Just days into 2020, a year that feels 200 weeks old already, American armed forces took action against one Qasem Soleimani, the head of an officially designated foreign terrorist organization known as the Islamic Revolutionary Guard Corps-Quds Force. The Quds Force is akin to our CIA, and Soleimani was leading it when we levied a drone strike against him at Baghdad International, Iraq’s largest airport. Part of the published rationale for the lethal strike was “aimed at deterring future Iranian attack plans” and to “protect U.S. personnel abroad” according to Department of Defense statements.
The world responded. Iran characterized it as a criminal attack, a not unexpected conclusion. Five days later it attacked an Iraqi airbase where Americans were located. No casualties resulted. American nationals, as well as British, were urged to immediately leave Iraq as funeral services began for Soleimani and nine others from Iran or Iraq who died from our rocket attack in Baghdad. The global security community was on guard. The unilateral attack without conferral with Iraqi officials was decried as an affront to international law—to the extent it exists—and implicated war crimes or the illegal use of force at minimum. One quite focused response came from a pair of computer hackers from Iran and Palestine, respectively.
In retaliation for the Soleimani attack the two, now international fugitives from U.S. justice, ramped up their preexisting hacking campaigns. Nearly 1,500 websites the world over have suffered the keyboard’s wrath from these hackers. They were oh-so-crafty. Like, adding the Iranian flag image to a website, or replacing a company’s leader’s headshot with that of Soleimani’s. Meanwhile, to finance their crimes, they dabbled in trading stolen credit cards, stealing corporate information and intellectual property, and sending spam emails for profit. If found guilty of the federal computer crimes, and the surrounding conspiracy charges, they’re looking at up to decades in the pokey without internet. Boston’s FBI force handled the investigation.
Another couple Iranian nationals, and seasoned computer hackers, fell prone to federal law enforcement down I-95 in New Jersey. Ten counts amassed after the FBI busted up this conspiracy in which computer fraud, unauthorized access, and identify theft combined into at least seven years of criminal activity, waged in cyberspace. The conspirators, operating in Jersey, launched their campaign on behalf of the Iranian government. The world was their target area and no one was immune from universities to think tanks to government contractors to non-profits and just about any other category of institution. Generally, the two hackers stole intellectual property and trade secrets, foreign intelligence and military plans, and other extremely sensitive or confidential data. These schemes were intent and focused rather than a spaghetti-at-the-wall approach. Keyloggers were one of the tools. They would first gain entry into a computer system—usually, but not always, after simple social engineering tactics exposed our human vulnerability—and then once in they would install a program that logs and reports literally every keystroke. Passwords, encrypted messages, and anything else thereafter was theirs for the taking, and for transmitting to Iranian officials.
Just like the Iranian and Palestinian criminals from Boston’s jurisdiction, these two are fugitives on the run and likely receive high-level assistance to avoid being brought to justice.
Not much further down the coastline, in the District, or Northern Virginia more precisely, a trio of Iranian hackers were indicted by the U.S. Department of Justice on federal charges resulting from an investigation into identify theft and illegal computer access, here especially focused on the aerospace and satellite industries. These three, and all four above, are tied to Iran’s government. In this case its Islamic Revolutionary Guard Corps, Soleimani’s home office from his now-former life on earth, was particularly noted by law enforcement as having been the impetus. Further, claims DOJ, the IRGC has been so instrumental that it serves as one of the many ties that bind the three cases. And, infiltration of American commercial websites is ongoing, despite the dent in its armor, the formality of charging documents being all that they are.
The Virginia investigation illuminated a list of 1,800 online targets that the three Iranian hackers had been systematically checking off as they wreaked digital havoc during the past five years. Social engineering, the ploy of gaining a person’s trust in order to glean intelligence, up to acquiring passwords, was the starting point. It’s a sad and true statement about how we users provide the most vulnerability, all told. The criminals would steal their identities, distribute fake emails apparently from them, and obtain greater or deeper access. These three, again, are not in custody. They’re back home in Iran, or so DOJ believes.
What’s going on here? Clearly, the three investigations and sets of indictments were not totally hinged on the Soleimani attack. Much of the criminal activity harkened back years earlier. In a word, or a phrase, this looks much less like political retribution, or hacking for commercial gain even, than it does cyber warfare. It’s generally accepted that cyber warfare deploys the use of online, computer attacks in support of a conflict between two nation-states.
War, as a function of human existence, spans recorded time almost without interruption. It’s only during our lifetimes, though, that the field of war digitally expanded. For quite a while, war was relegated to land. Humans weren’t always able to paddle across the lake, you know. After sea was added, we awaited generations more until taking war into the air. A few of you out there, maybe, recall that innovation. Most of us, though, found the newer war fronts develop in space, both the “outer” version and now the “cyber” iteration.
In war, outer space was not the final frontier. Only the gullible would claim that the Iranian war tactics reflect the height of combat development. What’s next? Don’t ask.
Ed is a professor of cybersecurity, an attorney, and a trained ethicist. Reach him at email@example.com.