Cyber Strife Between U.S. and Iran Is Nothing New

Stephen L. Carter

January 19, 2020 at 8:00 a.m.

(Bloomberg Opinion) -- Experts are warning that the U.S. should expect more cyberattacks by Iranian hackers in retaliation for the death of General Qasem Soleimani in a targeted drone strike. Maybe they’re right. But let’s not kid ourselves: Iran would be launching lots of cyberattacks anyway.

And the danger of escalation would be ever-present.

So far, despite the warnings, security researchers report that little has yet materialized. But that doesn’t mean nothing major will happen. Iranian’s official and semi-official hackers are among the best in the world, and both the U.S. government and private industry are bracing for possible attacks. Crucial sites are much better protected than they were a few years ago, but no protection will ever be perfect.

Infrastructure, always an attractive target, has long been a focus of Iran’s hackers, particularly the group known as APT33 or Refined Kitten. Recent news reports have singled out Refined Kitten’s constant “password-spraying,” the relatively low-tech tactic of flooding infrastructure targets with common passwords(1) in the hope that some will work. However, those attacks aren’t a response to the current crisis; they’ve been going on at least since 2018.(2)

The dates matter. What’s often called the “shadow war” between the U.S. and Iran has been going on for a long time. Last June, for instance, the U.S. retaliated for Iranian attacks on oil tankers and the downing of a drone by launching cyber assaults against “an Iranian intelligence group” believed to be involved. The U.S. action also followed a spike in efforts by Iranian hackers to breach computer systems at, among others, the Energy Department and U.S. national laboratories.

It’s tempting to blame the shadow war on the policies of President Donald Trump, but the battle was joined long before he took up residence in the Oval Office. The Iranian efforts are usually dated to 2009, when the “Iranian Cyber Army” successfully attacked Twitter, proclaiming on the site’s homepage “U.S.A. Think They Controlling And Managing Internet By Their Access, But They Don’t, We Control And Manage Internet By Our Power.”

The hacks continued throughout the Obama administration. In 2013, for instance, Iranian hackers “infiltrated the control system of a small dam less than 20 miles from New York City.” The next year, they attacked a Las Vegas casino owned by Sheldon Adelson. In 2016, the U.S. announced indictments against seven hackers said to be working on behalf of Iran’s Revolutionary Guard who were alleged to have “conducted a coordinated cyberattack on dozens of U.S. banks, causing millions of dollars in lost business.”

Moreover, Iran never needed any provocation to unleash its hacking squads. In November of 2015, the New York Times reported “a surge in sophisticated computer espionage” by hackers based in the Islamic Republic, including “a series of cyberattacks against State Department officials.” Those attacks came four months after the signing of the Iran nuclear deal.

My point isn’t that the accord somehow caused the attacks, perhaps by emboldening Iran. That’s nonsense. My point is that the existence of the accord didn’t prevent the attacks or even reduce their frequency or scope.

Nor should anyone have expected such a result. In the Middle East, for better or worse, the U.S. and Iran are rivals, each seeking to exercise influence in the world’s most volatile region. As every disciple of conflict theory knows, rival powers often find it in their interest to cooperate on particular issues. But the fact that rivals sometimes cooperate – as the U.S. and Iran did, for example, in the battle against Islamic State — doesn’t suddenly make them allies. Neither did the nuclear deal.

From the point of view of both countries, a battle in cyberspace feels far safer than one fought out with force of arms. One might suppose that because the U.S. is the dominant online player, a fight in the digital realm would be to its liking. But there are reasons to be wary.

In an important recent essay in The Atlantic, Stanford’s Amy Zegart points to the paradox of U.S. tech dominance: “The United States is simultaneously the most powerful country in cyberspace and the most vulnerable country in cyberspace,” she writes. The more widespread and complex your systems, she argues, the greater the possibilities for a hacker to find a way in: “In the virtual world, power and vulnerability are inextricably linked.”

And exploiting the opponent’s online vulnerabilities is a tricky and dangerous business. Few conflicts stay in the shadows forever. The trouble is, it’s impossible to predict when or how the battle will burst into the open. Here one is reminded of Nobel Laureate Thomas Schelling’s description of “limited war” as being like fighting while in a canoe. “A blow hard enough to hurt,” he wrote in Arms and Influence, “is in some danger of overturning the canoe.” Once both canoes capsize and everybody’s in the water, there’s no way to tell who’ll drown.

So far, the cyber-blows exchanged by Iran and the U.S. haven’t been hard enough to hurt in any deep and profound sense, even during the current atmosphere of crisis. The canoes have stayed afloat. One expert interviewed by the Washington Post suggested that all we’re likely to see is “small-scale interruptions and nuisance activities with limited impact” – in a word, vandalism. That’s what happened earlier this month, when Iranian hackers successfully defaced the website of the Federal Depository Library Program with a tribute to Soleimani. And if by chance you haven’t heard of the Federal Depository Library Program, that’s the point.

But the fact that the cyber war between the U.S. and Iran has remained in the shadows so far doesn’t mean it always will. No matter who wins the 2020 presidential election, the battle war won’t go away.

Neither will the risk of overturning the canoe.

(1) If your password is on this list, then it’s common, and you should change it.

(2) Refined Kitten, like other Iranian hacker groups, has also targeted companies involved with national security. One “soft” Refined Kitten technique involves posting fake notices about jobs in the defense industry, evidently in the hope of vacuuming up information from applicants.

To contact the author of this story: Stephen L. Carter at scarter01@bloomberg.net

To contact the editor responsible for this story: Sarah Green Carmichael at sgreencarmic@bloomberg.net

This column does not necessarily reflect the opinion of Bloomberg LP and its owners.

