Iran's cyber intrusions in the US financial sector

Answer

Iranian Cyber-Attacks

            Although measures have been taken to try and combat cyber-attacks in the U.S., many perpetrators are still able to hack the systems. This is a proof that there still exists a gap in the cybersecurity efforts. From the case study, seven Iranians who were working for the Iranian government managed to conduct a series of cyber-crimes that costed the U.S. financial institutions millions of dollars (Bouveret, 2018). They were also able to access some critical controls of the New York dam. The individuals used botnets and many other malicious computer codes. In 2012 and 2014, Iran executed distributed denial of service (DDoS) attacks against American banks and the 2012 Shamoon attack against Saudi Arabia’s oil company Aramco. Through the DDoS attacks, these perpetrators were able to disable bank websites thereby preventing customers from accessing their online accounts. The campaign called Operation Ababil barred access to several major financial institutions' websites by crushing their servers with web traffic. The strategic goals of Iran’s cyber-attacks will be examined in this essay. Iranian cyber-attacks were in reaction to America’s imposed economic sanctions to oppose Iran’s nuclear program, retaliation to punish and dishonor ideological adversaries, and defeat regional enemies in the Middle East.

Operation Ababil as a Means to Modernize Iranian Economy

            Operation Ababil was an escape strategy to global sanctions, and a means to modernize the Iranian economy. Iran has been known for its tendency to conduct cyber operations as a response to past conflicts or offences. These are often calibrated to inflict the tangible costs and demonstrate strategic reach, while still denying the activities in order to avoid any escalations. The 2012-2013 Operation Ababil against the financial institutions of the U.S. is one example (Bouveret, 2018). Also, similar attacks were witnessed in 2012 against Saudi Aramco in the Shamoon attack and in 2014 against Las Vegas Sands Corporation.

            The Operation Ababil took place at a time when Washington was pushing for additional sanctions on the Iran’s Central Bank among many other entities. In response, the Iranian government planned a disruption on the online banking platforms temporarily (Hennigan, 2019). Hence, even though it was a rudimentary attack, the operation featured a targeted campaign which temporarily disrupted the most critical business functions with regards to the U.S. economy (Sprusansky, 2016). The outcome was damages worth tens of millions of dollars. Although the hacktivist group Izz al-Din al Qassam Cyber Fighters claimed responsibility, it is evident that the attacks were sanctioned by the Iranian government.

            This can be proved by the fact that the Aramco and Las Vegas Sands attacks all followed a similar approach. They were all claimed by hacktivist groups that had political motivations, but the link to the Iranian government was also evident. They were tied to specific developments that were perceived as a threat by Tehran. Shamoon attack took place after the tightening of U.S. oil sanctions and the identification of cyber operations against the nuclear infrastructure of Iran (Sprusansky, 2016). The Sands attack, on the other hand, occurred after the company owner Sheldon Adelson advocated for a nuclear attack on Iran. Hence, all attacks can easily be linked to the Iranian government since it is clear that it was provoked.

            Although these attacks took place at around the same time, they differed significantly in terms of their destructiveness. The Shamoon attack was more damaging since it destroyed over 30,000 computers that ended up clearing a large portion of the Aramco’s IT infrastructure (Laipson, 2017). It crippled the company’s business operations significantly. This attack may have been facilitated by an employee of the company who was able to share the network knowledge and even privilege escalation. This provides a reasonable explanation of why a Saudi company was attacked in retaliation for the actions of the U.S. against Iran (Healey et al., 2018). On the contrary, Operation Ababil did not have similar effects. The attack was only temporary, thereby leading to financial losses. This indicates that Iran had made a calculated decision to only inflict financial losses on the country, without leading to heavy damages that could encourage their retaliation.

            The sanctions against Iran’s nuclear program prevented the country from forming an economic alliance with China. This appears to have been the only missing piece to the achievement of the set goals of nuclear products. Therefore, in an effort to discourage the U.S. and the U.N. from interfering, the country opted to retaliate (Sprusansky, 2016). Once removed, the sanctions would not be able to prevent Iran from forming any alliances or obtaining supplies and products from China. This would provide the country with the competitive advantage it requires during wars and other forms of conflict, especially since the nuclear products are quite destructive.

