Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


11:00 AM
Mike Walls
Mike Walls
Connect Directly
E-Mail vvv

Why Iran Hacks

Iran is using its increasingly sophisticated cyber capabilities to minimize Western influence and establish itself as the dominant power in the Middle East.

Fourth in a series on the motivations that compel nation-states to hack.

The timing of the invitation to address a joint session of the U.S. Congress from Speaker of the U.S. House of Representatives John Boehner to Israeli Prime Minister Benjamin Netenyahu couldn’t be better for a discussion on Iranian cyber capabilities. Putting internal U.S. politics aside, the event represents a continuing effort by Netanyahu to alert the world to the dangers of a nuclear-armed Iran. As with Iran’s desire to attain nuclear weapons, its history of bad cyber behavior is part of an Iranian strategic effort to establish a hegemon in the Middle East.

To understand the motivation behind Iran’s goal of regional dominance, it’s helpful to consider the relationship between Iran and the United States, as well as Iran’s relationship with its Islamic neighbors in and around the Arabian Peninsula.

By Дмитрий-5-Аверин (Own work) [CC BY-SA 3.0], via Wikimedia Commons
By Дмитрий-5-Аверин (Own work) [CC BY-SA 3.0], via Wikimedia Commons

A quick review of recent history reveals an extremely sensitive relationship between the U.S. and Iran. Since the Iranian Revolution in 1979, Iran and the U.S. have been in a constant state of diplomatic tension which has extended to a kind of military brinksmanship. Over the decades following the revolution, the U.S. has maintained a visible and proactive military presence in the region, exclusive of the Iraq Wars, in order to demonstrate its resolve to keep the Persian Gulf (or the Arabian Gulf, depending upon your perspective) open to trade.

At the same time, Iran has tried to demonstrate its dominance in the region by posing a constant threat to control, if not deny, access to the Persian Gulf. I can attest to the significant military tension in the region from my experience flying off of aircraft carriers in the Gulf, and transiting through the Straits of Hormuz. This aggressive relationship between the U.S. and Iran has become a symbol of Western meddling in the region from the point of view of Iran. This perspective is similar to China’s view of the U.S. presence in East Asia, although, in my opinion, the Chinese context is more related to economics. The Iranian perspective is partly economic as the country has a rich supply of natural resources (e.g. oil and natural gas). But it is also impacted by theology, the second motivation behind Iran’s cyber activity.

Shifting demographics
Islamic demographics in the region can be a little confusing, particularly as we watch the evolution of the Islamic State in Syria and Iraq. Until the rise of Al Qaeda and now ISIL (or ISIS, or whatever they’re calling themselves), Iran was the face of Islam in the Middle East. Ironically, the majority of the Iranian population practices Shia Islam while the majority of Muslims globally practice Sunni Islam. The distinction is significant because enmity between the two sects is one of the root causes of the persistent tension in the region. Historically, the Sunni Islamic countries like Saudi Arabia, Kuwait, Jordan, Egypt, and Iraq before the first Gulf War, have been aligned with the West (represented by the U.S.) both economically and militarily. Those alliances have created tension between Iran and its Sunni neighbors. We have seen that tension manifest itself as Iran continues to extend its influence in eastern Iraq and Yemen.

If Iran is to successfully establish itself as the dominant power in the Middle East, it must minimize Western influence in the region and increase its influence over its neighbors. To do that, Iran must disrupt the military and economic influence of Western countries that maintain a presence in the region, and at the same time it must destabilize those regional Sunni governments friendly to the West. As Iran continues to leverage the threat of nuclear weapons in the kinetic world, it is actively converting threat to action in the cyber domain to achieve its regional objectives.

Until recently, Iranian cyber capability wasn’t considered particularly exceptional. But shortly after the Stuxnet attack, largely attributed to the U.S. and Israel, Iran initiated a focused effort to ramp up its cyber capability. Some experts believe that Iran has closed the cyber capability gap with countries like the U.S. and Russia. The recent Cylance report on Iranian cyber operations identified a number of nations against which Iran has successfully conducted cyber espionage and/or established persistent presence in networks related to critical infrastructure and key resources (CIKR). Interestingly, China is on the list along with a number of U.S. allies including Canada, Saudi Arabia, Qatar, Kuwait, and the United Arab Emirates, to name a few. Note the focus on Sunni states friendly to the U.S.

The North Korean Connection
Lest we believe that Iran operates in the cyber domain with pure strategic intentions, we should also note that like North Korea, Iran lashes out in response to perceived insults by conducting cyberattacks on alleged offenders. Iranian activists are reportedly responsible for a destructive attack on Las Vegas Sands Corporation in February 2014, in response to CEO Sheldon Adelson’s comments about detonating a nuclear bomb in Iran.