Stephen L. Carter is a Bloomberg Opinion columnist. He is a professor of law at Yale University and was a clerk to U.S. Supreme Court Justice Thurgood Marshall. His novels include “The Emperor of Ocean Park,” and his latest nonfiction book is “Invisible: The Forgotten Story of the Black Woman Lawyer Who Took Down America's Most Powerful Mobster.”

For more articles like this, please visit us at bloomberg.com/opinion

Subscribe now to stay ahead with the most trusted business news source.

Yahoo Canada Style
Sophie Grégoire Trudeau is leaning into the unknown for her next chapter: 'I'm OK with the uncertainty'
No question was off limits in Yahoo Canada's candid and emotional conversation with the "Closer Together" author.
3 hours ago
HuffPost
How Toxic Is Trump? Republican Group's Hidden Camera Reveals Uncomfortable Truth.
The former president's behavior just doesn't fly out in the real world.
6 hours ago
People
Sydney Sweeney Jokes That She’s Sorry for Having ‘Great’ Boobs During Mexico Vacation
The 'Euphoria' actress poked fun at her appearance in an Instagram post while enjoying a getaway with friends
a day ago
HuffPost
OOPS! Eric Trump Freaks Out Over Dad’s Trial But Gets 1 Very Awkward Thing Wrong
A rant on Fox News from Donald Trump's son contained one glaring error.
7 hours ago
Miami Herald
Ryan Reynolds shares emotional tribute to Michael J. Fox
Ryan Reynolds wrote a tribute to Michael J. Fox that will bring a tear to your eye.
22 hours ago
People
Rebel Wilson Says British Royal Invited Her to 2014 Party with Drugs and Orgies
“Needless to say, I hike up my damsel dress and run out of there as fast as I can,” the 'Rebel Rising' author said of the medieval-themed party
11 hours ago
Hello!
Royal fans left disappointed as Prince William and Princess Kate break with tradition on eve of Prince Louis' birthday
Here's how Prince William and Princess Kate strayed from established tradition on the eve of Prince Louis' 6th birthday
4 hours ago
People
Prince Louis Stars in 6th Birthday Portrait Taken by Kate Middleton as She and William Share Personal Message
The image comes one month after Princess Kate's Mother's Day photo with her children was criticized for being edited
3 hours ago
Simply Recipes
Nationwide Alert Has Been Issued Over Ground Beef Contaminated With E. Coli
Check your fridge or freezer.
a day ago
HuffPost UK
Lady Gaga Reacts As Pre-Fame Festival Performance From 17 Years Ago Goes Viral
The 13-time Grammy winner has a surprisingly good memory.
23 hours ago
HuffPost
Mary Trump 'Can't Help Laughing' At This 'Schadenfreude' In Uncle's Trial
Donald Trump's niece suggested what he's "probably been dreading" for decades.
a day ago
HuffPost
Ex-Prosecutor Spots A Big 'Oops' In Donald Trump's Likely Legal Defense
Andrew Weissmann also predicted a huge "tug of war" over one particular witness in the former president's hush money trial.
a day ago
Good Housekeeping
‘NCIS’ Star Wilmer Valderrama Speaks Out After the Show Makes a Major Announcement
CBS announced that 'NCIS' got renewed for season 22 and will air during the 2024-2025 TV broadcast season on the network.
15 hours ago
Reuters
Trump accepts new restrictions on $175 million bond in New York civil fraud case
NEW YORK (Reuters) -Former President Donald Trump agreed on Monday to additional restrictions on the $175 million bond in the former U.S. president's New York civil fraud case, resolving concerns by the state attorney general that the funds were not secure. The bond issued by Knight Specialty Insurance is meant to secure Trump's compliance with a $454.2 million judgment won by state Attorney General Letitia James if he does not succeed in an appeal. Justice Arthur Engoron imposed the penalty after finding that Trump, the Republican presidential candidate to face President Joe Biden in the Nov. 5 election, fraudulently inflated his net worth and real estate assets to deceive banks and insurers into providing better terms.
a day ago
Hello!
Princess Beatrice's stepson's unusual sleeping arrangement at mother Dara's London rental home
Princess Beatrice's stepson Wolfie was pictured with his mother Dara Huang in a candid photo inside a bedroom of their Kensington home. See Edoardo Mapelli Mozzi's ex's confession about their sleeping arrangements…
a day ago
People
As Amber Heard Marks Her 38th Birthday, Get to Know Her Quiet Life in Madrid Two Years After Johnny Depp Trial
The actress moved to Spain for a quieter life with daughter Oonagh, who turned 3 earlier in April
23 hours ago
People
TikTok Star Eva Evans Dead at 29, Sister Reveals: 'Still Find Myself in a Constant Cycle of Denial'
The TikToker's sister Lila announced her death on April 21 in a post on social media
a day ago
HuffPost
'NYET': New York Post Trolls 'Moscow' Marjorie Taylor Greene In Russian
The far-right Republican received a Russian makeover from the conservative tabloid.
a day ago
Yahoo Canada Style
Céline Dion says she's 'feeling strong and positive about the future' as she strikes a pose for Vogue France
The 56-year-old singer, who was diagnosed with Stiff Person Syndrome in 2022, feels "honoured" to pose for the fashion outlet.
18 hours ago
USA TODAY
Who is Karen McDougal? What to know about the potential witness in Trump's hush money trial
As Donald Trump's hush money trial resumes in its second week, witnesses are expected to soon take the stand. Among them could be Karen McDougal.
23 hours ago

Latest Stories