A prominent U.S. cyber warfare expert has admonished other cyber security experts for exaggerating the danger posed by Iran’s cyber warfare and espionage organisations and entities.
Dr. Brandon Valeriano, a Reader at Cardiff University in Wales and author of Cyber War versus Cyber Realities published by Oxford University Press in 2015, told the U.S. Senate’s Homeland Security and Governmental Affairs Committee on May 10, 2017, in Washington, DC, that Iran’s cyber warfare and espionage capabilities are inferior when compared to the capabilities of countries such as the United States, Israel, Russia, China, and those of a number of European countries.
“Iran is thought to be a serious and sophisticated cyber actor but evidence suggests the contrary to this conclusion,” Dr. Valeriano told U.S. Senators.
Citing the 2012 Shamoon cyber attacks against Saudi Arabia’s Aramco and Qatar’s RasGas thought to have been carried out by Iran, Dr. Valeriano said, “The Shamoon attacks on Saudi Arabia’s Aramco systems were destructive, but did not impede operations or wipe out critical information. Likely launched in response to the Stuxnet operation, it is also telling that the response by Iran was not to attack the alleged perpetrators directly, but to go after an ally indirectly, Saudi Arabia.”
Dr. Valeriano’s assessment is in line with other studies on Iran’s strategic behaviour that note Tehran’s preference to use indirect methods against its adversaries and avoid open conflict with militarily superior powers such as the United States and Israel.
Referencing the recent attempted espionage operation against Israeli targets by the Iranian-linked OilRig hacker group, as well as cyber-attacks carried out by other Iranian cyber proxies against U.S. financial institutions over the past few years, Dr. Valeriano pointed out that Iran’s cyber operations have been less than impressive:
Recent attacks on Israel have been reported as another telling aspect of the sophistication of Iranian cyber operations, but the reality is that the state was using released malware from the Shadowbrokers info dumps and spear phishing techniques. Similar attacks on U.S. networks have failed more often than succeeded as well. To argue that these are sophisticated attacks betrays our ability to judge information and impact in cyber security operations.
Similarly, the ongoing Shamoon II attacks against Saudi Arabian targets, again thought to be carried out by the OilRig hacker group, are underwhelming when compared to the sophisticated, effective, and even damaging cyber operations carried out by the likes of China and Russia. Dr. Valeriano noted that, “Ongoing attacks on industrial and financial networks have recently been dubbed Shamoon 2. Reports highlight that the new version of the operation builds on the 2012 attacks on Saudi oil networks and reuses 90 percent of the known code. This is not a highly new or original operation, but a continuation of old methods because targets are slow to update their systems and patch known vulnerabilities.”
Dr. Valeriano’s assessment is certainly at variance with that of many officials and analysts. Recently, for example, the U.S. Director of National Intelligence, Dan Coats, told U.S. Senators that:
Tehran continues to leverage cyber espionage, propaganda, and attacks to support its security priorities, influence events and foreign perceptions, and counter threats—including against US allies in the region. Iran has also used its cyber capabilities directly against the United States. For example, in 2013, an Iranian hacker conducted an intrusion into the industrial control system of a US dam, and in 2014, Iranian actors conducted a data deletion attack against the network of a US-based casino.
Such assessments have become the norm among officials and cyber security analysts in the West and Israel, making Dr. Valeriano’s assessment one to seriously consider if only because it is at odds with the dominant narrative on Iran’s cyber warfare and espionage capabilities.
Yet while Dr. Valeriano’s assessment questions the notion of Iranian sophistication and notoriety in cyberspace operations, it is also possible to underestimate their determination and persistence. Writing recently in The New York Times, correspondent Nicole Perlroth notes that, “By most accounts, these [Iranian-linked OilRig] hackers could best be described as the “B Team,” not nearly as sophisticated as the Chinese, Russian or Eastern European hackers whom security firms have been monitoring for more than a decade. But what OilRig’s hackers lacked in sophistication, they made up for in determination. They did their research. They were patient. When they were caught, they would wait for the dust to settle before trying again.”
It should also be pointed out that Iran has demonstrated a particular sophistication in information operations, which are often cyber-enabled, in Syria, Iraq, Yemen, Lebanon, and Bahrain, something that is rarely noticed in the West where attention is often focused on Iran’s often symbolic and indirect cyber warfare and espionage operations.
For Dr. Valeriano, however, the real danger in Iranian cyber operations lurks not so much in their capabilities and direct action, but in their prevalent use of cyber proxies. In his testimony to U.S. Senators, he said, “The main danger from Iran, just as it is in the terrorism threat vector, is the high probability that Iran will use proxy actors to attack Western targets. Enabling these actors, one group being called the Syrian Electronic Army, might be dangerous if Iran was to transfer technology to these groups who could then use known vulnerabilities in their operations.”
“But for now, Iran seems content to harass American allies, probe American networks, and reuse old malware to attack unprepared targets,” he concluded.