The Pentagon, USA, confirmed on 02 January 2020, that Iranian Quds Force Commander Qassem Soleimani, who was the top Iranian security & intelligence commander and the top leader who was overseeing operations in Iraq, Syria and other countries in the Middle East, was killed in a United States airstrike at the direction of President Donald Trump. This act has been viewed as an “Act of War” by Iran and the government has vowed “forceful revenge” against the United States for the killing of Major General Qassem Soleimani. Iran has not specified what form of revenge it is contemplating, but cyber security experts are warning that Iran might use its increasingly capable manpower and resource that it has build over time to execute the attack. The Cyber Retaliation may not be ‘target oriented’ and will result in the infection of all systems connected on the web. The cyber action could also cause substantial damage and extended Resilience effort than the more traditional military techniques of war. This Cyber War may not only affect the targeted country but will have its effect in countries like India, where cyber proliferation is at the growing phase, and also when the counter-measures are at its low.
The world is familiar to the effect of “Flame”, “Stuxnet”, “GhostNet”, etc; in which many systems other than the designated target, was affected, due to the fact that all systems are part of the web, as also the medium of Internet being the common resource.
When Two Bulls Fight The Grass Suffers
Many of us will recall the “GhostNet” attack and the subsequent ‘Shadows in the Cloud’ report published by The Information Warfare Monitor (IWM), Shadowserver Foundation, Toronto; on Chinese cyber espionage against the Tibetan community in the year 2010. The GhostNet system directs infected computers to download a Trojan known as gh0st RAT that allows attackers to gain complete, real-time control. These instances of gh0st RAT are consistently controlled from commercial Internet access accounts located on the island of Hainan, People’s Republic of China. The GhostNet had infected atleast 1,300 computers in 103 countries, of which close to 30% can be considered as high-value diplomatic, political, economic, and military targets; the infection continued till the end of 2013, when it had infected over third of the globe. GhostNet was discovered and named following a 10-month investigation by the IWM, carried out after the researchers approached the Dalai Lama’s representative in Geneva suspecting that their computer network had been infiltrated and after persuasion that the attack was generic and it had also targeted other entities including the Tibetan community.
Iranian Cyber Offensive Strategy
It is a know fact that Iran had invested into its hacker force and augmentation of the Cyber –offensive capability post the American-Israeli Stuxnet operation that destroyed Iran’s nuclear program in 2009. This has also made Iran a formidable cyber power and it has also forced the country to invest in tools to do real damage. It is also believed that General Qassem Soleimani, has been preparing the Islamic Revolutionary Guard Corps (IRGC), to also handle cyber offensive capabilities alongside conventional warfare.
Speculated Iranian Acts
There have been reports that the Iran performed its first major cyber attacks, in 2012 when it got down over 30,000 computers of the Saudi state oil company Saudi Aramco, preventing it from exporting its crude; in this operation, Iran had used data-wiping malware called “Shamoon”.
Between year 2011 and 2013, the Iranian hackers have claimed to have initiated “distributed-denial-of-service” attacks against American Banks and also had made effort to sabotage a Dam in the outskirts of New York. These were said to be conducted by the Cyber Wing of IRGC.
The conventional attack on petrochemical plant in Saudi Arabia, in 2018 was also claimed to be supported by Iran and performed by Russia. There have been unconfirmed reports of Russian Hackers using the infrastructure of Iran to carryout Cyber Attacks in different parts of the world.
Iranian hackers have also been reportedly involved in stealing of intellectual property and data of universities within the U.S. and its allies, which led to the Department of Justice indicting nine Iranian hackers linked to the IRGC in 2018.
We need to take this situation as an opportunity to build own counter capabilities to causative events which doesn’t require any friend or foe. Saying goes in politics there are no permanent friends or enemies.