Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.
ASPEN, Colo. — Iranian hackers have laid the groundwork to carry out extensive cyberattacks on U.S. and European infrastructure and private companies, and the U.S. is warning allies, hardening its defenses and weighing a counterattack, say multiple senior U.S. officials.
Despite Iran having positioned cyber weapons to carry out attacks, there is no suggestion an offensive operation is imminent, according to the officials, who requested anonymity in order to speak.
Cyber threats have been a major theme of the 2018 Aspen Security Forum, with administration officials from Director of National Intelligence Dan Coats, FBI Director Chris Wray, and Deputy Attorney General Rod Rosenstein all warning of the pervasive danger from Russia, China, Iran, and North Korea.
In Aspen Thursday, DNI Coats said that Russia was a more active cyber foe than Iran or China — “by far” the most aggressive, he said.
vCard.red is a free platform for creating a mobile-friendly digital business cards. You can easily create a vCard and generate a QR code for it, allowing others to scan and save your contact details instantly.
The platform allows you to display contact information, social media links, services, and products all in one shareable link. Optional features include appointment scheduling, WhatsApp-based storefronts, media galleries, and custom design options.
While Russia may be the most aggressive, the U.S. officials said Iran is making preparations that would enable denial-of-service attacks against thousands of electric grids, water plants, and health care and technology companies in the U.S., Germany, the U.K. and other countries in Europe and the Middle East.
A spokesperson for the Iranian Mission to the United Nations charged the U.S. is the aggressor in the cyber domain.
“The U.S. is the most belligerent cyber attacker of any nation in the world, repeatedly attacking military and civilian targets across the world including in Iran,” Alireza Miryousefi said in a statement. “The U.S. has also undermined international efforts to establish global rules surrounding cyber issues. While we cannot comment on specific cyber capabilities or operational detail, we can say that our cyber activities are defensive in nature and necessary for our country’s protection.”
A spokesperson for the National Security Council declined to comment.
The U.S. has not decided yet whether it will retaliate in the event of an attack, according to U.S. officials, but the White House has already begun to ready new sanctions against Tehran and continues to amp up its anti-Iran rhetoric as it builds a case for its more confrontational stance.
President Donald Trump withdrew the U.S. from the multinational 2015 nuclear deal with Iran in May, and the U.S. government has warned that if other nations follow suit Iran could retaliate in the cyber domain. Though Iranian hackers have previously probed U.S. infrastructure, targeting U.S. electrical grids alone would mark a significant escalation in Iran’s use of cyber-warfare to date.
After the U.S. pulled out of the nuclear deal, known as the Joint Comprehensive Plan of Action (JCPOA), Homeland Security Secretary Kirstjen Nielsen testified before Congress that the U.S. was “anticipating it’s a possibility” that Iran would increase cyberattacks in the coming weeks and months and that the US “will be prepared.” Nielsen said the U.S. has a posture called “shields up” it can institute when anticipating a possible attack.
Should the JCPOA collapse entirely, said Behnam Ben Taleblu, an Iran expert and a fellow at the Foundation for Defense of Democracies, a conservative think tank in Washington, the infrastructure of Western countries might be an attractive target to the Iranians.
“Iran has a penchant for using such tools against the West,” said Ben Taleblu. “The cyber domain permits the Islamic Republic to engage in graduated escalation, a hallmark of Iranian security policy.”
U.S. officials have alerted America’s allies in Europe and the Middle East to the potential Iranian threat and have begun preparing a menu of possible responses, according to both current and former US officials. It’s unclear if the options include a preemptive cyberattack to deter Iran from launching one.
Senior U.S. officials remain divided over the use of a preemptive cyberattack.
Some administration officials have argued in favor of offensive cyber operations, while others, including the former White House official who was overseeing the policy, have advised against that, one former White House official said.
The issue is in part what has delayed the finalization of the Trump administration’s overall cyber policy, according to one former official.
The cyber threat comes as the Trump administration has focused more publicly on Iranian threats.
The Trump administration is poised to adopt new sanctions against Iran this summer as part of its withdrawal from the JCPOA. Trump’s decision to pull out on May 8 began a 90-day clock for the U.S. to reinstate sanctions on Iran.
The administration has also suggested recently that Iran is using its embassies to plan terrorist attacks, following the disruption of an alleged plot in the Iranian embassy in Austria to bomb a meeting of opposition leaders in Paris. Iran called the allegations “baseless” and “preposterous,” saying the plot was a “false flag” operation staged by regime opponents.
Secretary of State Mike Pompeo has led the charge against Iran, warning during a visit to the United Arab Emirates that Iran would pay “a high cost” for its aggression in the region after Tehran threatened to close the Strait of Hormuz to disrupt Middle East oil supplies.
Pompeo also said in an interview with Sky News Arabia that the Trump administration is planning “a number of things” to confront Iran, including “a series of sanctions aimed not at the Iranian people, but rather aimed at the singular mission of convincing the Iranian regime that its malign behavior is unacceptable and has a real high cost for them.”
Current and former U.S. officials noted that Iran has a history of using cyberattacks to retaliate against such actions. Its use of cyberattacks subsided after the U.S. and other world powers reached the 2015 nuclear agreement.