            Also, to ensure that it gains competitive advantage against powerful countries such as the U.S., the Iranian government has focused on intellectual property theft that is carried out through cyber operations (Hennigan, 2019). With such knowledge, Iranian government will know what these countries are planning against it, thereby enabling it to prepare beforehand. In addition to other top secret government operations, the country will be able to effectively carry out an attack on U.S.

The Cyber-Attacks as a Means to Punish and Dishonor Ideological Enemies

            The U.S. was a key player in one of the most sophisticated planed cyber-attacks against Iran. It has also been at the forefront in the campaign against the country’s nuclear program. Barack Obama who was the president at the time decided to speed up an initiative that was launched by the previous President George Bush (Egloff, 2017). It was given the code name Olympic Games, and was aimed at using computer viruses to attack the uranium-enrichment program designed by Tehran. The disclosure that the U.S. president was involved in the cyberwar against Iran shows that the country, with the help of Israel’s involvement, was behind the famous Stuxnet virus. This attack affected the action of some of the centrifuge machines used to enrich uranium. After it was revealed that the U.S was behind this attack, the Operation Ababil was soon experienced (Hennigan, 2019). Therefore, it can be argued that it was a way to punish this country for getting involved in the action against Iran. Furthermore, Iran has always been intent on seeing the nuclear program to completion. Hence, after its equipment was destroyed, the attack on the U.S cyber space was a way to try and make it even, while also discrediting the country.

            Another enemy which Iran decided to punish and dishonor is Saudi Aramco. In 2012, Saudi Aramco was attacked by a computer virus which spread across 30,000 Windows-based personal computers within the company’s network (Laipson, 2017). The company is Saudi Arabia’s national petroleum producer, manufacturer, marketer and refiner of crude oil, natural gas, and other petroleum based products. The attack was quite devastating that it took the company two weeks to fully restore its damaged network and recover from the disruption of its business operations. This company holds the world’s spare oil production capacity, which is what makes the attack quite important.

            The Saudi Aramco company is very critical to the world’s petroleum markets, especially the U.S (Sprusansky, 2016). That is why there has always been a need to protect the company’s infrastructure from military and terrorist attacks. If oil supplies and prices are impacted, the global economy will immediately suffer the consequences. Fortunately, the attack only focused on computers rather than the physical aspects of the company. However, it led to a series of security concerns between the U.S. and Iran. It showed the country that Iran has access to some of the most sophisticated tools, and that it can use it if need arises. Through this attack, the Iranian government has managed to dishonor the U.S. in terms of the cybersecurity measures that it has in place. Both the company and the U.S. were punished since the loss was quite severe.

            Iran’s action to damage business and industrial institutions demonstrates an indifference to global norms. The government is fully aware of the extent of the damages that its attacks cause. For instance, it also depends on the Petroleum products, as well as the financial industry that helps to keep the global economy at bay. Unfortunately, it was still relentless on its attacks on the Saudi Aramco company, and the financial institutions in the U.S (Bouveret, 2018). Therefore, it is clear that this country simply wants to destroy the economy so as to reduce the level of power held by these key industry players. If the economy is disrupted, Iran will have more power to promote its nuclear program that many countries and organizations are worried about.

The Cyber-Attacks were a means to Overpower Iran's Enemies in the Middle East

            Cyber-attacks are one of the means Iranians are leveraging their dominance in the region. Seeking to make itself the region's great power, Iran has frequently nettled against Israel and countries allied to America like Saudi, UAE, and Bahrain (Egloff, 2017). The Iranian leadership has constantly sought to weaken and challenge those countries in the region that it perceives as direct enemies. Saudi Arabia and Iran are both two powerful countries. Although they are neighbors, these two countries have constantly been engaged in a fierce war to prove regional dominance (Sprusansky, 2016). The feud between them is worsened by the fact that they both carry different religious beliefs. Each one of them follows one of the two main branches of Islam. Iran follows the Shia Muslim, while Saudi Arabia follows the Sunni Muslim power.

