Cybersecurity

Debating the Iranian cyber threat

Shutterstock image (by Aleksandar Mijatovic): Iranian flag.

(Image: Aleksandar Mijatovic / Shutterstock)

Iran has used a sophisticated IT infrastructure to launch a growing number of cyberattacks and is "becoming a serious force in the malware world," according to a new study.

Attacks from Iranian IP addresses have jumped 128 percent from January 2014 to mid-March 2015, according to the report produced by the cyber intelligence firm Norse Corp. and the American Enterprise Institute, a Washington, D.C.-based think tank. Some of this hacking targeted industrial control systems used to run utilities, the report said. The study drew on a Norse's global network of sensors that are connected to millions of IP addresses.

Iran boasts a "cadre of talented software developers" despite sanctions banning technology transfers, the report said. The study also warned that the Iranian government could be "stockpiling" cyber weapons for future use. The U.S. National Security Agency stockpiles great quantities of its own cyber weapons, journalist Shane Harris has reported.

U.S. officials have consistently labeled Iran, China, North Korea and Russia as the nation-states that pose the most acute cyber threat to American interests. Iran has been accused of sponsoring a wave of distributed denial-of-service attacks on the U.S. financial sector in 2011 and 2012, and Director of National Intelligence James Clapper in February said Iran was behind a 2014 cyberattack on a Las Vegas casino company.

The Norse and AEI report comes as Iran, the United States and five other world powers try to reach a final agreement on Iran's nuclear program, and the potential lifting of sanctions on Iran as a result of such a deal would "dramatically increase the resources Iran can put toward expanding its cyberattack infrastructure," the report said. But at an April 17 event promoting the report in Washington, D.C., retired Gen. Keith Alexander, the former head of the NSA and Cyber Command, said Iranian cyberattacks would likely increase regardless of whether sanctions are lifted or not. If sanctions are lifted, the Iranians will have more money to finance cyberattacks, he said; if they remain in place, the Iranians will retaliate with cyberattacks.

And Robert M. Lee, a cybersecurity researcher and PhD candidate at Kings College London who reviewed Norse's data, disputed the report's findings as misleading. What the report considered "attacks" from Iranian IP addresses were "actually Internet scans from locations such as Iranian universities and hospitals," wrote Lee, who is an active-duty Air Force cyber warfare operations officer.

About the Author

Sean Lyngaas is a former FCW staff writer.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.