At the risk of appearing cliché, axis of evil states tend to flock together. In September 2012, Iran signed an extensive cooperative technology agreement with North Korea. The partnership provides an opportunity for collaboration on information, security and development of technology programs between the two nations. The technology agreement, coupled with focused attacks on CIKR in South Korea by Iran, strongly suggest a cyber alliance with North Korea. This partnership may also explain why the relatively unsophisticated North Koreans were able to carry out such a devastating attack on Sony Pictures.

As the Islamic State and Yemen dominate the headlines in the coming weeks, Prime Minister Netenyahu’s address to Congress will be a stern reminder of another, and perhaps more significant, threat in the region: the perils of a nuclear-armed Iran. I wonder if the problem will be resolved in the cyber domain.

More on this topic:

Mike Walls is the Managing Director of Security Operations at EdgeWave. During his time as a captain with the US Navy, he was commander of Task Force 1030 and was directly responsible for the cyberreadiness of more than 300 ships, 4,000 aircraft, and 400,000 Navy personnel. ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
1/30/2015 | 10:53:15 PM
Re: More than fiction?
Remember that Sandra Bullock movie The Net?  It was completely ludicrous when it came out.  My best friend and I laughed at how terrible it was from a technological standpoint.

But now?  Today, in 2015?  More than completely plausible.
User Rank: Apprentice
1/30/2015 | 12:43:17 PM
iran`s influnce
Mr author, Persia (Iran) has been there for more than 5000 thousands years, still in most part of middle east and central asia or other parts of that region Iranian influnces are quite tangeble from food to customs or traditions. america is total history i doubt is more than 300 hundered years then u guys just 30 or 40 years ago coming from no where into the persian gulf or other area of middle easts and claiming iranian influnces is increasing?so what ?its natural its not a rocket sceince to underestand this lol
User Rank: Strategist
1/29/2015 | 6:15:38 PM
Let's go back a little further in history...
To understand US relations with Iran let's not stop at 1979 but go back to 1953. That's when the CIA had Teddy Roosevelt's grandson, Kermit Roosevelt Jr., orchestrate the overthrow of Iran's President in Operation Ajax. A big trigger of that was that President Mossadegh had nationalized their oil, which really angered the British oil company that was operating in Iran. Part of the loss here is that Mossadegh promoted a secular form of democracy in Iran. Wild speculation here: if Iran had stayed on the path of secular democracy then perhaps Iran today would be an ally of the West in that region, like Turkey is.

I bet the Iranians have not forgotten about our coup and I bet that it feeds into their sense of animosity and distrust toward the West.
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
1/29/2015 | 4:09:03 PM
Re: "Axis of Evil" cooperation and cyber capabilities
Just made that link live, @LucasZa. Thanks for sharing it!
User Rank: Author
1/29/2015 | 2:57:57 PM
Re: "Axis of Evil" cooperation and cyber capabilities
Thanks for the suggestion...Ill do that!
User Rank: Moderator
1/29/2015 | 2:38:53 PM
"Axis of Evil" cooperation and cyber capabilities
Speaking of that and N Korea's cyber capabilities, I suggest reading blog posts and whitepapers published by Bruce Bennett. N Korea's cyber capabilities are far greater than we thought. N Korea and Iran are good examples of asymmetric warfare. See www.rand.org/about/people/b/bennett_bruce.html
User Rank: Ninja
1/29/2015 | 1:45:20 PM
More than fiction?
It is really interesting to see hacking today, becoming a far more legitimate threat than any of the movies in the '80s and '90s which painted hacking as this dangerous, misunderstood underground tool for evil/good in equal measure. It's becoming that powerful on the world stage. 

If you'd said those films had some measure of accuracy when I first watched them, I'd have laughed. Now, it actually makes sense. 
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-15
Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases. It...
PUBLISHED: 2021-04-15
Lotus is an Implementation of the Filecoin protocol written in Go. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms: "serialized", and "compressed", meaning that BLS signatures can be provided as either of 2 un...
PUBLISHED: 2021-04-15
Sydent is a reference Matrix identity server. Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to memory exhaustion and denial of service. Sydent also does not limit response size for requests it mak...
PUBLISHED: 2021-04-15
Sydent is a reference Matrix identity server. Sydent can be induced to send HTTP GET requests to internal systems, due to lack of parameter validation or IP address blacklisting. It is not possible to exfiltrate data or control request headers, but it might be possible to use the attack to perform a...
PUBLISHED: 2021-04-15
Sydent is a reference matrix identity server. A malicious user could abuse Sydent to send out arbitrary emails from the Sydent email address. This could be used to construct plausible phishing emails, for example. This issue has been fixed in 4469d1d.