Iran Wages Cyber War Against US Banks and Arab Energy Firms

Impact

After being the target of cyber attacks from the West and crippling economic sanctions for their controversial nuclear program, Iran has waged a campaign of retaliation with its own cyber attacks against major U.S. banks and energy firms in the Arab World during the past month. This cyber onslaught has been described by U.S officials and cyber security experts as among the biggest cyber attacks ever witnessed.

These cyber attacks are likely a retaliatory measure against economic sanctions orchestrated by the U.S. and its Arab allies, which have effectively crippled Iran’s currency and thereby, substantially, undermined the stability of the Iranian economy.

Given the gravity of these attacks, the U.S. and its allies must brace themselves for further attacks. They must also seek to actively deter Iran from launching further attacks. Passivity will not cut it when an opposing nation-state attacks you critical infrastructure – the financial and energy sectors – and Iran should be promptly dealt with.

The “Cyber Pearl Harbor” of September

The U.S. banks’ websites, which were the targets of Iranian distributed denial of service attacks (DDOS), were severely hampered in their ability to provide the banks’ customers a smooth or even functional online banking experience. In short the DDOS attacks have made it very difficult to do any sort of online banking for the banks affected by the attacks. Among the victims are Bank of America, Citigroup, JP Morgan & Chase, and Wells Fargo, which constitute all of the biggest banks in America.

According to an unnamed national security official who has access to classified information, “Such a sustained network attack ranks among the worst-case scenarios envisioned by the National Security Agency.” The official also noted that the level of the damage from these cyber attacks on these and other U.S. banks might not be fully known for weeks or months.

At the same time, the so-called “Shamoon Virus” also besieged Arab energy firms in multiple Arab states allied with America. Saudi Arabia’s ARAMCO was hit, according to Secretary of Defense Leon Panetta, in “the most destructive attack the business sector has seen to date.” Panetta went so far as to say that these cyber attacks constitutes a “Cyber Pearl Harbor” in terms of the suddenness and destructive nature of the attacks. More than 30,000 computers in ARAMCO’s network were affected by the virus and had to be replaced due to the devastating effect of the virus.

The attacks came suddenly and with no warning and will be “a date which will live in infamy – the United States of America [and its allies were] suddenly and deliberately attacked” through measured attacks through cyberspace. The question is: Who carried out these attacks?

The “Hacktivist” Cyber Fighters

The group that claimed credit for these large-scale cyber attacks call themselves the “Izz al-Din al-Qassam Cyber Fighters” – a name inspired by Izz al-Din al-Qassam, a Syrian-born Muslim preacher, who lead a armed struggle against British, French, and Jewish organizations across the Middle East from the early part of the 20th Century up to the 1930s.

These attacks were codenamed “Operation Ababail.” The purported purpose, according to the Cyber Fighters, is to protest the Innocence of Muslims video as a part of a supposed “hacktivist” campaign – which means that the cyber attacks are supposed to be launched by a grassroots level using technologies and resources available to nongovernment groups.

The Iranian government has denied any connection to this group and the cyber attacks launched against the U.S. banks and Arab energy firms. The problem with this claim is that there are too many connections that link Iran to these attacks.

Connection #1: U.S. Officials believe Iran is behind the attacks.

Cyber experts and leading U.S. officials believe that Iran is behind the attacks based on the analysis of the cyber weapons used in the cyber attacks. Both sources have come out publically accusing Iran of sponsoring these cyber attacks based on the evidence gathered on the attacks.

Senator Joseph Lieberman (I-CT), the chairman of the Homeland Security Committee, announced on September 26, that he believed that Iran was behind the cyber attacks on U.S. banks and Arab energy firms as a direct result of Tehran’s desperation resulting from the pressure that it has been put under by economic sanctions.

The accusation of Iranian involvement was further reinforced by Secretary Panetta, who stated during a recent press conference (in the video below), that the U.S. was in a “pre-9/11 moment” given the predicament presented by the Iranian cyber attacks. When he spoke about the Iranian cyber attacks and emphasized the vulnerability

Connection #2: The Cyber Experts have analyzed the attacks and deem them to be highly sophisticated.

Cyber security experts have found evidence to support the notion that Iran was behind the cyber attacks in question. Prolexic Technologies, the global leader in DDOS protection and mitigation, analyzed the attacks on U.S. banks and found that these attacks were more sophisticated than what the supposedly “hacktivist” group would be capable of. Prolexic went so far as to say that the attacks were “on the level of a Stuxnet-type of attack.”

