Iranian Capabilities in the Field of Cyber Warfare

https://rasanah-iiis.org/english/?p=77

ByBasim Rashid

After exposed to many internal and external electronic, Iran transferred towards strengthening its electronic defensive and offensive capabilities in an unprecedented, strong way to maintain the stability of the internal system and securing critical infrastructure for the state.
As a result Iran’s accelerating growth in this field; Iran has become, by 2013, one of the most important key players on the international electronic warfare, and a source of threat to the great powers, especially the United States, which most of Iran’s electronic attacks directed against it, and the most important offensive was on the famous Dam of New York in 2013, as well as the recent attacks by the Iranians on some officials in the administration of President Obama in late November 2015, which aimed their personal computers, accounts on the social media, and e-mails.
Iran has exploited the preoccupation with major powers over its nuclear program and has developed the electronic defensive and offensive capabilities, which raises questions about the nature of Iran’s current and future electronic capabilities, and have the world to fear this Iranian escalating growth?
The organizational structure of the Iranian electronic capabilities
No one denies that Iran has achieved an evident qualitative progress in technological and operational capabilities on the Internet whether internally or the offensive capabilities directed abroad, that made Iran within the five powerful states electronically, after United States and China. Evidences has shown during years of 2009 to 2015 that Iran was able to access a long-term goals in the Western countries’ systems and destroy them, this does not deny being still have not the knowledge or means to implement an integrated e-strategic attacks.
Iran had established a number of internal bodies to enhance the electronic capabilities, whether offensive or defensive. “The Supreme Council of Cyber Space” is the most prominent and highest in this regard, because it includes high-ranking officials, beginning with the Head of State, then the Ministers of Communications, Culture and Science, as well as officials from the Security Apparatus, Intelligence Service, judiciary, parliament and others. The Council is mainly concerned about coordinating efforts of electronic defense and attack, and preparation of public policies that all institutions involved in the Cyber Space have to implement .
Add to that the Organization of ”Cyber Defense Command” that founded to protect the state’s infrastructure from cyber threats, Reinforcing cyber defenses and working to protect the state institutions systems.
In addition to that, “Iranian Cyber Army” founded to implement cyber external attacks, being as unofficial, featuring a wide range of professional pirates, rumored that the majority of them are Russians supporting the Iranian hackers with Revolutionary Guards’ cooperation .
The Iranian Cyber Army launched a series of high-level attacks on famous sites to make itself under highlight in global level and sends messages of a political nature rather than Military, especially when the Army attacked and succeeded in hacking the global site “Twitter” in 2009, the site “Baidu”, which considered the most famous search engine in China in 2010 and the famous American Voice site.
Moreover, “E-Basij Battalions” objectives are mainly internal, concentrated primarily on creating a pro-Iran propaganda in the electronic field as well as the development of advanced electronic capabilities, and defend the symbols of the state against opponents in either social media and blogs.
Worth to mention that most of bodies’ administrators are unknown to public opinion, especially in Iran’s permanent denial of charges went after any attack carried out. Moreover, Iranian Revolutionary Guards mostly related to what raised in this regard.
Those bodies have enabled Iran to establish defense systems, which began in late 2009 after the internal events, which organized by a number of activists and dissidents and known as the “Green Revolution”. Since that time, Iran was able to establish a multi-layered defense system; includes, regulatory, supervisory and security technologies, along with physical enabling mechanisms to counter different threats of infiltrator who are working against the Iranian regime in cyberspace, in major and regional countries alike.
Iranian Cyber Activities and Defense Capabilities
With deep look to the Iranian defense system, we find that it consists of three main levels; The first level is in establishing “a protective envelope” against attacks on infrastructure and interior-sensitive information, as happened in Stuxnet attacks, which inflicted significant damage in its uranium enrichment program, and represented a pivotal development in Iran’s strategy in the field of cyberspace .
The second level; was associated with the desire of Iran to neutralize and control groups opposed with the regime in the best possible means through cyber activities. The third level targeted stand as repel impervious wall against Western ideas and harmful contents to infiltrate into internal Iranian cyberspace, such as those ideas of contributing in “soft revolution” to undermine regime’s political stability .
The Iranian government has allocated nearly $76 million annually for electronic capabilities development.
Moreover, in late 2011 it has invested about $1 billion in its technological strength, infrastructure and bringing experts from abroad to develop their capabilities in this field, beyond a shadow of doubt that Iran would not hesitate to move forward to progress in cyber warfare field in terms of defensive and offensive capacities alike .
