The Iranian government recently conducted a major cyber attack on a major U.S. financial institution that a military intelligence report said is a sign Tehran is waging covert war against the West.
The cyber attack was not successful but was one of several Iranian-backed electronic strikes detected in recent months that highlights the growing threat from Tehran, a major backer of international terrorism, according to a recent report by the Joint Staff intelligence directorate, known as J-2.
“Iran’s cyber aggression should be viewed as a component, alongside efforts like support for terrorism, to the larger covert war Tehran is waging against the west,” the report, dated Sept. 14, concluded.
Iran’s hostile posture against the United States is well known. However, the Joint Staff J-2’s hawkish assessment of the Iranian threat contrasts sharply with the more conciliatory policies of the Obama administration, a defense official familiar with the report said. For Pentagon’s J-2 to acknowledge in the internal report that a covert war is underway was unusual, the official added.
Since 2009, the administration has avoided supporting the Iranian opposition groups that took to the streets to opposed rigged elections. The administration also opposes a near-term Israeli military strike on Tehran’s nuclear facilities favoring instead the use of economic sanctions, which critics say have not slowed Iran’s drive to develop a nuclear weapons capability.
The International Atomic Energy Agency reported earlier this month that Iran is building up stockpiles of enriched uranium and continues to stonewall the U.N. nuclear watchdog on its nuclear arms-related work.
No other details were available on the previously undisclosed attempted Iranian financial cyber attack.
A Joint Staff spokesman declined to comment.
In the past, China and Russia were singled out as major nation-state cyber threats, using their militaries and intelligence services to conduct sophisticated cyber-espionage and preparation for future cyber sabotage in a conflict.
Now, Iran is emerging as a strategic threat to U.S. cyber systems that control critical infrastructure such as military systems, financial networks, communications, the electrical power grid, transportation networks, and other vital functions.
“They're technically proficient, well-funded, and have placed a top priority on cyber defense and offense thanks in large part to the high number of sophisticated malware discovered on their oil and energy networks,” said Jeffrey Carr, a cyber warfare specialist.
Iran’s official computer emergency response team is a respected organization in the information security community, he said, noting, “Some Iranian hackers have demonstrated a high level of proficiency.”
Director of National Intelligence James Clapper said during Senate testimony in February that “Iran’s intelligence operations against the United States, including cyber capabilities, have dramatically increased in recent years in depth and complexity.”
Dmitri Alperovitz, another cyber security expert, told NPR in April that Iranian cyber attack capabilities are growing.
"There is a great deal of worry in terms of what they may be able to do if they're pushed to the brink," Alperovitz said. "If they believe the regime is threatened, if they believe they're about to be attacked, [they may consider] how can they employ cyber weapons, either to deter that attack or to retaliate in a way they can't do militarily."
Former Defense Secretary Robert M. Gates told a security conference recently that U.S. military power is a deterrent for “most nation-states [who] have no more interest in conducting an easily traceable and highly destructive cyber attack than they do a conventional military one.”
However, terrorist groups “have no such hesitation,” Gates said, according to Infosecurity Magazine.
“With few assets to strike back at, they are hardly deterred,” Gates said. “If a terrorist group gains a disruptive and destructive [cyber] capability, we have to assume it will strike with little hesitation. So in cyber we have a small window of opportunity to act before the most malicious actors acquire the most destructive technologies.”
Iran’s support for international terrorism is better known than its cyber warfare capabilities.
The FBI linked Iran’s government to a failed plot to assassinate the Saudi ambassador to the United States in October 2011. Tehran also supports the Lebanese terrorist group Hezbollah, which has conducted numerous deadly terrorist attacks in the Middle East and other part of the world.
The Treasury Department in February identified Iran’s intelligence service as taking part in “multiple joint projects with Hezbollah in computer hacking.”
The Iranian Ministry of Intelligence and Security, along with the Islamic Revolutionary Guards Corps, have been linked by Treasury to the Palestinian terrorist group Hamas, and have provided help to al Qaeda terrorists, including the provision of documents, identification cards, and passports. Iran also has supported the terrorist group Al Qaeda in Iraq, the Treasury Department said in a Feb. 16 statement.
In July, after reports surfaced that the United States was involved in cyber attacks on Iranian nuclear facilities, an Iranian official told the official IRNA news agency that Iran would make a decisive response to U.S. cyber attacks. “If the vain American cyber attacks against our country do not end, they will receive a decisive response," IRNA quoted an "official of the cyber base" on July 25.
Iran has sought to insulate itself from cyber attacks like the Stuxnet and Flame strikes that affected Iran’s nuclear program. Stuxnet disrupted industrial control technology used by the Iranians to enrich uranium. Flame is said to be targeted at gathering intelligence.
Iranian officials also announced that they plan to remove the country from the Internet this month in anticipation of stepped up cyber attacks.
Tehran announced in May that it planned to create a “master” cyber laboratory. A state-run news report quoted Saeed Rahimi, head of the Iranian Cyber Defense Center, as saying the new cyber center would be set by March 2013 and that it would be “responsible for providing protection from cyber threats and attacks, and suggesting reciprocal measure against each threat."