The United States launched cyberattacks on Iran Thursday, targeting computer systems that control the nation’s rocket and missile launchers. A physical attack was planned for the same day, following Iran’s destruction of an unmanned US drone; President Donald Trump called off that strike, however.
Three officials who spoke anonymously to the Associated Press said the cyberattacks were part of a contingency plan created in the weeks leading up to the strike, following more than a year of mounting tensions between the two countries.
The US exit from the multination Iranian nuclear deal in 2018 put strain on the US-Iran relationship; this pressure was intensified when the Trump administration placed new sanctions and trade restrictions on Iran this year.
Over the past few weeks, the US has accused Iran of attacking ships in the Gulf of Oman (something Iran has denied), and Iran has announced it will no long abide by certain parts of the nuclear deal. The US has moved new troops to the Middle East, and Thursday, Iran shot down a US drone, claiming the device had crossed into its territory (something the Trump administration denies).
Following the destruction of the drone, Trump tweeted that he had prepared, and then called off, a retaliatory military strike over concerns about the death toll.
“We were cocked & loaded to retaliate last night on 3 different sights when I asked, how many will die. 150 people, sir, was the answer from a General. 10 minutes before the strike I stopped it,” Trump tweeted on Friday morning.
The president did allow the cyberattack to go forward, however, perhaps because there would be no casualties.
Personnel from US Cyber Command launched the offensive on Iranian military command and control systems, and according to Yahoo News, a spy group with ties to the Iranian Revolutionary Guard Corps was also targeted:
The group ... has over the past several years digitally tracked and targeted military and civilian ships passing through the economically important Strait of Hormuz, through which pass 17.4 million barrels of oil per day. Those capabilities, which have advanced over time, enabled attacks on vessels in the region for several years.
Much is still unknown about the scope of the attacks, including how much damage the Iranian systems incurred. According to the New York Times, the success of the attack on the control systems could only be gauged if the US were able to observe Iran try and fail to launch a missile.
Even if the attacks were successful, they likely would not represent a critical blow to Iranian cyber capabilities. A similar attack was launched against the Internet Research Agency, an actor in Russia responsible for meddling in the 2016 presidential election. That attack took the Internet Research Agency offline for a time, but the group has resumed its operations.
Iran has yet to officially respond to the attacks, but the nation’s Fars News Agency called US news reports about the strike a “bluff meant to affect public opinion and regain lost reputation for the White House.”
The US hasn’t officially commented on the cyberattack either; the president has not mentioned it in any of his tweets about Iran, and all of the officials who spoke with reporters did so anonymously. When asked, Pentagon spokeswoman Elissa Smith declined to comment on the operation to the Washington Post.
“As a matter of policy and for operational security, we do not discuss cyberspace operations, intelligence or planning,” Smith said.
The digital realm is an emerging front
Cyberattacks could mark a new front in escalating tensions with Iran.
“This is the modern version of what the US Navy has to do to defend itself at sea and keep international shipping lanes free from Iranian disruption,” Thomas Bossert, a former senior White House cybersecurity official in the Trump administration, told the Washington Post.
US Cyber Command was granted new powers by Congress this May and by the president last year, becoming a full combatant command with the ability to launch offensive action without explicit presidential approval. The attack against Iran is one of the command’s first attacks under these new powers; it also reportedly has used its new abilities to conduct operations in Russia’s power grid.
With tensions rising, the Post’s Ellen Nakashima reports the Trump administration has warned industry leaders to be vigilant for retaliatory cyberattacks emanating from Iran:
On Saturday, the Department of Homeland Security issued a warning to U.S. industry that Iran has stepped up its cyber-targeting of critical industries — to include oil, gas and other energy sectors — and government agencies, and has the potential to disrupt or destroy systems.
“There’s no question that there’s been an increase in Iranian cyber activity,” said Christopher Krebs, director of DHS’s Cybersecurity and Infrastructure Security Agency. “Iranian actors and their proxies are not just your garden variety run-of-the-mill data thieves. These are the guys that come in and they burn the house down.”
Gary Brown, the first senior legal counsel for US Cyber Command and a professor on cyber law at the National Defense University, told Yahoo Iran has “really cranked up its capability” in the digital space, following attacks on a uranium enrichment plant that were revealed in 2010 to be caused by a computer worm developed by the US and Israel.
Krebs told the New York Times Iran actively works to infiltrate networks, and that these raids can result in the loss of money, intellectual property, and can even lead to the destruction of the network itself.
Cybersecurity firms CrowdStrike and FireEye say that hackers believed to work for the Iranian government have stepped up these sorts of attacks and others on US infrastructure and government agencies, in part by using spear-phishing tactics (when emails with malicious code masquerade as harmless ones). It is not publicly known whether these attacks have been successful.
While the US may have elected to use a cyberattack against Iran this time, and while it will likely need to remain on guard from digital attacks from Iran and other actors, military strikes are still not off the table. Trump suggested in a tweet that strikes could still come, writing he stopped physical military action “at this time.”
I never called the strike against Iran “BACK,” as people are incorrectly reporting, I just stopped it from going forward at this time!— Donald J. Trump (@realDonaldTrump) June 22, 2019