Debating the Iranian cyber threat
- By Sean Lyngaas
- Apr 17, 2015
Iran has used a sophisticated IT infrastructure to launch a growing number of cyberattacks and is "becoming a serious force in the malware world," according to a new study.
Attacks from Iranian IP addresses have jumped 128 percent from January 2014 to mid-March 2015, according to the report produced by the cyber intelligence firm Norse Corp. and the American Enterprise Institute, a Washington, D.C.-based think tank. Some of this hacking targeted industrial control systems used to run utilities, the report said. The study drew on a Norse's global network of sensors that are connected to millions of IP addresses.
Iran boasts a "cadre of talented software developers" despite sanctions banning technology transfers, the report said. The study also warned that the Iranian government could be "stockpiling" cyber weapons for future use. The U.S. National Security Agency stockpiles great quantities of its own cyber weapons, journalist Shane Harris has reported.
U.S. officials have consistently labeled Iran, China, North Korea and Russia as the nation-states that pose the most acute cyber threat to American interests. Iran has been accused of sponsoring a wave of distributed denial-of-service attacks on the U.S. financial sector in 2011 and 2012, and Director of National Intelligence James Clapper in February said Iran was behind a 2014 cyberattack on a Las Vegas casino company.
The Norse and AEI report comes as Iran, the United States and five other world powers try to reach a final agreement on Iran's nuclear program, and the potential lifting of sanctions on Iran as a result of such a deal would "dramatically increase the resources Iran can put toward expanding its cyberattack infrastructure," the report said. But at an April 17 event promoting the report in Washington, D.C., retired Gen. Keith Alexander, the former head of the NSA and Cyber Command, said Iranian cyberattacks would likely increase regardless of whether sanctions are lifted or not. If sanctions are lifted, the Iranians will have more money to finance cyberattacks, he said; if they remain in place, the Iranians will retaliate with cyberattacks.
And Robert M. Lee, a cybersecurity researcher and PhD candidate at Kings College London who reviewed Norse's data, disputed the report's findings as misleading. What the report considered "attacks" from Iranian IP addresses were "actually Internet scans from locations such as Iranian universities and hospitals," wrote Lee, who is an active-duty Air Force cyber warfare operations officer.
Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Prior to joining FCW, he was a reporter and editor at Smart Grid Today, where he covered everything from cyber vulnerabilities in the U.S. electric grid to the national energy policies of Britain and Mexico. His reporting on a range of global issues has appeared in publications such as The Atlantic, The Economist, The Washington Diplomat and The Washington Post.
Lyngaas is an active member of the National Press Club, where he served as chairman of the Young Members Committee. He earned his M.A. in international affairs from The Fletcher School of Law and Diplomacy at Tufts University, and his B.A. in public policy from Duke University.
Click here for previous articles by Lyngaas, or connect with him on Twitter: @snlyngaas.