CSO – Does Iran’s espionage threat have teeth or are they a toothless entity?

We hear a good deal about Iran and their espionage and cyberespionage escapades. We also hear, perhaps more frequently, how Iran is also designated as a state sponsor of terrorism. Looking more at the former, without ignoring the latter, let’s see what we need to worry about.

On 11 May 2017, the Director National Intelligence (DNI), Daniel Coats presented to the Senate Select Committee on Intelligence (SSCI) the annual Worldwide National Threat Assessment. Iran was identified, by the DNI as being included in those from whom "The United States will face a complex global foreign intelligence threat environment in 2017.” Iran distrusts the US and their intelligence services view the US as a primary threat.

In April 2017, the “OILRIG” hacker group, is suspected of a cyberespionage operation against Israeli entities. According to the Israeli Cyber Defense Authority, Iran was the sponsor of these attacks.

While in Germany, a Pakistani national, operating on behalf of Iran was sentenced to four-plus years for spying on behalf of Iran Quds Force, a part of the Iranian Revolutionary Guard Corps, in support of terrorist attacks to take place in France and Germany. The German counterespionage investigators found detailed dossiers including video and photos on the targets.

How does the United States feel Iran’s bite?

According to the DNI, Iran uses cyber and cyberespionage capabilities directly against the US. Indeed in 2016, the US DOJ charged seven Iranians working for the Islamic Revolutionary Guard Corps (IRGC) with cyber-attacks against the US financial sector and one of the seven with accessing the supervisory control and data acquisition (SCADA) systems of the Bowman Dam, located in New York. (DOJ Indictment pdf)

FBI

Image credit: FBI - US Government

The DNI continued how the US may continue to expect Iran to develop capabilities to “disrupt military communications and navigation.” Furthermore, Iran will continue to “pursue capabilities … to give it the capability to build a missile-deliverable nuclear weapons.” (The DNI notes, Iran already has the largest inventory of ballistic missiles in the Middle East.)

Iran will attempt to penetrate “US national decision making apparatus and the intelligence community” (as will many other countries’ intelligence organizations). They will also be targeting US companies and research institutions to circumvent sanctions and acquire dual-use technologies.

To that end, the US DOJ has been meting out substantial penalties, including jail time for those violating the trade embargo/sanctions against Iran.

For example, ZTE pleaded guilty for violating US sanctions by sending US origin items to Iran. ZTE agreed to pay a substantial fine to the US government: $892,360.064. ZTE saw an additional $300,000,000 suspended, but which ZTE will pay if they violate the terms of the settlement agreement with the DOJ.

A Singaporean citizen, Lim Yong Nam aka Steven Lim was sentenced to 40 months in prison, following his guilty plea, for his role in illegally exporting radio frequency modules to Iran. These modules were later found in unexploded improvised explosive devices (IED) in Iraq. These modules are a prime example of dual-use technologies, as they are used within WANs to connect printers and computers. Lim exported the devices to Singapore and then re-shipped them onward to Iran, knowing they were export controlled items.

Review the DOJ website, additional individuals arrested and prosecuted for shipping military and dual-use technologies to Iran are readily identifiable.

In sum, Iran is anything but a toothless entity. They have teeth and a deadly bite. Their agenda goes beyond simple extraction of data. They are using their resources, as evidence by the German conviction of the Pakistani national for lethal actions. In addition, the US intelligence and defense communities are both hitting the klaxon hard and loud highlighting the threat posed by Iran.

While the DOJ has identified the individual, who accessed the SCADA system of the New York dam. The US Department of Defense Science Board, in their February 2017 Task Force Cyber Deterrence report, identified Iran as a country which the US must “aim to deny the ability to undertake catastrophic attacks on US critical infrastructure via cyber.” The lessons taken from intrusion into the Bowman Dam SCADA system should be mandatory reading for all who are charged with the protection of the national infrastructure to insure event amnesia does not occur.

Iranian IRGC targeting elements decide who is targeted, we decide how we protect our infrastructure, technology, and personnel.