The resources needed to mount this level of attack are clearly not something that a grassroots group can muster in an instant. To say that the group’s pretext – the anger triggered by the Innocence of Muslims trailers – was the motivation puts more suspicion that the attacks were planned ahead of time and had little relation to the controversial videos other than being a weak pretext, which was the case for the deadly Benghazi attack on the U.S. consulate.

Akamai, a cyber security consulting firm, has also stated that the attacks were uniform in that they used the same toolkit – which is the basic tool of cyber warfare with a unique signature – in the attacks against the targets. Furthermore, the attacks used a large botnet – a large network of computers used to launch large-scale cyber attacks – made up of voluntary supporters to launch the attacks.

Connection #3: The Iranian Government is feeling the pinch from the economic sanctions.

The economic impact of the U.S.-led economic sanctions against Iran has been, recently, found to be highly effective in weakening the value of the Iranian Rial, which fell in value by 40% earlier this month as a result of economic sanctions imposed by the West and its Arab allies. The Rial’s fall in value has destabilized the Iranian economy as inflation has made life very difficult for average Iranians and those who do business abroad.

The consequence, according to TIME Magazine, is that the Iranian regime has been forced into crisis mode and in a desperate situation as the currency problem threatens to severely undermine the regime’s ability to rule. On top of this substantial pressure, there is a campaign by NGO forces in the West to restrict Iran’s ability to print more money to keep the Iranian economy and the current regime afloat.

Thus it’s not surprising for Iran to resort to desperate measures like launching these cyber attacks to counter the considerable economic pressure placed on Iran by the economic sanctions. The motivation has been forced on Iran by the effectiveness of the economic sanctions imposed on them due to their controversial nuclear program.

Connections #4: Cyber warfare is an effective method of retaliation for Iran.

Iran doesn’t have the means to openly retaliate against the U.S. and its Arab allies, whom it sees as the primary adversaries undermining Iran’s economy and regional interests, so it makes sense for the government in Tehran to use cyber warfare to strike back at its foes.

In looking at the research on the use of cyber warfare, this style of warfare is well suited for nation-states whose conventional power cannot match or be effectively used against its opponents. Adam Liff, a doctoral candidate at Princeton University, published an article in the Journal of Strategic Studies that argued that cyber war was the new “absolute weapon” that could even the balance of power for weaker states like Iran as cyber warfare is far cheaper and more of an indirect means of retaliation.

The U.S. government has been aware of the cyber threat posed by Iran, for some time, as a panel of experts testified to this very matter earlier this year during a hearing before the House Homeland Security Committee. Iran, according to the experts at this hearing, has a habit of using proxies to do its dirty work as shown in Iraq, Syria and Lebanon in recent times. Cyber warfare is something that Iran has been working on for some time with as many as 1,000 cyber warriors at their disposal.

The cyber attacks in question are therefore something that makes sense for Iran to do considering its limited ability to project power by conventional means and also something that Iran is capable of doing.

A Recommendation to the Targets of Iranian Cyber Warfare

What should the U.S. and its allies do given the severity of the situation? The best response is to issue a declaratory on cyber deterrence aimed at Iran and anyone else engaged in similar cyber tactics against the U.S. and its friends – particularly Russia and China, who have been active in conducting cyber operations against the U.S. and its allies.

The U.S., its Arab allies, and all other potential targets of retaliation – mainly Europe – should issue a declaration that cyber attacks launched by Iran or a proxy like the Qassam Cyber Fighters will be met with equal or greater force through cyber attacks launched from nation-states who are victims of Iranian cyber attacks in an effort to deter Tehran from launching future cyber attacks.

Given the undeniable effectiveness of past cyber operations led by the U.S. and Israel – including the Stuxnet, Duqu and Flame – the Iranians will not take the cyber power of the U.S. and other affected parties lightly and will act accordingly.

Secretary Panetta’s comments, during the aforementioned news conference regarding the Iranian cyber attacks, suggest that this recommendation is closely aligned with what the U.S. has in mind. He stated that, “Potential aggressors should be aware that the United States has the capacity to locate them and hold them accountable for actions that harm America or its interests” – which has been interpreted by some speech analysts as a veiled threat of retaliation against cyber attacks to Iran. 

From what we know thus far about these Iranian cyber attacks, the U.S. and the rest of the world have undoubtedly realized that we have all entered a brave new world where cyber warfare is a real and damaging tactic used by less powerful nation-states, like Iran, to counter actions against their interests. The important lesson, here, is to remember is that cyber warfare is a two-way street.