Iran poses growing cyber threat to US interests, study says
Iran poses a growing threat to America’s computer networks and has launched increasingly sophisticated digital attacks and spying on U.S. targets, according to a new report released Thursday.
Iran’s far-reaching hacking efforts indicate the regime is searching for vulnerable infrastructure that could be hit in future cyber assaults, said the study by private cyber security company Norse and the American Enterprise Institute think tank.
“Iran is emerging as a significant cyber threat to the U.S. and its allies,” the study said.
Iran’s skill in the cyber realm has markedly improved in recent years and “Iran has already penetrated well-defended networks in the U.S. and Saudi Arabia and seized and destroyed sensitive data,” it said.
The hacking, including espionage and attacks, has expanded despite economic sanctions and high-stakes negotiations between Iran and world powers on Tehran’s nuclear program, it said.
The study cited data from a network of millions of sensors set up by Norse. The sensors are designed to look like real websites or other computer systems — for banks or power plants — that might attract the interest of a hacker.
The data showed Iran was staging cyber assaults and probes from inside Iran as well as outside the country.
Iranian state companies, including some with links to Iran’s elite Revolutionary Guards, are allegedly hosting servers and other computer systems located in the West to carry out digital attacks, according to the report.
“Simply by registering and paying a fee, Iranian security services and ordinary citizens can gain access to advanced computer systems and software that the West has been trying to prevent them from getting at all,” the study said.
The report argued that the hacking conducted outside Iran could be countered by Western companies that own the systems and software, denying access to Iranian organizations already blacklisted for rights violations or links to militants.
The study reflects warnings from U.S. intelligence officials that Iran has made strides in its cyber capabilities, though China and Russia are considered the most skilled when it comes to digital warfare.
National Intelligence Director James Clapper in February blamed Iran for a cyber attack on Sands Casino in Las Vegas that stole confidential data and shut down many of the casino’s operations.
The assault came after the billionaire owner of Sands, Sheldon Adelson, said in 2013 that “Iran should be nuked.”
Under a framework nuclear agreement, international economic sanctions would be lifted on Iran. And the report’s authors argue that removal of sanctions would allow Tehran to devote more resources to cyber warfare.
“Whatever the final outcome of the nuclear negotiations, we must expect that the threat of a cyber attack from Iran will continue to grow,” the authors wrote.
Cyber security firms such as Norse often portray digital threats as numerous and increasing. But it was unclear if Norse would have an incentive to link hacking to any specific state.