Human Rights

U.S. Officials: Iranian Cyber-Attacks, Arrest of Americans May Be Linked

U.S. officials believe that the increasing number of hacking attacks carried out this past month by Iran’s Islamic Revolutionary Guard Corps (IRGC) against American government personnel may be linked to the arrests of American-Iranian citizens by the regime, The Wall Street Journal reported (Google link) Thursday.

The Islamic Revolutionary Guard Corps, or IRGC, has routinely conducted cyberwarfare against American government agencies for years. But the U.S. officials said there has been a surge in such attacks coinciding with the arrest last month of Siamak Namazi, an energy industry executive and business consultant who has pushed for stronger U.S.-Iranian economic and diplomatic ties.

Obama administration personnel are among a larger group of people who have had their computer systems hacked in recent weeks, including journalists and academics, the officials said. Those attacked in the administration included officials working at the State Department’s Office of Iranian Affairs and its Bureau of Near Eastern Affairs.

“U.S. officials were among many who were targeted by recent cyberattacks,” said an administration official, adding that the U.S. is still investigating possible links to the Namazi case. “U.S. officials believe some of the more recent attacks may be linked to reports of detained dual citizens and others.”

At the time of his arrest, the IRGC seized Namazi’s computer.

According to the Journal, friends and associates of Washington Post reporter Jason Rezaian were similarly targeted following his arrest last year.

Associates of Namazi say that the IRGC, which is believed to be responsible for his arrest and which reports directly to Iranian Supreme Leader Ayatollah Ali Khamenei, is using the cyber-attacks to help “build a false espionage case” against him.

Last month, the Journal reported that a cyber-security company, Dell Secureworks, had identified a scheme where Iranian hackers had set up false LinkedIn accounts in order to learn sensitive information from the defense and telecommunications sectors. In August, it was reported that Iran was targeting political dissidents living abroad with cyber-attacks.

Earlier this year, The New York Times revealed that the United States had enlisted the help of its allies, including Britain and Israel, to confront the escalating Iranian cyber-attacks.

A report released in 2014 by cyber-security firm Cylance highlighted Iran’s growing cyber-terror capabilities, including “bone-chilling evidence” that its hackers had taken control of gates and security systems at airports in South Korea, Saudi Arabia, and Pakistan.

Iran’s cyber-attacks are not just directed at other countries and individuals abroad, but also its own citizens. Massive attacks on Iranian Google accounts were detected prior to the presidential election two years ago as part of a broader crackdown on dissent.

In Iran Has Built an Army of Cyber-Proxies, published in the August 2015 issue of The Tower Magazine, Jordan Brunner examined how Iran became one of the world’s leading forces in cyber-warfare:

Iran is adept at building terrorist and other illicit networks around the world. Its cyber-capabilities are no different. It uses the inexpensive method of training and collaborating with proxies in the art of cyber-war. It may also have collaborated with North Korea, which infamously attacked Sony in response to the film The Interview. It is possible that Iran assisted North Korea in developing the cyber-capability necessary to carry out the Sony hack. While acknowledging that there is no definite proof of this, Claudia Rosett of the Foundation for Defense of Democracies raised the question in The Tower earlier this year.

More importantly, Iran is sponsoring the cyber-capabilities of terrorist organizations in Lebanon, Yemen, and Syria. The first indication of this was from Hezbollah. The group’s cyber-activity came to the attention of the U.S. in early 2008, and it has only become more powerful in cyberspace since then. An attack that had “all the markings” of a campaign orchestrated by Hezbollah was carried out against Israeli businesses in 2012.

Lebanon’s neighbor, Syria, is home to the Syrian Electronic Army (SEA), which employs cyber-warfare in support of the Assad regime. There are rumors that indicate it is trained and financed by Iran. The SEA’s mission is to embarrass media organizations in the West that publicize the atrocities of the Assad regime, as well as track down and monitor the activities of Syrian rebels. It has been very successful at both. The SEA has attacked media outlets such as The Washington Post, the Chicago Tribune, the Financial Times, Forbes, and others. It has also hacked the software of companies like Dell, Microsoft, Ferrari, and even the humanitarian program UNICEF.

The group has carried out its most devastating cyber-attacks against the Syrian opposition, often using the anonymity of online platforms to its advantage. For example, its hackers pose as girls in order to lure opposition fighters into giving up seemingly harmless information that can lead to lethal crackdowns. The SEA’s sophisticated use of cyberspace developed in a very short time, and it is reasonable to infer that this was due to Iranian training. Iran has long supported the ruling Assad regime in Syria and would be happy to support those who support him.

In recent months, a group called the Yemen Cyber Army (YCA) has arisen, hacking into systems that belong to Saudi Arabia. The YCA supports the Houthi militia, which is fighting the Yemenite government and the Saudis; the Houthis are, in turn, supported by Iran. Thus far, the YCA has attacked Saudi Arabia’s Foreign, Interior, and Defense Ministries. They have also hacked the website of the Saudi-owned newspaper Al-Hayat. Messages from the group indicate that they are sponsored by Iran, and might even be entirely composed of Iranians.

[Photo: Image Catalog / Flickr ]