Cybersecurity experts warn that Iran's government could retaliate against the U.S. with cyberattacks on critical infrastructure and businesses following President Donald Trump's decision to reimpose sanctions and pull out of an Obama-era nuclear deal.
Iran is known for waging cyberattacks during international upheaval and has a history of deploying destructive attacks against its perceived enemies.
But concern about possible attacks from Iran come as the Trump administration's national security team is considering eliminating the top White House cybersecurity job.
Prior to the nuclear agreement with Iran in 2015, state-run hackers were working to penetrate U.S. chemical, banking and transportation companies, though the efforts largely stopped after the accord was reached.
“In the absence of the agreement, that [hacking] restraint could disappear,” John Hultquist, director of intelligence analysis at FireEye, told McClatchy DC. He said that the most likely target of any Iranian-backed cyberattacks would be American critical infrastructure and businesses.
Levi Gundert, a former Secret Service agent who is vice president of threat intelligence at Recorded Future, agreed He said authorities in Iran have shown their willingness to attack American companies.
“They are facing a government which is not happy about President Trump turning up the economic pain dial and reapplying these sanctions,” he said. “This was a pattern that was very active before 2015.”
“They are facing a government which is not happy about President Trump turning up the economic pain dial and reapplying these sanctions. This was a pattern that was very active before 2015.”
Any revival of that pattern now would come as John Bolton, President Donald Trump's recently hired national security adviser, is pushing for the elimination of the role of special assistant to the president and cybersecurity coordinator -- despite Bolton being known in Washington as a cybersecurity hawk who advocated actively targeting enemies of the U.S.
Before the 2015 deal, the Iranians were trying to disrupt the American transportation network, including "multiple" airports.
“They were in some very sensitive areas of airport networks where they could conceivably cause serious disruption,” Hultquist said, noting that the effort was identified and hackers were neutralized.
The Iran government propped up its cyber division in the wake of a 2010 cyberattack on the country's nuclear program. The attack was perpetrated by U.S. and Israeli hackers and made Iranian centrifuges at the Natanz plant spin out of control and shatter.
Though many suggest Iranian hackers aren't as sophisticated as Israeli or American counterparts, they shouldn't be underestimated, Gundert said.
“Even though on many occasions they’ve demonstrated a lack of technical sophistication, they’ve made up for it with brashness and creativity (and) their willingness to really push the edge,” he said.
“Even though on many occasions they’ve demonstrated a lack of technical sophistication, [Iran has] made up for it with brashness and creativity (and) their willingness to really push the edge.”
Hackers in Iran waged a cyberattack on about 40 U.S. banks after then-President Barack Obama imposed financial sanctions on Iran. In 2014, Las Vegas casino mogul Sheldon Adelson's business networks were targeted by Iranians, inflicting significant damage, McClatchy reported.
The attacks also were directed at key U.S. allies in the Middle East, with hackers deleting all data from around 30,000 computers in 2012 at Saudi Aramco, Saudi Arabia's state-run oil company.