The United States launched cyberattacks on Iran Thursday, targeting computer systems that control the nation's rocket and missile launchers. A physical attack was scheduled for the same day, following Iran's destruction of an unmanned US drone; President Donald Trump called off that strike, however.
Three officials who spoke anonymously to the Associated Press said the cyberattacks were part of a contingency plan created in the weeks leading up to the strike, following more than a year of mounting pensions between the two countries.
The US exit from the multination Iranian nuclear deal in 201
Over the past few weeks, the US has accused Iran of attacking ships in the Gulf of Oman (something Iran has denied), and Iran has announced it will no longer have certain parts of the nuclear deal. The US has moved new troops to the Middle East, and Thursday, Iran shot down a US drone, claiming the device had crossed into its territory (something the Trump administration denies).
Following the destruction of the drone, Trump tweeted that he had prepared, and then called off, a retaliatory military strike over concerns about the death toll.
"We were cocked & loaded to retaliate last night on 3 different sights when I asked, how many will die. 150 people, sir, was the answer from a General. 10 minutes before the strike I stopped it, ”Trump tweeted on Friday morning.
The president did allow the cyberattack to go forward, however, perhaps because there would be no casualties.
Personnel from US Cyber Command launched the offensive on Iranian military command and control systems, and according to Yahoo News, spy group with Iranian Revolutionary Guard Corps was also targeted:
The group … has over the past several years digitally tracked and targeted military and civilian ships passing through the economically important Strait of Hormuz, through which passes 17.4 million barrels of oil per day. Those capabilities, which have advanced over time, enabled attacks in the region for several years.
Much is still unknown about the scope of the attacks, including how much damage the Iranian systems incurred. According to the New York Times, the attack on the control systems could only be attacked if the US were able to observe Iran and failed to launch a missile.
Even if the attacks were successful, they would probably not represent a critical blow to Iranian cyber capabilities. A similar attack was launched against the Internet Research Agency, an actor in Russia responsible for communication in the 2016 presidential election. That attack took the Internet Research Agency offline for a time, but the group has resumed its operations.
Iran has yet to officially respond to the attacks, but the nation's Fars News Agency called US news reports about the strike and "bluff meant to affect public opinion and regain lost reputation for the White House. ”[TheUShasnotofficiallycommentedonthecyberattackeither;thepresidenthasnotmentionedanyofhistweetsaboutIranandalloftheofficialswhospokewithreportersdidsoanonymouslyWhenaskedPentagonspokeswomanElissaSmithdeclinedtocommentontheWashingtonPostoperation
"As a matter of policy and for operational security, we do not discuss cyberspace operations, intelligence or planning," Smith said.
The digital realm is an emerging front
Cyberattacks could mark a new front in escalating tensions with Iran.
"This is the modern version of what the US Navy has to defend itself at sea and keep international shipping lanes free from Iranian disruption," Thomas Bossert, who forms senior White House cybersecurity official in the Trump administration, told the Washington Post
US Cyber Command was granted by Congress this May and by the president last year, becoming a full combatant command with the ability to launch offensive action without explicit presidential approval. The attack against Iran is one of the command's first attacks under these new powers; it also reportedly has used its new abilities to conduct operations in Russia's power grid.
With tensions rising, the Post's Ellen Nakashima reports the Trump administration has been alerting industry leaders to be vigilant for retaliatory cyberattacks emanating from Iran:
On Saturday , Department of Homeland Security issued a warning to US industry that Iran has stepped up its cyber-targeting of critical industries – to include oil, gas and other energy sectors – and government agencies, and has the potential to disrupt or destroy systems.
in Iranian cyber activity, ”said Christopher Krebs, director of DHS's Cybersecurity and Infrastructure Security Agency. “Iranian actors and their proxies are not just your garden's run-of-the-mill data. These are the guys that come in and they burn the house down. ”
Gary Brown, the first senior legal counsel for US Cyber Command and a professor on cyber law at the National Defense University, told Yahoo Iran has“ really cranked up its capability ”in the digital space, following attacks on a uranium enrichment plant that were revealed in 2010 by a computer worm developed by the US and Israel.
Krebs told the New York Times Iran actively works to infiltrate networks, and that these raids can result in the loss of money, intellectual property, and can even lead to the destruction of the network itself.
CyberSecurity firms CrowdStrike and FireEye say that hackers have been found to work for the Iranian government have been up these varieties of attacks, and others, on US infrastructure and government agencies, part of using spear-phishing tactics (when emails with malicious code masquerade as harmless ones). It is not known whether these attacks have been successful.
While the US may have used a cyberattacks against Iran this time, and while likely to remain on guard from digital attacks from Iran and other actors, military strikes are still not the table. Trump suggested in a tweet that strikes could still come, writing he stopped physical military action "at this time."
I never called the strike against Iran "BACK," as people are incorrectly reporting, I just stopped it from going forward at this time!
– Donald J. Trump (@realDonaldTrump) June 22, 2019