In the cyber world, no one trusts anyone. In the real world, nations may have partners and allies; however, as soon as these relationships are taken into the cyber realm, all trust seems to evaporate. There’s a good reason for this lack of trust. Evidence seems to indicate that, in the cyber world, everyone really is spying on everyone else. So how is it possible that two longtime adversaries, Iran and the U.S., may be on the verge of becoming cyber partners? Not only that, they may be partnering against some of the traditional friends of the U.S.
To see how this unusual partnership came about, it is necessary to give a few facts. In terms of cyber attacks, Iran ranks third in the world. This may seem strange for a country that, for many Americans, appears to have just discovered fire last weekend. The truth is that they put a great deal of time, effort, and money into attacking those who are perceived as enemies, such as Western nations, other Middle East foes, and, of course, Israel.
Iran’s attacks are not known to be particularly sophisticated. This is because they simply lack the finances to develop the big zero-day attacks that are so popular among the Chinese and Russians. However, what they lack in sophistication they make up for in persistence.
This landscape may begin to change, however, because of the recent nuclear deal that the PS5 + 1 (China, France, Russia, United Kingdom, United States—plus Germany) have made with Iran. The curbs put on their nuclear development program may allow Iran to channel the money they save on nuclear development into their cyber attack program. In addition, the lifting of sanctions may increase their national revenues which, in turn, would free up even more money for their cyber escapades.
But, at least for the moment, Iran has toned down its attacks on the US. They are apparently showing some good will to allow for a smooth transition into meeting the terms of the nuclear agreement. They certainly don’t want to do anything that may make their negotiation partners feel uneasy and, God forbid, force them to snap back the sanctions. However, according to a report from cyber security firm, Clearsky, they appear to have ramped up attacks against other, non-PS5+1 foes, such as Israel and Saudi Arabia. The attacks seem to be looking for information and not financial gain.
The attacks mainly rely on traditional spearphishing techniques using email, telephone calls, or Facebook.
Some observers are suspicious concerning the speed with which Iran has ramped up its cyber attack capabilities in recent years. Rep. Peter Hoekstra (R., Mich.) maintains that Iran is getting help in building up its cyber arsenal. The question, he claims, is “how quickly [Iran] did it and more importantly who helped them do it” and “the most likely candidate for that is the cooperation they have with Russia.” Russia is an economically drowning man, grasping at anything to keep afloat. No one wants to be associated with them. Even China must be careful in appearing to be too close to the Russian pariah. It seems the only friends Russia has left are the rogue states with nothing to lose, such as Syria, Venezuela, North Korea, and, of course, Iran. Iran is aligned with Syria and Russia seems to be positioning itself to support Syria militarily. In helping Syria’s Assad, it is also helping Iran maintain its influence in the area. A stronger, sanction-free Iran would open up more arms sales and give the floundering Russian economy a welcomed financial boost. In addition, the nuclear agreement gives Russia the lead in cooperating with Iran on nuclear development. Annex III/C/7/7 of the agreement states:
“The transitioning to stable isotope production of two cascades will be conducted in a joint partnership between the Russian Federation and Iran on the basis of arrangements to be mutually agreed upon.”
This cooperation will also help Russia with its financial difficulties.
But Russia is not alone in helping Iran in its cyber development. Indirectly, both the U.S. and Israel have made their own contributions. Cyber attacks launched by these countries against Iran’s oil production facilities and their uranium enrichment program have been back-engineered by Iran to add another attack profile to their cyber weaponry. The malware employed against Iran was some of the most complex ever designed and include Stuxnet, Duqu, and Flame. A 2013 NSA top secret document expressed concern about Iran being in possession of this malware or malware based on its architecture.
The last part of Annex III of the nuclear agreement promotes cooperation between the signatories and Iran. Iran will receive training and support from the U.S. and other members in setting up research and conference centers and, if Iran so desires, in building a variety of facilities from medical centers to desalination plants. Within this cooperation framework is the problematic article 10, which states that the U.S. and other PS5+1 members can provide:
“Co-operation through training and workshops to strengthen Iran’s ability to protect against, and respond to nuclear security threats, including sabotage, as well as to enable effective and sustainable nuclear security and physical protection systems.”
Senator and republican presidential candidate Mark Rubio (and later Donald Trump) insist that this could compromise relations between the U.S. and its allies, especially Israel. If, for example, Israel decided to take out one of the nuclear development centers, either militarily or through a Stuxnet-like cyber attack, would this mean that the U.S. could be pushed into an uncomfortable position of defending Iran against Israel? Although such a position is possible, there is no mandatory defense outlined in the agreement. That said, even maintaining a neutral position in such a predicament would politically undermine the U.S by making them appear to be ineffective. It would be a no-win situation.
Unless Iran drops the ball and is caught trying to circumvent the agreement (which is not beyond the realm of possibility, considering their past behavior) the U.S. will have little choice but to become more friendly towards Iran. They must, at least, maintain a positive working relationship. Any assistance that helps Iran’s economic development will, by default, assist Russia in its own financial recovery. Although it is difficult to imagine a scenario in which the U.S. blocks a cyber attack from Israel, it is quite easy to imagine that they could do so inadvertently. This is because a good cyber attack hides the location from which it was launched. So, unless Israel told the U.S. in advance that it was going to launch a cyber attack against Iran, the U.S. would probably not know who it was defending Iran against. If they did know this information in advance, then the U.S. would be complicit in the attack, and would be, in effect, undermining their own nuclear agreement. As I stated before, for the U. S., the nuclear agreement may end up putting them in a difficult position.
The perception of a growing cooperation between Iran and the U.S. could make some of the U.S.’s traditional Middle East partners uncomfortable. As a result, some other, just as unusual, partnerships may arise. You may see Israel and Saudi Arabia begin to work more closely together. Turkey would align more with the West and take a stronger stance against Russia. ISIS will almost certainly gain more recruits. In an attempt to allay such concerns by its allies, the U.S. announced it will contribute billions of dollars in military equipment to both Israel and Saudi Arabia. Sitting on the fence is an uncomfortable and expensive position.
Although the Ayatollah Ali Khamenei, told supporters that Iran’s stance towards “the arrogant U.S. will not change”, we can assume that this was more to appease conservative elements, such as the Revolutionary Guards. Still, the spin given by the Iranian government is that it was its military strength that forced the U.S. to negotiate with them. As Khamenei later remarked on his website, “those who leveled sanctions against us yesterday are dying today – because Iran has become the region’s foremost military power.” This announcement was accompanied by a graphic of a weapons-covered fist.
If the belief exists that it was its military strength that forced the West, and especially the U.S., to negotiate, it is unlikely that Iran will veer from this path. In fact, just after the negotiations, one of the Iranian negotiators, Abbas Araghchi, said that Iran will continue to “buy weapons from wherever possible” as well as to “provide weapons to whomever and whenever it considers appropriate”. Yesterday (October 4th), the whistleblower site, Cryptome, published a document showing the current state of Iran’s extensive weaponry. As it is not in English, I cannot attest to its validity.
In any event this announcement by Araghchi that Iran was actively returning to the weapons market was likely well-received in Moscow and Damascus. The same kind of thinking will also influence Iran’s development of cyber weaponry. In fact, a recent article in National Defense Magazine warns that cyber attacks from Iran are expected to increase over the next several years. All the while, the U.S. has no choice but to work with Iran in accordance with the nuclear agreement. It will be interesting to see how they manage this.