WASHINGTON — The U.S. is bracing for cyberattacks Iran could launch in retaliation for the re-imposition of sanctions this week by President Donald Trump, cybersecurity and intelligence experts say.
Concern over that cyberthreat has been rising since May, when Trump pulled out of the 2015 nuclear deal, under which the U.S. and other world powers eased economic sanctions in exchange for curbs on Iran’s nuclear program. The experts say the threat would intensify following Washington’s move Tuesday to re-impose economic restrictions on Tehran.
“While we have no specific threats, we have seen an increase in chatter related to Iranian threat activity over the past several weeks,” said Priscilla Moriuchi, director of strategic threat development at Recorded Future, a global real-time cyberthreat intelligence company. The Massachusetts-based company predicted back in May that the U.S. withdrawal from the nuclear agreement would provoke a cyber response from the Iranian government within two to four months.
U.S. intelligence agencies have singled out Iran as one of the main foreign cyberthreats facing America, along with Russia, China and North Korea. A wave of attacks that U.S. authorities blamed on Iran between 2012 and 2014 targeted banks and caused tens of millions of dollars in damage. They also targeted but failed to penetrate critical infrastructure.
Iran denies using its cyber capabilities for offensive purposes, and accuses the U.S. of targeting Iran. Several years ago, the top-secret Stuxnet computer virus destroyed centrifuges involved in Iran's contested nuclear program. Stuxnet, which is widely believed to be an American and Israeli creation, caused thousands of centrifuges at Iran's Natanz nuclear facility to spin themselves to destruction at the height of the West's fears over Iran's program.
"The United States has been the most aggressive country in the world in offensive cyber activity and publicly boasted about attacking targets across the world," said Alireza Miryousefi, spokesman for Iran's diplomatic mission at the United Nations, contending that Iran's cyber capabilities are "exclusively for defensive purposes."
Gen. Qassem Soleimani, who heads the elite Quds Force of Iran’s hard-line paramilitary Revolutionary Guard, has sounded more ominous, warning late last month about Iran’s capabilities in “asymmetric war,” a veiled reference to nontraditional warfare that could include cyberattacks.
The Trump administration says it re-imposed sanctions on Iran to prevent its aggression — denying it the funds it needs to finance terrorism, its missile program and forces in conflicts in Yemen and Syria.
The sanctions restarted Tuesday target U.S. dollar financial transactions, Iran's automotive sector and the purchase of commercial planes and metals, including gold. Even stronger sanctions targeting Iran's oil sector and central bank are to be re-imposed in early November. European leaders have expressed deep regret about the U.S. actions. They hit Iran at a time when its unemployment is rising, the country's currency has collapsed and demonstrators are taking to the streets to protest social issues and labor unrest.
Norm Roule, former Iran manager for the office of the Director of National Intelligence, said he thinks Tehran will muster its cyber forces in response.
"I think there is a good chance Iran will use cyber, probably not an attack that is so destructive that it would fragment its remaining relationship with Europe, but I just don't think the Iranians will think there is much cost to doing this," Roule said. "And it's a good way to show their capacity to inflict economic cost against the United States."
"Iran's cyber activities against the world have been the most consequential, costly and aggressive in the history of the internet, more so than Russia. ... The Iranians are destructive cyber operators," Roule said, adding that Iranian hackers have, at times, impersonated Israeli and Western cyber security firm websites to harvest log-in information.
The office of Director of National Intelligence Dan Coats declined to comment Tuesday on the likelihood that Iran will answer the sanctions with cyber operations against the U.S. When the U.S. pulled out of the nuclear deal, the FBI issued a warning saying that hackers in Iran "could potentially use a range of computer network operations — from scanning networks for potential vulnerabilities to data-deletion attacks — against U.S.-based networks in response to the U.S. government's withdrawal" from the nuclear pact.
Accenture Security, a global consulting, managing and technology company, also warned Tuesday that the new sanctions would “likely to push that country to intensify state-sponsored cyberthreat activities,” particularly if Iran fails to keep its European counterparts committed to the nuclear pact.
Josh Ray, the firm's managing director for cyber defense, said it hasn't seen any evidence that Iran has launched any new cyber operations, but he said Iran has the capability to do it and has historically operated in a retaliatory manner.
"This still remains a highly capable, espionage-related type threat," Ray said. "Organizations need to take this threat seriously. They need to understand how their business could potentially be impacted."
Recorded Future's Moriuchi anticipated that businesses most at risk were those victimized in Iranian cyberattacks between 2012 and 2014 — they include banks and financial services, government departments, critical infrastructure providers, and oil and energy.
Those cyberattacks cost nearly 50 financial institutions tens of millions of dollars. The repeated attacks disabled bank websites and kept hundreds of thousands of customers from accessing their online accounts. U.S. prosecutors indicted several Iranians, alleging they worked at the behest of the Iranian government.
One defendant allegedly targeted the computer systems of the Bowman Dam in Rye, New York. No access was gained, but prosecutors said the breach underscored the potential vulnerabilities of the nation's critical infrastructure.
In March, the Justice Department also announced charges against nine Iranians accused of working at the behest of the Islamic Revolutionary Guard Corps to steal large quantities of academic data from hundreds of universities in the United States and abroad as well as email accounts belonging to employees of government agencies and private companies.
Associated Press writer Edith M. Lederer at the United Nations contributed to this report.