When President Rouhani accessed to power, annually budget that allocated to the Revolutionary Guards’ development of Iran’s electronic capabilities has increased, and up to approximately $20 million . The most prominent development manifestations of Iranian technological and organizational structure of cyberspace are the following:
– The launch of “Loner Internet Program” or known as “Halal Internet”, one of the Iranian strategic cyber projects, which began early in 2009 in order to transform the state-cyber activity to an isolated internal communications network from the global network of the Internet, which able the government tighten control, as well as enhance its supervision on network and the content of the data available and user data, on one hand, and strengthening of cyber defense system by blocking the western penetration on the other, let alone neutralizing the internal opposition .
Noteworthy that it expected to complete phases of Iranian Halal Internet project by the end of 2015, however, fully launching exceeded that date. With the new Budgetary allocated by the Iranian government for this matter, it is likely that will not be fully completed and launched before 2019. However, this does not mean that there were some developments in the implementation process and the Iranian authorities has recently celebrated the 40% of Iranian users rely on the isolated internal network and the government intends to double that figure to at least 80% in the coming years .
– The establishment of the internal e-mail service in July 2013, which designed primarily to be the main channel of communication between citizens and different government agencies of Iran. This e-mail service provided to nearly 100 million subscribers so far, as well as being available in four languages, Persian, English, French and Arabic . It cannot be said that this service will be protected from outside intrusion; however, Iranian great concern in this network may raise it to a high-level of immunity especially at an Iranian government’s dependence on Iranian characterized hacker community by cooperation with the Russian world-renowned designers of complex electronic skills.
– Undermine the use of World Wide Web, in order to increase the number of domestic Internet users; Iranian regime closed some software such as “Skype and Google Talk”, in addition to reduce the speed of external sites, especially “Google,” the most prevalent site in Iran, with an extent of 6% normal speed, which obligate citizens to use internal Internet, thus facilitating the processes of control and supervision on them .
– Developing a number of new technologies, including: the establishment of secure operating system designed specifically to end Iran’s dependence on US operating systems such as “GPS.” Moreover, the preparation of a system that can identify cyber-attacks whether before they occur or thereafter as to facilitate their ability to be coped. Designing a mobile phone to provide users with a secure line of communication unable to be hacked. In addition to activate a protection national system contributing in identifying cyber-attacks rapidly by integrating user data and informing the information security centers of the state to enable them responding quickly and address of the attack .
Iran’s concern about enhancing defense procedures within the organs of its government, it has relied on the Iranian Revolutionary Guards in conducting a number of intensive trainings for civilians and military personnel alike to confront such attacks if they occur, most recently was in the ends of 2015.
Iranian Cyber-Attacks Capabilities
Iran holds great offensive electronic capabilities, made it among the top five countries in the world that the ability to launch high-quality cyber-attacks against targets that it specifies. Iran is dealing with cyber warfare as a platform and an effective means to harm the militarily enemies, and enabling it to deny that in order to avoid international condemnation and sanctions or even counter-attacks. Iran has used the cyber warfare as a means of deterring any punitive escalating on the part of Western countries against it.
Iran’s progress in cyber warfare programs returns to several key factors, most notably:
– Iran’s success in integrating its capabilities and training some individuals from the faculties of computer science with “hackers’ community” who have a high extensive experience. It is worth mentioning that Iranian hacker community is one of most effective and control among communities in the world, always referred to the links existed between this community groups and Iranian Revolutionary Guards. Hackers’ importance lies in using its ability to help the Iranian regime in hiding or distort the evidences, when facing accusations of illegal electronic activities involvement, and help in organizing attacks on specified targets with high efficiency.
– The strong relations between Iranian regime and the Russian information security experts who employ their abilities for money, and occupy the first place with the United States in the field of cyberspace.
– Iranian purchasing power for complex and powerful technology of electronic weapons and available in the black market; and which enable it to develop and strengthen defensive capabilities and even to threat enemies abroad offensively as well.
Because of those advanced offensive capabilities of Iran, the latter launched a series of attacks in recent years have proved through the extent of development and complexity of those capabilities, and efficiency which can achieve its objectives efficiently.

