By Shahir Shahidsaless
In August 2012, Aramco, Saudi Arabia’s state oil monopoly - the largest oil company in the world, was struck by a crippling computer virus, now known as the Shamoon. More than 30,000 computers were disabled. Shortly thereafter, a similar attack hit Rasgas, a joint venture between the United States’ Exxon Mobil and state-owned Qatar Petroleum of the gas-rich emirate. Then, the largest US financial firms, including Bank of America, JPMorgan Chase, PNC, U.S. Bank, and Wells Fargo were assaulted by so-called DDoS “distributed denial-of-service” attacks. None of these attacks imposed any significant damage.
In response to the attacks, US Secretary of Defense, Leon Panetta delivered a monumental speech to the Business Executives for National Security on October 12. He asserted that the results of “a cyber attack perpetrated by nation states or violent extremist groups” on critical infrastructure such as power plants, water treatment facilities, and gas pipelines “could be a cyber Pearl Harbor -- an attack that would cause physical destruction and the loss of life.” In his strongest words, Panetta analogized cyber attacks to those of 9/11: “Before September 11, 2001, the warning signs were there. We weren't organized. We weren't ready and we suffered terribly for that lack of attention. We cannot let that happen again. This is a pre-9/11 moment.”
Calling itself the Izz ad-Din al-Qassam Cyber Fighters, a hacker group took credit for the attacks. They declared that the attacks would continue until the anti-Islamic, “Innocence of Muslims” film trailer is removed from the Internet. However, some US officials speaking to CNN on condition of anonymity said the perpetrators of the cyber attacks are working closely with the government of Iran. “We strongly believe there is a relationship between the people typing the code and people running the government [of Iran],” one official said. Iran denied involvement in the attacks.
On the opposite side, what should not be missed is that according to reports, the United States and Israel launched the first, state-planned cyber war in history against Iran’s nuclear program. According to the New York Times, from his first months in office, President Obama ordered acceleration to waves of cyber attacks against Iran. Sources told the Times that the US cyber attack, part of a larger sabotage operation called, “Olympic Games,” was a joint project of the US and Israel.
Following the New York Times report, leaders of the Senate and House intelligence committees—Senators Saxby Chambliss and Dianne Feinstein and Representatives Mike Rogers and C.A. Dutch Ruppersberger—released a statement noting, “We have become increasingly concerned at the continued leaks regarding sensitive intelligence programs and activities, including specific details of sources and methods.”
Republicans accused the White House of “intentionally leaking information to enhance President Obama's image as a tough guy for the elections.” President Obama denied the accusations. “The notion that my White House would purposely release classified national security information is offensive,” he said. “It’s wrong.” However, surprisingly, the substance of the New York Times report was not denied by the US administration.
Leading cyber experts maintain that the consequences of a massive, successful cyber attack on US infrastructure and/or the banking system would be devastating. So clearly, the potential for detriment imposed by a serious cyber attack is not a secret. To that end, two possible scenarios should be considered.
First, the cyber attacks against Iran are continuing. Preliminarily, the Stuxnet, then Flame, and now Mini-Flame have hit Iran. According to The Guardian, “Two leading computer security laboratories – Kaspersky Lab and Symantec – have been studying a series of powerful cyber weapons used against targets including the Iranian nuclear program and Lebanese banks accused of laundering money for Iran and its ally Hezbollah. They are now convinced that all were probably created by a national government or governments working together.”
Considering Iran’s profound mistrust of the US, known facts, and even unconfirmed information about these cyber attacks, Iran’s government will almost certainly conclude that the strategy of “regime change” is in motion again, albeit a hi-tech version. They may decide to retaliate, possibly through the employment of foreign experts. Common sense dictates that such a trend could trigger a tit-for-tat chain of retaliatory events. While retaliations intensify, it is plausible; even likely, that a large scale, Iranian cyber attack against the US would ultimately provoke a military response against Iran.
We now know that the tragic events of 9/11 prepared the grounds, and were used as the pre-text to attack Iraq, despite the absence of any connection between Saddam’s regime and the 9/11 attacks. In reality, many state and non-state actors dislike the Iranian regime. Therefore, the second plausible scenario would be that a third party, even from within Iran, might stage a false flag attack, assigning blame to the Iranian government and giving the US justification for waging war against them. There are active terrorist organizations within Iran that might be able to effectuate such attacks with the help of regional adversaries to the Iranian government.
In an atmosphere filled with hostility and distrust, emotions running high, the aftermath of such a disastrous false flag attack would leave Tehran vulnerable to accusations of responsibility.
The current game is dangerous, and if overplayed, will escalate hostility and mistrust between Iran and the US to new, alarming heights.
This article is part of Insider & Insight, a new AIC program aimed at providing different perspectives and analyses on key developments in US-Iran relations. The commentary and opinions expressed herein are solely those of the author and do not reflect the official position of American Iranian Council.