Perimeter
1/29/2015
11:00 AM
Mike Walls
Mike Walls
Commentary
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
100%
0%

Why Iran Hacks

Iran is using its increasingly sophisticated cyber capabilities to minimize Western influence and establish itself as the dominant power in the Middle East.

Fourth in a series on the motivations that compel nation-states to hack.

The timing of the invitation to address a joint session of the U.S. Congress from Speaker of the U.S. House of Representatives John Boehner to Israeli Prime Minister Benjamin Netenyahu couldn’t be better for a discussion on Iranian cyber capabilities. Putting internal U.S. politics aside, the event represents a continuing effort by Netanyahu to alert the world to the dangers of a nuclear-armed Iran. As with Iran’s desire to attain nuclear weapons, its history of bad cyber behavior is part of an Iranian strategic effort to establish a hegemon in the Middle East.

To understand the motivation behind Iran’s goal of regional dominance, it’s helpful to consider the relationship between Iran and the United States, as well as Iran’s relationship with its Islamic neighbors in and around the Arabian Peninsula.

By Дмитрий-5-Аверин (Own work) [CC BY-SA 3.0], via Wikimedia Commons
By Дмитрий-5-Аверин (Own work) [CC BY-SA 3.0], via Wikimedia Commons

A quick review of recent history reveals an extremely sensitive relationship between the U.S. and Iran. Since the Iranian Revolution in 1979, Iran and the U.S. have been in a constant state of diplomatic tension which has extended to a kind of military brinksmanship. Over the decades following the revolution, the U.S. has maintained a visible and proactive military presence in the region, exclusive of the Iraq Wars, in order to demonstrate its resolve to keep the Persian Gulf (or the Arabian Gulf, depending upon your perspective) open to trade.

At the same time, Iran has tried to demonstrate its dominance in the region by posing a constant threat to control, if not deny, access to the Persian Gulf. I can attest to the significant military tension in the region from my experience flying off of aircraft carriers in the Gulf, and transiting through the Straits of Hormuz. This aggressive relationship between the U.S. and Iran has become a symbol of Western meddling in the region from the point of view of Iran. This perspective is similar to China’s view of the U.S. presence in East Asia, although, in my opinion, the Chinese context is more related to economics. The Iranian perspective is partly economic as the country has a rich supply of natural resources (e.g. oil and natural gas). But it is also impacted by theology, the second motivation behind Iran’s cyber activity.

Shifting demographics
Islamic demographics in the region can be a little confusing, particularly as we watch the evolution of the Islamic State in Syria and Iraq. Until the rise of Al Qaeda and now ISIL (or ISIS, or whatever they’re calling themselves), Iran was the face of Islam in the Middle East. Ironically, the majority of the Iranian population practices Shia Islam while the majority of Muslims globally practice Sunni Islam. The distinction is significant because enmity between the two sects is one of the root causes of the persistent tension in the region. Historically, the Sunni Islamic countries like Saudi Arabia, Kuwait, Jordan, Egypt, and Iraq before the first Gulf War, have been aligned with the West (represented by the U.S.) both economically and militarily. Those alliances have created tension between Iran and its Sunni neighbors. We have seen that tension manifest itself as Iran continues to extend its influence in eastern Iraq and Yemen.

If Iran is to successfully establish itself as the dominant power in the Middle East, it must minimize Western influence in the region and increase its influence over its neighbors. To do that, Iran must disrupt the military and economic influence of Western countries that maintain a presence in the region, and at the same time it must destabilize those regional Sunni governments friendly to the West. As Iran continues to leverage the threat of nuclear weapons in the kinetic world, it is actively converting threat to action in the cyber domain to achieve its regional objectives.

Until recently, Iranian cyber capability wasn’t considered particularly exceptional. But shortly after the Stuxnet attack, largely attributed to the U.S. and Israel, Iran initiated a focused effort to ramp up its cyber capability. Some experts believe that Iran has closed the cyber capability gap with countries like the U.S. and Russia. The recent Cylance report on Iranian cyber operations identified a number of nations against which Iran has successfully conducted cyber espionage and/or established persistent presence in networks related to critical infrastructure and key resources (CIKR). Interestingly, China is on the list along with a number of U.S. allies including Canada, Saudi Arabia, Qatar, Kuwait, and the United Arab Emirates, to name a few. Note the focus on Sunni states friendly to the U.S.

