Updated at 2:39 p.m., Jan. 8, 2020: to include state information resources agency’s characterization of the probes as “reconnaissance scanning activity.”

AUSTIN — Cyberattack attempts originating in Iran are increasing, Texas officials said Tuesday.

Over the previous two days, as many as 10,000 “probes” of state agencies’ IT systems per minute came from Iran, according to Gov. Greg Abbott and state Department of Information Resources executive director Amanda Crawford.

“It’s very important that everybody be particularly vigilant right now about what may happen out of Iran,” Abbott said.

Also Tuesday, a group of self-described Iranian hackers defaced the Texas Department of Agriculture’s website with the image of a top Iranian general assassinated by U.S. forces last week. “Hacked by Iranian Hacker,” the defacement read, according to Vice News. State officials reported it was removed immediately.

Abbott revealed the potential cybersecurity threat from Iran in remarks to reporters after the quarterly meeting of a group he created to combat domestic terror after the Aug. 3 mass shooting in El Paso that left 22 people dead.

Also Tuesday, at Abbott’s urging, the Texas Department of Public Safety released two intelligence assessments of threats posed by domestic terrorists and the prospect of more mass violence events.

Although one of the DPS reports acknowledged that racially motivated individuals are currently the most active type of domestic terrorists, it described as a growing threat the emergence of “incels,” or involuntary celibate males who blame women and society for their inability to develop intimate romantic relationships.

“What begins as a personal grievance due to perceived rejection by women may morph into allegiance to, and attempts to further, an Incel Rebellion,” the report warned.

Before Brian Isaak Clyde opened fire last June on the Earle Cabell Federal Building in downtown Dallas, dying soon thereafter in an exchange of shots with federal security personnel, he “posted Incel-related items online,” the report noted.

Cybersecurity threat

On the cybersecurity threat possibly posed by Iran, Abbott noted that tensions across the Middle East have mounted since Friday’s U.S. drone strike at an Iraq airport killed Iran’s Revolutionary Guard leader, Gen. Qassem Soleimani.

Speaking after a meeting of the Texas Domestic Terrorism Task Force, of which she’s a member, Crawford of the state information resources agency said as far as she knows, none of the attempted “probes” of state government networks originating in Iran have been successful.

Abbott used the phrase “attempted attacks.”

On Wednesday, however, the Department of Information Resources clarified that it would characterize the activity as probes for possible weaknesses in state agencies’ IT systems.

“Regarding the specific types of activity DIR is observing on the state networks it monitors, we would classify the blocked attempts referenced by Governor Abbott as reconnaissance scanning activity,” it said in a written statement. “For security reasons, we cannot provide more specific details.”

Moments before speaking to the media, ⁦@GovAbbott⁩ confers with Amanda Crawford of Texas Department of Information Resources (back to camera) about attempted cyberattacks on state agencies originating in #Iran. #txlege pic.twitter.com/9paKZaoAYz — Bob Garrett (@RobertTGarrett) January 7, 2020

Crawford’s department, which provides internet and technology services to many state agencies, has been on high alert since several local governments in Texas fell victim to ransomware attacks in August.

In recent days, after the federal Department of Homeland Security urged increased monitoring for possible cyberattacks from Iran, the department looked more closely at whether attempts from Iran were increasing, Crawford said.

“We have noticed that there has been some sort of increase in activity from that region, yes,” she said. Later, she amended that, saying she meant there has been an increase from Iran.

However, Crawford acknowledged that the department hasn’t been tracking numbers of attempts from Iran until recently.

“We have no way of knowing whether anything is government-based or not or government-sanctioned,” she said, referring to the Islamic Republic of Iran.

Attempts to sabotage IT networks come from domestic as well as international sources — and in high volumes, Crawford said.

“We see literally billions of probes on a given day,” she said. “We have been looking in light of events. We have been making sure we’re extra vigilant on certain areas of the globe.”

She and Abbott recommended that local governments, private businesses and individual Texans practice “good cyber hygiene,” which includes changing passwords, backing up files and limiting administrator access to networks.

Tips about cyber hygiene are listed on the department’s website, Abbott noted. He urged state and local government personnel who have concerns or want advice to call the department’s Incident Response Hotline at (877) 347-2476.

Mass attacks and firearms

In the intelligence assessment on mass violence events released Tuesday, DPS’s Texas Fusion Center said firearms are the main weapons used in mass attacks

“Racially motivated attacks are currently the most violently active type of Domestic Terrorism within the United States and Texas,” the report said. “In 2018 and 2019, at least four major attacks occurred in the United States (including one in Texas) conducted by racially motivated actors, and at least four other incidents were thwarted.”

The separate report assessing domestic terrorism said Patrick Crusius of Collin County, the alleged El Paso shooter, not only feared ethnic replacement of whites by Hispanics but also veered into “eco-fascism," a racially charged fear of environmental catastrophe.

It noted that his “alleged manifesto included references to environmental concerns, linking those concerns to his anti-immigration and anti-corporation sentiments.”

Under a section on “Black Racially Motivated Terrorism,” it listed Micah Johnson, who in 2016 opened fire on a group of Dallas police officers, killing five of them.

“Subsequent investigation revealed Johnson had liked several social media sites for BRM groups,” or black racially motivated groups, it said.

The report lamented how under neither federal nor state law is there a chargeable offense of domestic terrorism.

“Although there is a federal statute defining domestic terrorism, it does not include any domestic terrorism offenses,” the report said. “Thus, for the purposes of investigation and prosecution, law enforcement must rely on a variety of other criminal offenses such as murder, arson, fraud, hate crime, or assault. This complicates the ability for law enforcement agencies to track domestic terrorism incidents, and therefore trends, within a given jurisdiction.”