Should you be afraid of an Iranian cyberattack? The answer is complicated

Qassem Soleimani
A Kashmiri Shia-Muslim cleans a portrait of Qassem Soleimani, the head of Iran’s elite Islamic Revolutionary Guard Corps’ Quds Force who was killed by U.S. forces. Syed Shahriyar / NurPhoto via Getty Images

Here’s the good news: Iran likely won’t target ordinary Americans. Any and all cyberattacks that Iran would carry out would likely be against U.S. government agencies or major corporations that Iran has already, in some way or another, infiltrated and can already easily cause a disruption. Iranian hackers most likely won’t go after your phone, your Google account, or your favorite website.

But there’s bad news: According to a former CIA analyst, the assassination of Iranian general  Qassem Soleimani has far more significance in the global political theater than the Bin Laden raid. Any cyberattacks that will be carried out will be the beginning, not the end, of an Iranian offensive against the U.S.

“The breadth and expanse of who he was and the control he had over his Iranian proxies, those are things Bin Laden never had,” said Rosa Smothers, former Cyber Threat Analyst with the CIA and currently the Senior Vice President Cyber Operations at the cybersecurity firm KnowBe4. “A lot of the retribution factor is going to depend on the political environment, and how that all plays out,” she told Digital Trends.

Iran’s push to move into the offensive cybersphere began in 2009, around the time when the Green Revolution took off — mass protests against alleged irregularities in the country’s 2009 presidential election — the Iranian government pushed to expand their cyber capabilities, at first with the goal of population control, said Alex Vatanka, a Senior Fellow at the Middle East Institute. Later, they were hit by the Stuxnet virus — a piece of malware generally understood to have been a joint development by the United States and Israel to compromise Iran’s nuclear reactors — and decided to start pushing into the cyber attack sphere themselves.

These days, the experts say, Iran is on the advanced course: Not yet on the level of Russia, China, or the U.S., but about on the same level as North Korea. That is, most likely no one’s going to die from an Iran cyberattack, but we should still take it seriously.

Jon Bateman, a Fellow at the Carnegie Endowment’s Cyber Policy Initiative, told Digital Trends that there is a multitude of attacks Iran could deploy, ranging from a routine DDOS (annoying for the victim and easy to execute) to phishing or malware, to a full-scale industrial control system attack. Indeed, Iran already attempted this tactic back in 2013 when the country hacked into and compromised the Bowman Avenue Dam in upstate New York. The U.S. Department of Justice eventually indicted seven Iranian hackers in 2016 on charges connected to the infrastructure disruption. That’s where a cyberattack could affect you: It’s not inconceivable that they could take out a power generator somewhere in the U.S. and cause a massive blackout. Experts said that would be a huge red line to cross, but it’s still within the realm of possibility.

“They’ve got a reputation now for pushing envelopes and learning by doing,” Bateman told Digital Trends. Their tactics mostly involve website defacement and online disinformation campaigns, in which there is already some evidence Iran has been engaging.

So far, Bateman said, Iran has never directly attacked a U.S. government network, but the Soleimani assassination was “such an unprecedented provocation, it might cross a line.”

As individuals, there’s not a lot we can do, or really much we should be worried about, according to Smothers. “Me, personally, I’m not doing anything differently today than I was doing on Thursday,” she said. That doesn’t mean that big corporate institutions and government agencies, which are most likely to be targeted, shouldn’t be on notice.

Indeed, the Department of Homeland security over the weekend said that they’d noticed an uptick in the amount of malicious activity online targeting U.S. institutions. “It’s the same sort of vigilance you need to have with physical security,” she told Digital Trends. “Every company needs to be thinking about a defensive posture as though this is happening all the time.”

There’s a constant low-level buzz of malicious hacking attempts against the U.S. government. But in general, that’s not what we have to worry about, says Smothers.

“In the big picture, we should be most worried about physical violence from Iran or its proxies,” said Bateman. “If we see cyber attacks happening, we should be preparing for something else. Don’t believe that the cyber response is their final word.”

“They [Iran] need to do something that looks more muscular. One of their top generals was blown to pieces,” said Vatanka. “To hack into a website and release credit card information, that wouldn’t amount to much. That would look weak”

“I’d be very surprised if they start hitting ordinary Americans,” he continued. “I think they’ll be calculated in what they target.” Iranians are more interested in fomenting anger among Americans, he said. “Iran is sensitive to Trump’s delicate position domestically. They’ll try to hit back as hard as they can, but we’re not there yet.

“Each side right now is trying to calculate what adequate revenge would be,” Vatanka said.

Editors' Recommendations