It has emerged so evident in some of the attacks carried out by Iranian groups in recent years, and most important:
1- Attack on major banks and financial institutions in the United States, which was described by information security experts as “unprecedented in scope and effectiveness,” Iranians had not only attacked PCs only, but they launched their attack on major information centers networks which enabled them to access the websites of banks and financial institutions in the United States .
2- The infiltration of Iranian groups within a Dutch company in 2011 and theft of digital certificates for all its secured communications which used later to penetrate the telecommunications and e-mails of Iranian citizens themselves.
3- The famous Iranian cyber-attack on Saudi Aramco, that smashed 30 thousand Saudi computers (Aramco) in 2012, as well as the similar, which hit the Qatari energy incident (RASCAZ) in the same year .
4- The Iranian electronic piracy on the internal network of the US Marine Corps in 2012.
5- Iran’s attack on the US infrastructure and energy companies; which is the gas and oil lines and electrical systems in 2013. Although no official announcement of the US administration about Iran’s involvement in those attacks, but experts and some officials pointed to evidences, indicate that the attack began from the Iranian territory and directed abroad with the help of Iranian agencies responsible of cyberspace .
6- Iranian cyber-attacks against Israeli communications equipment during the conflict with Hamas in the summer of 2014.
7- Using of ”malware” against the spread networks in Las Vegas casinos in 2014, which has achieved losses, approached $14 billion .
And to prove Iranian offensive growth, the intelligence network report “Norse,” has noted Intelligence that the number and level of complexity of Iranian cyber-attacks have grown significantly over the last 13 months; In the period from January 2014 to mid-March 2015 Iranian attacks emanating from Iranian control systems have increased by 128%, and the number of sensors affected by Iranian attacks increased by 229%, while the number of integrated software programs used in attacks increased by 508% .
Iranian Electronic Capabilities Assessment
Clear from the above, the Iranian concerning and concentration on the development of electronic capabilities, whether defensive or offensive to counter cyber-threats, and attack international or regional targets.
Although international indicators classified Iran in the following ranking after China, “the third-greatest electronic power,” but this Iranian remarkable progress will make it in a few years in parallel with the second-tier countries, and perhaps the first in the future in terms of the electronic capacity, if will not be an international response to this steady growth of its capability.

