Iran’s Supreme Leader Ayatollah Ali Khamenei wants “harsh revenge” after President Donald Trump ordered the killing of his right hand man, General Qassem Soleimani. Experts are certain that attacks against our computers are soon to be on the way. According to industry analysts Ken Talanian and Kirk Materne of Evercore, “Iran has a long history of politically motivated cyber attacks across the world.”
Even though the Trump administration is convinced Soleimani was to blame for numerous deadly attacks, Iran considered him a national hero. Soleimani was in charge of the elite Quds Force of the Islamic Revolutionary Guards and CNN called him “the country’s second most powerful leader.”
While the Ayatollah will probably think twice about using military force, even through his proxies like Hezbollah, a cyber attack could be carried out without any risk to Iran.
Kiersten Todt, from the Cyber Readiness Institute explains, “Killing Soleimani crossed a significant threshold in the US-Iran conflict. Iranians will certainly try to retaliate — definitely in the region and they will also look at options in our homeland. Of the options available to them, cyber is most compelling.”
Columbia University computer science professor Steven Bellovin agrees a cyber-attack is likely. “First, they’re more deniable. If there is a missile attack on a US base or a diplomat is kidnapped, that’s much more easily traceable. Second, it doesn’t risk your own personnel.”
Iran is known for their hacking capabilities. They have a documented history of “denial of service” type attacks against major banks like JPMorgan Chase, Bank of America and Wells Fargo that left customers unable to log into their accounts or access their money.
Seven Iranians employed by two Iranian companies that worked for the Iranian government were indicted for that in 2016. Since then, Iran’s “capabilities and resources have increased,” Todt notes.
Denial of service attacks aren’t the only thing that Iranian hackers are capable of. They can spy or unleash ransomware attacks. Also, Professor Bellovin points out, the hackers have little chance of breaking into tech giants like Google or Amazon and the NSA, CIA and other government computers are equally out of reach. “But most companies aren’t as good as these,” he adds.
An even scarier scenario would be an attack on a dam or power plant. Iranian hackers accessed the control system of a New York dam in 2013. Ms. Todt is quick to point out that American security is ready. “The US government is aware of the intent and capabilities of Iran and is prepared for its response.” Even so, “we should expect an Iranian attempt against our infrastructure.”
The good news is that the damage isn’t likely to occur right away. “The most important thing to realize is that this is going to be a marathon not a sprint,” cautions Bellovin. “It might take Iran a few years to develop an attack against a particular target.” The real question, his says, is “will people stay alert for that long?”
Another thing experts are certain of is that there will be a violent form of retaliation in addition to any cyber warfare. “Iran has to find the proper response to save face, but not escalate the fight to traditional warfare,” claims analyst Bryson Bort. “I think we’ll see cyber activity increase because it’s easy to do, but it won’t feel settled for them until there has been an equivalent loss of life.”