            This regional division between two countries is reflected in the wider view of the Middle East (Laipson, 2017). Some countries have a majority of either one of these two branches. Hence, they tend to look towards either Iran or Saudi Arabia for guidance. Therefore, it is a power struggle that will never end until one of the two countries emerge as the most dominant one. That is why Saudi Arabia is considered to be the biggest enemy of Iran in the Middle East Region.

            Saudi Arabia has always perceived itself as the leader in the Muslim religion. It is a monarchy and the birthplace of the Islam religion. However, this has been changing ever since 1979 when an Islamic Revolution took place in Iran (Sprusansky, 2016). It led to the development of a new type of state that had the goal of exporting its model to many other countries. The difference between Saudi Arabia and Iran have been enhanced by a series of past events. In 2003, the U.S led an invasion which ensured that Saddam Hussein was overthrown. He was a Sunni Arab whose government was then replaced by a Shia-dominated one. In 2011, the Arab uprisings resulted in political instability. These upheavals were exploited by both countries to expand their individual influence in neighboring countries such as Syria, Bahrain and Yemen. It is believed that Iran hopes to expand its influence all the way to the Mediterranean.

            The fact that Saudi Arabia has had support from the U.S. government further worsens the strained relations (Laipson, 2017). Israel is also against Iran since it perceives it as a mortal threat, which is why it supports Saudi Arabia’s efforts to try and contain Iran. On the other hand, Iran has struggled to form allies within the region by smuggling weaponry and pledging allegiance to different countries. Therefore, through its militia groups, Iran has worked to try and weaken the influence of governments in countries such as Yemen (Sprusansky, 2016). The groups plan and carry out attacks which disrupt the country’s peace and operations. It is due to such conflicts that most countries in the Middle East are in constant conflict. Once a conflict is triggered by the militia groups, the governments start blame games which dries their attention from important matters which places them at risk of being overpowered by Iran. This is the same outcome which Iran hoped to achieve when it resorted to attack the U.S. through its cyberspace. However, it did so through so much caution since the U.S. is still a more powerful country. Any retaliation may lead to a loss of progress.

Strategic Recommendations

            Considering the analysis conducted, it is clear that the International Cybersecurity model should be changed. This will ensure that all countries combine their powers so that they can overpower Iran and prevent a repeat of the same outcomes in future (Healey et al., 2018). The first step of this recommendation is ensure that other likeminded nations and entities are coordinated. It will lead to the creation of an International Cyber Stability Board, which features the selected countries (Kramer & Butler, 2019). Hence, offensive cyber security capabilities from different regions will be combined under the alliance. Secondly, more activities need to be conducted in relation to national security efforts made by organizations such as NATO (Kramer & Butler, 2019). The U.S. department of Defense is always actively engaging other countries. However, it should enhance its focus on steps meant to reduce vulnerabilities, establishing greater resilience, and even promoting the use of offensive capabilities.

Conclusion

            This paper has demonstrated Iran's interests in pursuing cyber operations as a retaliatory attack against American sanctions, becoming a powerhouse in the Middle East, and dishonoring and punishing ideological enemies. The country is clearly engaged in a power struggle with Saudi Arabia mainly due to the religious differences between them. The country hopes to gain more influence over other neighboring countries so that it can become the most dominant entity in the region. Unfortunately, Saudi Arabia has gained the support of countries such as the U.S. and Israel, both of whom do not support the operations of Iran. Americans need to comprehend Iran’s better comprehension of Iran's history and strategic justification for cyber-attacks as a means for America to develop broader cyber-warfare bearing against enemies and judicious American reaction to future cyber threats from Iran and elsewhere. It is clear that the country has a powerful team of IT specialists who can develop sophisticated software. Therefore, the U.S. is still at risk of more severe cyberattacks if measures are not taken to prevent the same in future.