The North Korean Connection
Lest we believe that Iran operates in the cyber domain with pure strategic intentions, we should also note that like North Korea, Iran lashes out in response to perceived insults by conducting cyberattacks on alleged offenders. Iranian activists are reportedly responsible for a destructive attack on Las Vegas Sands Corporation in February 2014, in response to CEO Sheldon Adelson’s comments about detonating a nuclear bomb in Iran.

At the risk of appearing cliché, axis of evil states tend to flock together. In September 2012, Iran signed an extensive cooperative technology agreement with North Korea. The partnership provides an opportunity for collaboration on information, security and development of technology programs between the two nations. The technology agreement, coupled with focused attacks on CIKR in South Korea by Iran, strongly suggest a cyber alliance with North Korea. This partnership may also explain why the relatively unsophisticated North Koreans were able to carry out such a devastating attack on Sony Pictures.

As the Islamic State and Yemen dominate the headlines in the coming weeks, Prime Minister Netenyahu’s address to Congress will be a stern reminder of another, and perhaps more significant, threat in the region: the perils of a nuclear-armed Iran. I wonder if the problem will be resolved in the cyber domain.

More on this topic:

Mike Walls is the Managing Director of Security Operations at EdgeWave. During his time as a captain with the US Navy, he was commander of Task Force 1030 and was directly responsible for the cyberreadiness of more than 300 ships, 4,000 aircraft, and 400,000 Navy personnel. ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/30/2015 | 10:53:15 PM
Re: More than fiction?
Remember that Sandra Bullock movie The Net?  It was completely ludicrous when it came out.  My best friend and I laughed at how terrible it was from a technological standpoint.

But now?  Today, in 2015?  More than completely plausible.
anon2364494044
100%
0%
anon2364494044,
User Rank: Apprentice
1/30/2015 | 12:43:17 PM
iran`s influnce
Mr author, Persia (Iran) has been there for more than 5000 thousands years, still in most part of middle east and central asia or other parts of that region Iranian influnces are quite tangeble from food to customs or traditions. america is total history i doubt is more than 300 hundered years then u guys just 30 or 40 years ago coming from no where into the persian gulf or other area of middle easts and claiming iranian influnces is increasing?so what ?its natural its not a rocket sceince to underestand this lol
BertrandW414
100%
0%
BertrandW414,
User Rank: Strategist
1/29/2015 | 6:15:38 PM
Let's go back a little further in history...
To understand US relations with Iran let's not stop at 1979 but go back to 1953. That's when the CIA had Teddy Roosevelt's grandson, Kermit Roosevelt Jr., orchestrate the overthrow of Iran's President in Operation Ajax. A big trigger of that was that President Mossadegh had nationalized their oil, which really angered the British oil company that was operating in Iran. Part of the loss here is that Mossadegh promoted a secular form of democracy in Iran. Wild speculation here: if Iran had stayed on the path of secular democracy then perhaps Iran today would be an ally of the West in that region, like Turkey is.

I bet the Iranians have not forgotten about our coup and I bet that it feeds into their sense of animosity and distrust toward the West.
Marilyn Cohodas
100%
0%
Marilyn Cohodas,
User Rank: Strategist
1/29/2015 | 4:09:03 PM
Re: "Axis of Evil" cooperation and cyber capabilities
Just made that link live, @LucasZa. Thanks for sharing it!
mwallsedgewave
50%
50%
mwallsedgewave,
User Rank: Author
1/29/2015 | 2:57:57 PM
Re: "Axis of Evil" cooperation and cyber capabilities
Thanks for the suggestion...Ill do that!
LucasZa
100%
0%
LucasZa,
User Rank: Moderator
1/29/2015 | 2:38:53 PM
"Axis of Evil" cooperation and cyber capabilities
Speaking of that and N Korea's cyber capabilities, I suggest reading blog posts and whitepapers published by Bruce Bennett. N Korea's cyber capabilities are far greater than we thought. N Korea and Iran are good examples of asymmetric warfare. See www.rand.org/about/people/b/bennett_bruce.html
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
1/29/2015 | 1:45:20 PM
More than fiction?
It is really interesting to see hacking today, becoming a far more legitimate threat than any of the movies in the '80s and '90s which painted hacking as this dangerous, misunderstood underground tool for evil/good in equal measure. It's becoming that powerful on the world stage. 

If you'd said those films had some measure of accuracy when I first watched them, I'd have laughed. Now, it actually makes sense. 
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Title Partners Role in Perimeter Security
Title Partners Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Cybercrime has become a well-organized business, complete with job specialization, funding, and online customer service. Dark Reading editors speak to cybercrime experts on the evolution of the cybercrime economy and the nature of today's attackers.