Tensions with Iran escalated Friday with news that the U.S. killed Qasem Soleimani, the head of Iran's military Quds Forces.
Soleimani sponsored terrorist activities and was one of the most despised figures in the West, said Peter Marta, partner in the cybersecurity practice at law firm Hogan Lovells and an expert in Middle East intelligence. But Soleimani also served as more of a legitimized "head of state" among Shiite Muslim state agencies globally compared to other terrorist leaders.
This is particularly worrisome, since Iran has explicitly shown its ability to conduct widespread cyberattacks against American businesses in response to U.S. government action, notably against the biggest U.S. banks throughout 2012 and 2013, Marta said Friday.
"Soleimani was one of the top two or three most powerful figures in the region," he said.
Iran also possesses a vast trove of intelligence, thanks to a sustained campaign of intellectual property theft against hundreds of U.S. academic institutions, according to the Department of Justice. It said the targets have included universities that conduct biological, chemical, defense industrial, space and nuclear research for the federal government.
Iran has also conducted malicious cyber operations against other countries, most notably Saudi Arabia's oil facilities and government offices, and U.S. intelligence agencies have said Iran has attacked and planted malware on industrial facilities in the U.S., including dams.
Iran may not have the extensive cybersecurity resources as the United States, but these three factors show the country may have a surprisingly large strategic strength as a conflict looms.
In 2012 and 2013, several of the world's largest banks were stunned by a series of high-volume distributed denial of service attacks against their websites. This type of attack, known as DDoS, involves sending small "packets" of information in a very high volume to crash the servers supporting those websites. Login pages for numerous big banks crashed, leaving consumers unable to view their accounts.
The Izz Ad-Din Al Qassam Cyber Fighters, an Islamic activist organization self-styled similarly to the hacking collective Anonymous, took responsibility, saying the attacks were retaliation for a series of anti-Islamic actions by the U.S. Pastor Terry Jones.
But U.S. intelligence agencies later revealed the "hacktivist" group was a smokescreen, and the attack was actually sponsored by Iran, partially in response to sanctions imposed against the country by the U.S. and other international organizations.
It would be the first public example of a trend: When the U.S. issues sanctions against Iran, the country retaliates with cyberattacks. The killing of Soleimani represents a "much more meaningful event" to Iran than mere sanctions, Marta said, and the possibility of commensurate cyberattacks is significant.
In a note to investors Friday, Evercore analysts Ken Talanian and Kirk Materne warned that the killing could result in more cyberattacks against U.S. companies.
"Though the cyber security stocks typically are less reactionary to cyber headlines than they were in the past, we believe that significant events still help justify cybersecurity related spend across the industry," the Evercore analysts wrote. "It is uncertain whether there are methodical attacks underway by Iran, but we believe it is likely that the near-term increased tension between Iran and the U.S. could result in reactionary cyberattacks."
Iran has "a very capable, powerful intelligence agency, and they have significant cyber capabilities," Marta said. "They are up there with China, Russia and North Korea. I would put them in the top four. They probably have capabilities that we, as observers, potentially don't fully appreciate."
Iran has conducted extensive intelligence-gathering initiatives against U.S. businesses, with a particular focus on research, development and academia.
In March 2018, U.S. prosecutors unveiled criminal charges against nine Iranians for allegedly compromising 8,000 email accounts of university professors, with about half of them belonging to professors in the United States. Thirty-six U.S. companies and the Labor Department were also targeted by the campaign, which was sponsored by Iran's Islamic Revolutionary Guard, prosecutors said at the time.
Using the stolen credentials, Iranian hackers were able to steal 31 terabytes of information from the targeted schools, companies and agencies.
"At the crux of this case is the fact that the government of Iran systematically and methodically hacked into our country's computer networks with the intent to steal as much information as possible," U.S. Attorney Geoffrey Berman said at the time.
Iran has also shown its ability to attack industrial facilities, particularly those belonging to regional rival Saudi Arabia. In the U.S., intelligence agencies have said Iran has also gathered intelligence about infrastructure including dams across the U.S. In 2016, seven Iranians were indicted for, among other activities, trying to take control of a dam in a New York suburb.