Debating the Iranian cyber threat
- By Sean Lyngaas
- Apr 17, 2015
Iran has used a sophisticated IT infrastructure to launch a growing number of cyberattacks and is "becoming a serious force in the malware world," according to a new study.
Attacks from Iranian IP addresses have jumped 128 percent from January 2014 to mid-March 2015, according to the report produced by the cyber intelligence firm Norse Corp. and the American Enterprise Institute, a Washington, D.C.-based think tank. Some of this hacking targeted industrial control systems used to run utilities, the report said. The study drew on a Norse's global network of sensors that are connected to millions of IP addresses.
Iran boasts a "cadre of talented software developers" despite sanctions banning technology transfers, the report said. The study also warned that the Iranian government could be "stockpiling" cyber weapons for future use. The U.S. National Security Agency stockpiles great quantities of its own cyber weapons, journalist Shane Harris has reported.
U.S. officials have consistently labeled Iran, China, North Korea and Russia as the nation-states that pose the most acute cyber threat to American interests. Iran has been accused of sponsoring a wave of distributed denial-of-service attacks on the U.S. financial sector in 2011 and 2012, and Director of National Intelligence James Clapper in February said Iran was behind a 2014 cyberattack on a Las Vegas casino company.
The Norse and AEI report comes as Iran, the United States and five other world powers try to reach a final agreement on Iran's nuclear program, and the potential lifting of sanctions on Iran as a result of such a deal would "dramatically increase the resources Iran can put toward expanding its cyberattack infrastructure," the report said. But at an April 17 event promoting the report in Washington, D.C., retired Gen. Keith Alexander, the former head of the NSA and Cyber Command, said Iranian cyberattacks would likely increase regardless of whether sanctions are lifted or not. If sanctions are lifted, the Iranians will have more money to finance cyberattacks, he said; if they remain in place, the Iranians will retaliate with cyberattacks.
And Robert M. Lee, a cybersecurity researcher and PhD candidate at Kings College London who reviewed Norse's data, disputed the report's findings as misleading. What the report considered "attacks" from Iranian IP addresses were "actually Internet scans from locations such as Iranian universities and hospitals," wrote Lee, who is an active-duty Air Force cyber warfare operations officer.
Sean Lyngaas is a former FCW staff writer.