basij militias (right) — the paramilitary, pro-regime forces under the direction of the IRGC — that were crucial in suppressing those protests are now a critical part of Iran’s cyber force… A Basij Cyber Council mobilises “hacktivists” within the Basij — often drawing from Iran’s large pool of young, computer-literate students — to further the Islamic Republic’s message both internally and externally. It is these groups that are responsible for much of the cruder and more belligerent activity in cyber space — defacing websites and attacking US, Saudi or Israeli companies with denial of service attacks, for example. While they are nurtured and encouraged by the IRGC, there is not necessarily a rigid command structure behind their activities. That makes them unpredictable — and difficult to deter.
“[Cyber] is folded into the larger context of political and military relationships that the [Iranian] leadership has to sit down and calculate, ‘When do I want to do this?’” says Jim Lewis, director of technology and public policy at the Washington-based Center for Strategic and International Studies.
One of the groups targeted by the regime’s ‘cyber army’ is Tavaana, a civic education project for Iran which engages many millions of Iranians inside Iran each week via social media, providing educational resources alongside updates on civic protests and dissident activities while also circulating info on the Iranian regime’s human rights violations.