Last week, a US drone strike killed Iranian general Qassem Soleimani.
On Wednesday, Iran fulfilled its promise to retaliate by launching a missile attack on US bases in neighbouring Iraq.
But prior to Iran’s attack, commentators and analysts kept a keen eye on cyberspace, expecting that an Iranian assault could include a major cyberattack.
Former cybersecurity commissioner for Barack Obama, Tom Kellerman, told Verdict that he thought the Iranian response would be in the form of ongoing cyber operations.
“I don’t think it’s going to be one giant attack,” Kellerman said.
“It’s not going to be some massive DDoS. It’s going to be something that is more akin to guerrilla warfare within US critical infrastructures.
“I do think that, tragically, what we will experience over the next few weeks will highlight that the nature in which cyberattacks can have physical real-world consequences and can leverage kinetic events that could very much result in a loss of life of human beings.”
Official warnings were even sent out from US government entities.
The US Department of Homeland Security released a bulletin saying that “Iran maintains a robust cyber program and can execute cyberattacks against the United States.
“Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.”
And the New York Department of Financial Services warned Wall Street to beware of cyber warfare.
“It is particularly important to make sure that any alerts or incidents are responded to promptly even outside of regular business hours,” the department said.
“Iranian hackers are known to prefer attacking over the weekends and at night precisely because they know that weekday staff may not be available to respond immediately.”
Shortly before Iran’s official military retaliation, the website of the US Federal Depository Library Program was defaced with an image of Trump being punched in the face.
An unconfirmed group of Iranian hackers took credit for the incident.
And Texas Governor, Greg Abbott, warned in the lead up to the missile strikes that state computer networks were seeing a surge in cyber activity from outside of the United States – including Iran.
Iran’s cyber MO
According to the Center for Strategic and International Studies (CSIS), Iranian hackers have been probing and infiltrating targets in the Middle Eastern and throughout the Western world.
Banks, universities, factories, telecommunications, and critical infrastructure have all reported cyber activity originating in Iran.
But unlike other state actors who target intellectual property or deploy ransomware, large-scale Iranian cyberattacks tend to be destructive in nature.
In 2014, Iranian hackers crippled the computer systems of the Sands Hotel and Casino – costing upwards of US$40 million to rebuild.
And a 2012 cyber attack on Saudi state oil company networks simply erased as much data as it could.
Recently, multiple research teams have published papers linking Iranian hackers to destructive malware like the ZeroCleare wiper that IBM said poses a risk to the energy sector.
Late last year, Trend Micro released a report outlining how Iranian state hacker group, APT33, has been aggressively monitoring oil and aviation industries.
The group has been spotted using targeted spear fishing campaigns to get a botnet foothold in target systems before using their bots to siphon critical information.
Going after oil and energy companies makes sense for Iran since the country exerts control over the Strait of Hormuz – a chokepoint connecting the Persian Guly with the Arab Sea – through which around 20 per cent of the world’s oil is transported.
Beyond malware, Iran has been behind targeted information campaigns on social – causing both Twitter and Facebook to suspend accounts originating in Iran last year.
Despite the perceived threat of Iran in cyberspace, Jacquelyn Schneider – fellow at Stanford University’s Hoover Institution on War, Revolution and Peace – says Iran’s cyber operations “won’t push the current crisis towards war”.
Instead, she thinks the “doomsday scenarios of Iranian cyberattacks knocking out digitally dependent infrastructure like electric grids or health services” takes attention away from the actual threat of war.
“Focus on the destructive effects of cyberattacks is a distraction from the real risk of escalation — highly alert military forces in the region inadvertently firing at one another or crossing redlines toward all-out war.”
Conflict between the US and Iran has not escalated, with Trump playing down the targeted missile attacks – that Reuters reported “deliberately avoided US military casualties”.
All is well! Missiles launched from Iran at two military bases located in Iraq. Assessment of casualties & damages taking place now. So far, so good! We have the most powerful and well equipped military anywhere in the world, by far! I will be making a statement tomorrow morning.
— Donald J. Trump (@realDonaldTrump) January 8, 2020
But the warning issued by Iran's ICT Minister, Azari Jahromi, remains ominous.
Get the hell out of our region!#HardRevenge🇮🇷🇮🇶
— MJ Azari Jahromi (@azarijahromi) January 8, 2020