* Tehran using cyberspace to retaliate against Westerns
sanctions
* Domestic opposition also targeted
* Cyber war hard to stop once started, warn experts
By Peter Apps, Political Risk Correspondent
WASHINGTON, Oct 24 Two years after the Stuxnet
computer worm attacked its nuclear program, Iran is increasingly
turning to cyber warfare itself in a growing, stealthy
confrontation with its enemies.
While the immediate threat of an Israeli military strike on
its nuclear facilities has eased for now, Tehran's rulers are
under increasing pressure from crippling sanctions, a collapsing
currency and rising popular discontent.
With all sides apparently keen to avoid an outright
conflict, deniable cyber attacks seemingly offer one of the
easiest ways of fighting back without risking too much.
Definitive proof of responsibility in cyberspace, experts
say, is often all but impossible. But government and private
security officials say what evidence exists points to Iranian
involvement in a rising tide of attacks in the last year.
Among the most serious were directed denial of service
attacks that took down websites of several U.S. banks including
Citigroup and Bank of America as well as an assault on Saudi oil
firm Aramco that destroyed some 30,000 computers.
What the attacks show, experts with knowledge of government
intelligence say, is that Tehran is raising its game fast -
although its capabilities remain well behind those of the United
States, Israel, Britain other powers such as China and Russia.
The attacks, they say, have been increasing in both
sophistication and intensity.
"We've known for a long time that the Iranians were working
on these kind of techniques, but it is a surprise how fast they
have advanced," said James Lewis, a former U.S. foreign service
officer now senior fellow and cyber specialist at Washington
D.C.'s Centre for Strategic and International Studies.
"Neither side really wants a war because of the economic
costs in particular. So this is what they do instead."
Speaking through local media, Iranian officials denied
involvement in the bank hacking. But they say they themselves
have come under mounting attack, with oil facilities,
infrastructure and communications firms all suffering system
failures they blamed on cyber attacks from other countries.
What Stuxnet unleashed, experts say, is the most
sophisticated and perhaps dangerous cyber conflict yet seen.
While no government has ever taken responsibility for
Stuxnet, it is widely assumed to have been a joint U.S.-Israeli
project designed to damage and destroy nuclear centrifuges.
"Stuxnet was effective, but it wasn't a knockout blow," says
Ilan Berman, a former CIA and Pentagon consultant now vice
president of the American Foreign Policy Council. "What it has
done, however, is open a new front."
TRACKING DISSENT, ATTACKING ENEMIES
The Islamic Republic's rulers first woke up to the dangers,
and the potential, of cyberspace in 2009 when anti-government
protesters used the Internet to organise huge protests against
presidential elections they said were rigged.
Since then, largely Shi'ite Iran has beefed up the ability
of its Revolutionary Guards to monitor the web to track and
intimidate potential dissidents. But it has also ploughed
resources into hitting back at its enemies, not just the United
States and Israel but Gulf monarchies such as Saudi Arabia and
Qatar.
Some believe Tehran may also be providing technical support
to long-term ally Bashar al-Assad in Syria, where cyber warfare
has played a role in the worsening bloodshed.
Assad's own e-mails were hacked by the opposition, while
experts suspect Syria or Iran may have been behind last week's
apparent interference in regional broadcasts of BBC World.
"Cyber is the domain where the brunt of the confrontation
will move to," says Dina Esfandiary, a research associate and
Iran specialist at London's International Institute for
Strategic Studies. "For Tehran, (it) is the 'safest' form of
confrontation because of its secretive and deniable
characteristics."
Exactly who is doing the hacking, however, is harder to say.
"A lot of these capabilities are fluid," said the American
Foreign Policy Council's Berman, who has testified to Congress
on the issue.
"You have groups of hackers that may or may not be part of
the Revolutionary Guards but clearly are encouraged by them.
There is also the possibility that Iran is buying additional
cyber capabilities, or even manpower, on the open market. We
simply don't know."
In a major speech on cyber security last week, U.S. Defense
Secretary Leon Panetta described the attack on Aramco as the
most destructive ever suffered by a private sector company --
although he stopped short of explicitly blaming Tehran.
The thrust of his speech, however, was seen by analysts as
an explicit warning that further attacks could bring
consequences.
SECRET, UNENDING WAR?
The very attractions of the silent war - deniability and use
of arms-length proxies - may make it harder to control.
The rules in cyberspace, experts say, remain far from clear.
Washington announced last year it reserved the right to
retaliate militarily for any cyber attack that caused death or
damage, but in reality most believe the technology has far
outpaced the discussion on its use.
"States at the moment seem to have little self-restraint in
cyber," said Alexander Klimburg, cyber security expert at the
Austrian Institute for International Affairs. "This is very
dangerous... The consequence may be that... we find ourselves
with a redefinition of 'war' - one that is never declared,
seldom visible but effectively constant."
What is increasingly clear is that cyber confrontation will
be at the heart of many if not all international disputes and
rivalries in the years to come.
Russia and China are believed to have ploughed billions into
capabilities they believe may allow them to work around the
conventional military dominance of the United States, allowing
them to turn off essential systems and communications.
U.S. officials already accuse China of hacking corporate and
state secrets and stealing technology. Meanwhile, Beijing
accuses Washington of supporting Internet dissidents it fears
want to bring down the communist government.
At worst, some fear cyber disputes could wreck international
relationships and spark shooting wars - and not just in the
Gulf.
"We have a situation where governments and their proxies are
increasingly indulging in cyber attacks to damage rivals'
interests," said John Bassett, a former senior official at
British signals intelligence agency GCHQ and now senior fellow
at London's Royal United Services Institute.
"There's a really serious lack of shared understanding and
informal rules needed to regulate and limit these activities."