Beware of cyberspace. "It is time to closely monitor the activity of Iranian hacker groups and pay attention to our critical infrastructure." Christopher Krebs, head of the Cyber Security Infrastructure Agency of the US Department of the Interior, sounded the alarm in the wake of the American raid that claimed the life of the influential Iranian general Qassem Soleimani, Friday January 3 .
Given recent developments, re-upping our statement from the summer.
Bottom line: time to brush up on Iranian TTPs and pay close attention to your critical systems, particularly ICS. Make sure you're also watching third party accesses! https://t.co/4G1P0WvjhS
Many experts, like this senior American official, believe that the Iranian response will include an important cyber component. "The question is not even whether Tehran will launch a cyber attack, Iran has already started!" Said David Grout, technical director of the cybersecurity company FireEye for the Europe, Middle East region, contacted by France 24.
Armada of hackers
The Iranian group Cyber Security Group HackerS has indeed targeted Sunday, January 5, the site of the Federal Depositary Library Program (FDLP). The home page was replaced by a message to the glory of Qassem Soleimani with, in the background, a diverted image of the American president Donald Trump, knocked out by the vengeful fist of the Guardians of the Revolution. "We have also seen an increase in the creation of fake accounts on Twitter to spread false information," said David Grout. Thus the unfounded rumor of an attack on an American base in Baghdad circulated for some time on social networks in recent days.
For this expert, these are just appetizers before more important actions. Iran has been preparing, in fact, for almost ten years to deploy major cyber resources in the event of a major crisis with the West. To be precise, the Iranian regime has realized the importance of being efficient in this area after the Israeli-American attack of 2010, which had paralyzed the Iranian nuclear program with the help of the Stuxnet virus.
Since then, the country has equipped itself with an official cyber army, placed under the control of the Guardians of the Revolution, and "supports around fifty groups of hackers who can at any time be used to launch operations", note the analysts for Recorded Future, an American cybersecurity company, in a study on the Iranian cybercrime landscape published in 2018.
This impressive armada of hackers has allowed Iran to rise among the nations that matter. "The Iranians are not up to the Americans, the Russians or the Chinese, but they are very good and, above all, they are not afraid to launch destructive attacks while other nations are limited to industrial espionage or intelligence operations ", assures Gérôme Billois, cybersecurity expert for the Wavestone firm, contacted by France 24.
The Iranians are thus the main suspects in the computer attacks on the oil installations of Saudi Aramco and the Qatari company RasGas in 2012, and are also believed to be at the origin of an operation which made it possible in 2017 to decommission a Saudi power plant.
"Only way to hit American soil"
But are the Iranians capable of reaching the United States, a benchmark power in cyberspace? "I don't see them hitting the US government head on, but they can attack critical infrastructure like the power grid or the water system," said David Grout. They have already done so. In 2016, seven Iranians were charged with computer attacks, one of which targeted a hydraulic dam near New York.
"The United States is no better in IT protection than states in Europe that have already been targeted by Iran. They are, however, at the forefront in intrusion detection, but, generally speaking, the evil is already done, "said Frans Imbert-Vier, CEO of the cybersecurity consulting firm Ubcom, contacted by France 24.
For this expert, the main interest of a hacking operation lies in the fact that "it is their only means of striking the United States on their soil". An essential dimension: Iran's ability to project its strike force within the American borders can "serve as a source of pride for the population and thus contribute to the feeling of national unity necessary in times of crisis" , judge Frans Imbert-Vier.
Potential cyberattacks must therefore make media noise. But not only. "These operations must strike where it can hurt the most in the United States, that is to say the portfolio, and be unexpected," notes the specialist. In other words, he said, we should not expect an attack on targets deemed priority by the US administration - such as a power plant or the banking network - but rather against companies or facilities. in sectors that have economic weight, such as agriculture or petroleum.
All the experts interviewed believe, like David Grout, that cyberattacks "will not constitute the main response, but will rather be complementary to other actions", notably military. This specialist emphasizes, for example, that the Iranians have developed advanced computer techniques of "profiling" of target, whether it is the collection of information on a military installation for an armed operation or the tracking of the movements of a individual for the purpose of assassination. Other specialists believe that it can also be the decommissioning of computer systems at an airport, such as that of Baghdad, in order to complicate the arrival of American troops in the region.
For Gérôme Billois, "the advantage with computer attacks is that you can strike at several places at the same time for much less than with traditional weapons". And in a crisis between two nations with such different economic and military power, the cyber weapon makes it possible to reduce these inequalities.
Newsletter Don't miss anything from international newsDon't miss anything from international news