Offensive cyber operations have grown to be a key element of the Iranian regime’s foreign policy, national security and long-term strategic agenda. Supreme Leader Ali Khamenei realized the power of cyber warfare several years ago and began investing to promote Iran’s cyber capabilities. In a speech to students studying at IRGC-funded universities, Khamenei stated, according to state outlets: “You are the cyberwar agents and such a war requires Amman-like insight and Malik Ashtar-like resistance. Get yourself ready for such war wholeheartedly.”
The IRGC leaders devised paths to exploit the Iranian youth, who are known to be tech-savvy and who frequently rank highly in global technology, math, physics and science competitions. After a year of investment and training, the Iranian regime’s efforts began to pay off for its leaders.
While the West and Arab states are on the Iranian regime’s agenda for cyberattacks and cyberspying, several countries such as the US, Saudi Arabia, Britain and Israel are of special interest to Tehran.
The Iranian regime has been relentless in finding various methods to subvert these nations through attacks on governmental institutions, the private sector and underlying infrastructures.
Earlier this year, several intelligence agencies and officials revealed that a group of the Iranian regime’s hackers, known as “Cadelle and Chafer,” conducted destructive cyberattacks against Saudi Arabia. Prior to this, the Saudi government warned telecommunications firms that malicious Iranian software called “Shamoon” had been involved in cyberattacks against nearly 15 Saudi governmental and non-governmental networks. Previously, the Iranian regime initiated a cyberattack against the major Saudi oil producer Aramco, in which over three-quarters (30,000) of its computers were disabled. The attack against Aramco is still viewed as one of the most damaging cyberattacks committed by a state. It took several months of resources with “extreme cost” to mitigate the destruction.
Furthermore, a private cybersecurity firm identified an Iranian group as being behind attacks on US and South Korean aviation and energy companies. And, last month, British intelligence concluded that Iran was behind a cyberattack on the email accounts of dozens of MPs, including Prime Minister Theresa May.
The Iranian regime has also ratcheted up cyberspying efforts against Iranians living abroad, particularly those who are influential in informing foreign policy and criticizing the regime.
These are only a few examples of the Iranian regime’s offensive cyber operations, which are celebrated as great successes by its leaders.
But why is the Iranian regime investing greatly in such capabilities?
First of all, cyberattacks fit in with the regime’s modus operandi and strategic goals to inflict damage on other countries indirectly. Iran has become masterful in attacking from behind the scenes.
Indirect method of hurting rival nations helps Iranian leaders dodge responsibility and provides them with the powerful tool of deniability on the international stage.
Dr. Majid Rafizadeh
Before the age of the internet, Tehran relied heavily on proxies, mercenaries and militias. Using indirect methods gives the ruling mullahs an advantage, and lowers the risk and cost. It helps the Iranian leaders dodge responsibility and accountability and provides them with the powerful tool of deniability on the international stage. Iran has never been held accountable when its puppets were caught attacking another nation, smuggling weapons, or violating international laws.
Secondly, by using indirect attacks and offensive cyber operations, the Iranian regime saves itself from a potential war with the superpowers. Despite their rhetoric, the Iranian leaders are timid when it comes to fighting other militaries directly. This is due to the fact that they are well aware that their military capabilities are vastly inferior to those of the US or European powers. They would be easily defeated in a direct war with countries that Tehran considers its rivals.
It is worth noting that many of Iran’s cyberattacks are aimed at the petrochemical industry, military and intelligence sectors in order to gain leverage, particularly over Saudi Arabia and the US. In addition, since the regime cannot obtain advanced weapons from the US, cyberspying helps the regime gain access to the technical data required to advance its military aviation capabilities.
The hackers normally steal data and then introduce malware to the system to delete all the data afterwards.
The Iranian regime’s offensive cyber operations and capabilities will probably become more advanced in the next few years, as it is at the top of Tehran’s foreign policy agenda. Not only can this cause more financial and infrastructure problems for nations such as Saudi Arabia, the US, Britain and Israel, but it will also pose a grave threat to the national security of these nations.
• Dr. Majid Rafizadeh is a Harvard-educated Iranian-American political scientist. He is a leading expert on Iran and US foreign policy, a businessman and president of the International American Council. He serves on the boards of the Harvard International Review, the Harvard International Relations Council and the US-Middle East Chamber for Commerce and Business. Twitter: @Dr_Rafizadeh