It confirms that development of the Iranian capability is not just in terms of targets destruction, but also the ability to stay for several months without being detected, but it should be noted that Iran is well aware that it not able to confront or balance with American or European electronic capabilities, so it is seeking to narrow that gap through development of its capabilities gradually.
On the other hand, the nature of Iran’s perception of its ability to threaten enemies in cyberspace may contribute to achieve a kind of cooperation between it and threatened countries of same capabilities as a parallel path to confrontation, allowing Iran the opportunity to expand its sphere of influence. In addition, to provide an opportunity to other countries such as Israel to deepen its cooperation with the Gulf Countries, for example in order to counter Iranian dangerous expansion in cyberspace.
There are indicators show that the current Iranian capabilities have not even parallel with China’s electronic capabilities, for example; That appeared in the annual report of Mandiant company , which said that Iran’s current capacity is still targeting specific sectors, as energy sectors and government institutions, in while Chinese capacity targeting more than 33 different sectors. In addition to 75% of detection rate of breaching the target, while 33% for China. Finally, the average of discovering the breach is 28 days, while up to 243 days for the Chinese capabilities.
This disparity in abilities illustrates that Iran capabilities are still limited compared with China, but they are close and perhaps above other regional countries, representing a clear threat on stability of the region, and give a competitive advantage to Iran in the Middle East and even makes them the upper hand in terms of cyberspace activities.
On the other hand, it is not only related to the number of attacks, but the extent of their complexity and strength, and its ability to break down targets and stay there without being detected for the longest period, and perhaps this is significantly evolve from the Iranian side due to the special unprecedented importance attached by the Iranian government and provide it with necessary funding and infrastructure required. Moreover, the preoccupation of the world of the nuclear program, and not to focus more on electronic capabilities helps Iran to achieve its targets and increase behind the rear door of the nuclear program.
In sum, the coming years likely will witness further developments whether at the level of attacks by Iranian groups, or defensive capabilities to repel foreign attacks, especially with the US accusations toward Iran, its responsibility of the attacks and with denial of the Iranian side about the whole thing.
But rather it should be noted that the global cyber system in progress will not exclude Iran from it or even to neutralize or undermine its electronic ambition, but it would put their capabilities into account before making any decisions or make any attacks on the infrastructure and what reaction to expect; it may be greater either in amount or direction.


Ehab Abdulhameed Khalifa, Tatweer Motasare’: Qudorat Iran Alilektronia Baina ALtahween Waltahweel, (Mrakaz Almostakbal llabhath Walderasat Almotakaddema, Emirates, Aug. 2014).
Ibid.
Sibon Gabi and Kronenfeld Sami, Developments in Iranian Cyber Warfare 2013-2014, (Israel: ISNN, Military and Strategic Affairs. Volume 6, No.2, 2014).
Ibid.
Harris. Shane, Forget China: Iran’s Hackers Are America’s Newest Cyber Threat, (Foreign Policy, FEBRUARY 18, 2014), available at: http://goo.gl/3GM0Pa
Natasha Bertrand, Iran is building a non-nuclear threat faster than experts ‘would have ever imagined’, (Business Insider, March 27. 2015), at: http://goo.gl/WpdO6Z
Paganini. Pierluigi, The cyber capabilities of Iran can hit US, (Security Affairs, August 14th, 2013), available at: http://goo.gl/IDWqeO
Report titled: “Tightening the Net: Internet Security and Censorship in Iran”, (Published by freedom of expression campaign group Article 19. March 29. 2016).P1.
Paganini. Pierluigi, Op cit.
K. Shafa Eric, Iran’s Emergence as a Cyber Power, (Strategic Studies Institute, August 20, 2014), Available at: http://goo.gl/Ft8M5b
Ibid.
Dave Aitel, Iran is emerging as one of the most dangerous cyber threats to the US, (Business Insider, Dec. 2, 2015).
Clayton. Mark, Cyber-war: In deed and desire, Iran emerging as a major power, (The Christian Science Monitor, March 16, 2014), available at: http://goo.gl/YWRbz6
Sibon Gabi and Kronenfeld Sami, Op cit.
A Report by: Bill Gertz, titled: Iran Rapidly Building Cyber Warfare Capabilities, Cyber attacks on banks, casino highlight growing threat, published at The Washington Free Beacon, May 12. 2015, available at: http://goo.gl/whCwR2
FREDERICK W. KAGAN AND TOMMY STIANSEN, THE GROWING CYBERTHREAT FROM IRAN THE INITIAL REPORT OF PROJECT PISTACHIO HARVEST, (AMERICAN ENTERPRISE INSTITUTE CRITICAL HREATS PROJECT AND NORSE CORPORATION, April 2015). P2.

Mandiant Threat Report, Trends Beyond the Breach, December 2014. P10.

Basim Rashid
Basim Rashid
Researcher specializing in regional affairs