Will US Indictments of Iranian Hackers Be a Deterrent?Security Experts Offer an Analysis of the Impact
Over three days last week, the U.S. Justice Department revealed criminal charges against several Iranian nationals accused of targeting American government agencies and others.
In addition, the U.S. Treasury Department issued economic sanctions against 45 individuals as well as an advanced persistent threat group, while the Cybersecurity and Infrastructure Security Agency issued its own warning about Iranian hackers taking advantage of several well-known vulnerabilities.
The indictments and sanctions are meant to send a message that the activities of nation-state-backed hackers targeting U.S. businesses, federal agencies and citizens can be precisely tracked and the identities of the threat actors pinpointed. But many security experts say that Iranian hackers - especially those outside the reach of U.S. law enforcement agencies - are likely to remain undeterred.
"There is always a degree of deterrence involved in bringing charges, but for the most part, this is probably much more about diplomatic relations in the game of nations," Sam Curry, CSO at security firm Cybereason, tells Information Security Media Group. "Charges in absentia don't carry much weight. But due process is important. The rule of law is important. And establishing facts and groundwork for negotiations on treaties, work at the U.N., trade and more are all part of the ecosystem in which nation-states play the game."
Dave Stapleton, CISO of security firm CyberGRX and a former U.S. government security analyst, says: "Nearly every source I've read predicts, with good reason, that the individuals indicted will not be extradited to the U.S. to stand trial. The complacency of a nation-state to these kinds of alleged crimes only gives confidence to others who may be considering illicit cybercrimes. That could most certainly include those who wish to disrupt the U.S. electoral process via some form of hacking, be it social engineering or more technical techniques."
Capabilities of Iranian Hackers
The criminal charges announced over the last week by the Justice Department show not only how Iran's cyber capabilities have progressed over the last decade but also the ambitions that Tehran has when it comes to targeting organizations in the U.S. and elsewhere.
In these indictments:
- Three Iranian suspected hackers were charged with using social engineering and phishing techniques to steal data and intellectual property from U.S. satellite and aerospace companies over several years (see: 3 Iranian Hackers Charged With Targeting US Satellite Firms).
- Two other Iranian nationals were charged with participating in a yearslong hacking campaign that targeted vulnerable networks in the U.S., Europe and the Middle East and was designed to steal "hundreds of terabytes" of data. While these two hackers allegedly profited personally from some of these hacking incidents, they are also accused of giving data to the Iranian government (see: 2 Iranians Indicted for Lengthy Hacking Campaign).
- Two suspected hackers, including one Iranian national, were charged with defacing over 50 U.S. websites following the death of Iranian Major General Qasem Soleimani (see: 2 Alleged Hackers Indicted for Defacing US Websites).
While U.S. officials have focused in recent years on threats from hacking groups tied to the governments of China, Russia and North Korea, the recent indictments show that Iran is now an area of focus as well.
"Seeing federal agencies take actions against Iranian actors even over some others doesn't necessarily mean that Iranian actors are more active than Russian or Chinese counterparts," says Cybereason's Curry. "All actors are increasing frequency and sophistication of attacks."
Tom Kellermann, the head of cybersecurity strategy at VMware Carbon Black, who formerly served as a cybersecurity adviser to President Barack Obama, notes that geopolitical tensions between the U.S. and Iran are likely pushing American officials to react more strongly to the cyberthreat that Iran poses.
"The DOJ has opened a new chapter in its campaign to civilize American cyberspace," Kellermann says. "These recent indictments depict a proactive effort to bring cyber spies to justice."
In August, the U.S. Office of the Director of National Intelligence released an updated assessment that found disinformation campaigns remain an ongoing issue for the 2020 election and that nation-states are using new tactics to interfere with the U.S. election (see: US Intelligence Adds More Details on Election Interference).
Iran is suspected of targeting the campaign offices of President Donald Trump and Democratic nominee Joe Biden.
And the Justice Department last week announced charges against a China-based advanced persistent threat group called APT41 (see: 5 Chinese Suspects Charged in Connection With 100 Breaches).
All the anti-hacker law enforcement actions in recent weeks are intended to send a message that the U.S. is tracking hacker activity in the weeks leading up to the election, security experts say.
"It will be difficult to make any tie between these attacks and indictments and the U.S. elections," says Jonathan Couch, senior vice president for strategy at security firm ThreatQuotient. He previously served at the NSA Air Force Information Warfare Center. "The U.S. government may be trying to send a message before the elections that they are watching. But the Chinese, Russians, Iranians and other nation-state actors likely won't be shaking in their boots any time soon."