Advertisement

In wake of Soleimani’s death, Iran could retaliate with cyberattacks: experts

Click to play video: 'Trump says top Iranian general was plotting attacks'
Trump says top Iranian general was plotting attacks
WATCH: Trump says top Iranian general was plotting attacks – Jan 3, 2020

Iran’s retaliation for the United States’ targeted killing of its top general is likely to include cyberattacks, security experts warned Friday. Iran’s state-backed hackers are already among the world’s most aggressive and could inject malware that triggers major disruptions to the U.S. public and private sector.

Wait, There’s More: The aftermath of the killing of Qassem Soleimani

Potential targets include manufacturing facilities, oil and gas plants and transit systems. A top U.S. cybersecurity official is warning businesses and government agencies to be extra vigilant.

Story continues below advertisement
Click to play video: 'Ambulances on road to Baghdad airport after Iran’s Soleimani killed'
Ambulances on road to Baghdad airport after Iran’s Soleimani killed

Iranian state-backed hackers carried out a series of disruptive denial-of-service attacks that knocked the websites of major U.S. banks and the New York Stock Exchange and NASDAQ offline in 2012-13, a response to U.S. sanctions. Two years later, they wiped servers at the Sands Casino in Las Vegas, crippling hotel and gambling operations.

The destructive attacks on U.S. targets ebbed when Tehran reached a nuclear deal with the Obama administration in 2015. The killing early Friday in Iraq of Quds Force commander Gen. Qassam Soleimani — long after Trump scrapped the nuclear deal — completely alters the equation.

“Our concern is essentially that things are going to go back to the way they were before the agreement,” said John Hultquist, director of intelligence analysis at the cybersecurity firm FireEye. “There are opportunities for them to cause real disruption and destruction.”

Story continues below advertisement
Click to play video: 'Schumer says ‘Gang of 8’ wasn’t informed of airstrike that killed Iran general'
Schumer says ‘Gang of 8’ wasn’t informed of airstrike that killed Iran general

Iran has been doing a lot of probing of critical U.S. industrial systems in recent years — trying to gain access — but has limited its destructive attacks to targets in the Middle East such as the Saudi oil company, experts say.

For news impacting Canada and around the world, sign up for breaking news alerts delivered directly to you when they happen.

Get breaking National news

For news impacting Canada and around the world, sign up for breaking news alerts delivered directly to you when they happen.
By providing your email address, you have read and agree to Global News' Terms and Conditions and Privacy Policy.

It’s not known whether Iranian cyber-agents have planted destructive payloads in U.S. infrastructure that could now be triggered.

“It’s certainly possible,” said Hultquist. “But we haven’t actually seen it.”

Robert M. Lee, chief executive of Dragos Inc., which specializes in industrial control system security, said Iranian hackers have been very aggressive in trying to gain access to utilities, factories and oil and gas facilities. That doesn’t mean they’ve succeeded, however. In one case in 2013 where they did break into the control system of a U.S. dam — garnering significant media attention — Lee said they probably didn’t know the compromised target was a small flood control structure 20 miles north of New York City.

Story continues below advertisement

Iran has been increasing its cyber capabilities but is not in the same league as China or Russia — which has proven most adept at sabotaging critical infrastructure, witnessed in attacks on Ukraine’s power grid and elections, experts agree.

Click to play video: 'Trump calls declaring war on Iran to win an election ‘pathetic’ in since-deleted video from 2011'
Trump calls declaring war on Iran to win an election ‘pathetic’ in since-deleted video from 2011

And while the U.S. power grid is among the most secure and resilient in the world, plenty of private companies and local governments haven’t made adequate investments in cybersecurity and are highly vulnerable, experts say.

“My worst-case scenario is a municipality or a cooperative-type attack where power is lost to a city or a couple of neighborhoods,” Lee said.

Consider the havoc an epidemic of ransomware attacks has caused U.S. local governments, crippling services as vital as tax collection. While there’s no evidence of coordinated Iranian involvement, imagine if the aggressor — instead of scrambling data and demanding ransoms — simply wiped hard drives clean, said Hultquist.

Story continues below advertisement

The only known cybersecurity survey of U.S. local governments, county and municipal, found that the networks of 28 percent were being attacked at least hourly — and that nearly the same percentage said they didn’t even know how frequently they were being attacked. Although the study was done in 2016, the authors at the University of Maryland-Baltimore County don’t believe the situation has improved since.

The top cybersecurity official at the Department of Homeland Security, Christopher Krebs, urged companies and government agencies to refresh their knowledge of Iranian state-backed hackers’ past exploits and methods after Soleimani’s death was announced. “Pay close attention to your critical systems,” he tweeted.

Click to play video: 'U.S. increasing troop presence in the Middle East'
U.S. increasing troop presence in the Middle East

In June, Krebs warned of a rise in malicious Iranian cyberactivity, particularly attacks using common methods like spearphishing that could erase entire networks: “What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network.”

Story continues below advertisement

When then-Director of National Intelligence James Clapper blamed Iran for the Sands Casino attack, it was one of the first cases of American intelligence agencies identifying a specific country as hacking for political reasons: The casino’s owner, Sheldon Adelson, is a big Israel backer. Clapper also noted the value of hacking for collecting intelligence. North Korea’s hack of Sony Pictures in retaliation for a movie that mocked its leader followed.

The vast majority of the nearly 100 Iranian targets leaked online last year by a person or group known as Lab Dookhtegan — a defector, perhaps — were in the Middle East, said Charity Wright, a former National Security Agency analyst at the threat intelligence firm InSights. She said it’s highly likely Iran will focus its retaliation on U.S. targets in the region as well as in Israel and the U.S.

Click to play video: 'Baghdad says U.S. military strikes in Iraq will have ‘dangerous consequences’'
Baghdad says U.S. military strikes in Iraq will have ‘dangerous consequences’

Sponsored content

AdChoices