Iran Becomes World’s 6th Largest Cyber Warfare Power
One of the clearest examples of Iran’s integration of cyberattacks into its war against the West was an event during a large-scale naval exercise that the US Fifth Fleet held in the Persian Gulf in the last week of April.
During the International Mine Countermeasure Exercise, involving representatives and ships from 30 countries, Iranian cyber warfare specialists succeeded in taking partial control of the GPS-supported navigation computers of a British destroyer, the HMS Defender, and disrupted its route.
The hierarchy in Tehran, which has understood for some time that besides its nuclear program it needs to acquire additional secret strategic abilities that can help resolve crises, even internal ones, decided to set up a cyber warfare network whose growth is now the fastest of its kind in the world.
The Iranians learned the most important lesson in cyber warfare from the Stuxnet malware developed by the US and Israel that inflicted major damage to centrifuge control systems of Iran’s nuclear program in 2009, and was not discovered until almost two years later.
The Iranians learned the price of the damage to the heart of the country’s highly-protected nuclear industry, the scope of direct and indirect damage to the country, the vulnerability of computer systems, and how the heart of the national interest was vulnerable. No less importantly, they became aware of the need for information security.
Another lesson that the Iranians learned from the cyber attacks was organizational. The cyber command of the Revolutionary Guard Corps grasped even before the US military and the IDF that the combination of offensive and defensive cyber operations was established. Those dealing in attacks on overseas computer systems can learn from those protecting the computer systems of critical Iranian infrastructure, and vice versa: those dealing in protection of computer infrastructure in Iran are receiving a stream of technical, operational and engineering intelligence supplied by those attacking them.
It was not by chance that a number of the world’s leading information security companies declared that Iran is the world’s sixth-ranked cyber warfare power, after the US, Britain, Israel, Russia and China. It was among the first to discover the latent power of social networks in 2009, when the Green Movement tried to become an active opposition. Users of social networks linked to the movement were located at record speed and arrested, demonstrations were broken up before they even took place, and the regime apparently knew about every assembly, gathering or organization being planned.
Iranian hackers are now making wide use of social networks like Facebook, microblogs like Twitter, picture- sharing sites like Instagram and Flickr, video sharing sites like Youtube, and much more. The use is mainly for collecting intelligence on Western targets and building entire social profiles including modus operandi, but also for psychological warfare and disinformation.
Iran’s cyber warfare is conducted by three main bodies: one under the Revolutionary Guard Corps, one under the army and the third under the Basij militia. They all use civilian straw companies in Iran and throughout the world, or proxies such as Hizballah in Lebanon and the Houthis in Yemen that benefit from transfers of computer infrastructure, knowledge and cyber skills.
The Iranian cyber warfare budget is estimated at about $1 billion a year (compared to $2 billion annually for the signal intelligence branch of Britain’s GCHQ). Another part of its cyber warfare is conducted by “hacktivists”, namely students and occasional hackers who operate independently against Western targets for ideological reasons.
DEBKA Weekly’s cyber warfare experts point out that one of the main characteristics of Iranian cyber warfare is that the motivation to cause damage is much stronger than the intent to collect intelligence.
That was the conclusion from an analysis of 1,842 targets of Iran’s “Rocket Kitten” cyber warfare group by the Check Point information security company, whose research center is in Israel. Another interesting detail was Tehran’s focus on Saudi Arabia. Eighteen percent of the targets were Saudi, 16% were American and only 5% were Israeli.