A mock US flag is laid on the ground for cars to drive on in the Iraqi capital Baghdad on January 3, 2020, following news of the killing of Iranian Revolutionary Guards top commander Qasem Soleimani in a US strike on his convoy at Baghdad international airport. Photo by AHMAD AL-RUBAYE / AFP

Tensions with Iran escalated Friday with news that the U.S. killed Qasem Soleimani, the head of Iran's military Quds Forces. Soleimani sponsored terrorist activities and was one of the most despised figures in the West, said Peter Marta, partner in the cybersecurity practice at law firm Hogan Lovells and an expert in Middle East intelligence. But Soleimani also served as more of a legitimized "head of state" among Shiite Muslim state agencies globally compared to other terrorist leaders. This is particularly worrisome, since Iran has explicitly shown its ability to conduct widespread cyberattacks against American businesses in response to U.S. government action, notably against the biggest U.S. banks throughout 2012 and 2013, Marta said Friday. "Soleimani was one of the top two or three most powerful figures in the region," he said. Iran also possesses a vast trove of intelligence, thanks to a sustained campaign of intellectual property theft against hundreds of U.S. academic institutions, according to the Department of Justice. It said the targets have included universities that conduct biological, chemical, defense industrial, space and nuclear research for the federal government. Iran has also conducted malicious cyber operations against other countries, most notably Saudi Arabia's oil facilities and government offices, and U.S. intelligence agencies have said Iran has attacked and planted malware on industrial facilities in the U.S., including dams. Iran may not have the extensive cybersecurity resources as the United States, but these three factors show the country may have a surprisingly large strategic strength as a conflict looms.

Operation Ababil

In 2012 and 2013, several of the world's largest banks were stunned by a series of high-volume distributed denial of service attacks against their websites. This type of attack, known as DDoS, involves sending small "packets" of information in a very high volume to crash the servers supporting those websites. Login pages for numerous big banks crashed, leaving consumers unable to view their accounts. The Izz Ad-Din Al Qassam Cyber Fighters, an Islamic activist organization self-styled similarly to the hacking collective Anonymous, took responsibility, saying the attacks were retaliation for a series of anti-Islamic actions by the U.S. Pastor Terry Jones. But U.S. intelligence agencies later revealed the "hacktivist" group was a smokescreen, and the attack was actually sponsored by Iran, partially in response to sanctions imposed against the country by the U.S. and other international organizations. It would be the first public example of a trend: When the U.S. issues sanctions against Iran, the country retaliates with cyberattacks. The killing of Soleimani represents a "much more meaningful event" to Iran than mere sanctions, Marta said, and the possibility of commensurate cyberattacks is significant. In a note to investors Friday, Evercore analysts Ken Talanian and Kirk Materne warned that the killing could result in more cyberattacks against U.S. companies. "Though the cyber security stocks typically are less reactionary to cyber headlines than they were in the past, we believe that significant events still help justify cybersecurity related spend across the industry," the Evercore analysts wrote. "It is uncertain whether there are methodical attacks underway by Iran, but we believe it is likely that the near-term increased tension between Iran and the U.S. could result in reactionary cyberattacks."

Iranian intelligence