U.S. Launched Cyberattacks on Iran The cyberstrikes on Thursday targeted computer systems used to control missile and rocket launches By Dustin Volz and Nancy Youssef

https://www.wsj.com/articles/u-s-launched-cyberattacks-on-iran-11561263454

The U.S. covertly launched offensive cyber operations against an Iranian intelligence group’s computer systems on Thursday, the same day President Trump pulled back on using more traditional methods of military force, according to U.S. officials familiar with the matter.

The cyberstrikes, which were approved by Mr. Trump, targeted computer systems used to control missile and rocket launches that were chosen months ago for potential disruption, the officials said. The strikes were carried out by U.S. Cyber Command and in coordination with U.S. Central Command.

The officials declined to provide specific details about the cyberattacks, but one said they didn’t involve loss of life and were deemed “very” effective. They came during the peak of tensions this week between the U.S. and Iran over a series of incidents across the Middle East, including Tehran’s shooting down of an American reconnaissance drone.

The attacks also came as U.S. fears have grown that Iran may seek to lash out with cyberattacks of its own, as multiple cybersecurity firms said they had already seen signs Tehran is targeting relevant computer networks for intrusion and appeared particularly focused on the U.S. government and the American energy sector, including oil and gas providers.

While little was known about Thursday’s digital attacks, they were the latest indication that the U.S. has ramped up its willingness to use disruptive or destructive cyber weapons under President Trump after years of caution and drawn-out interagency deliberations that often led to inaction in previous administrations.

The National Security Council didn’t respond to requests for comment. “As a matter of policy and for operational security, we do not discuss cyberspace operations, intelligence or planning,” a Pentagon spokesman said. Details of the cyber operations were first reported late Friday by Yahoo News.

Asked Sunday about reports of the cyberattacks, Vice President Mike Pence declined to address the matter. “We never comment on covert operations,” Mr. Pence said during an interview with CBS.

Current and former U.S. officials have warned that cyberattacks against Iran could increase the likelihood that Iran may respond in kind, and have noted Iran is particularly unpredictable in its own use of cyberattacks.

On Saturday, the Department of Homeland Security’s top cybersecurity official, Chris Krebs, issued a statement warning that Iran’s malicious cyber activities were on the rise.

Such attacks could be destructive in nature, Mr. Krebs said. “What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network,” he said.

The current concern about Iran’s capabilities and intent builds on months of mounting alarm about how Iran could use cyber means to retaliate against the U.S. for the Trump administration’s tough posture and heated rhetoric toward the country. In April, the FBI issued an alert to private industry warning that Iran could retaliate in response to the U.S. formally designating the Islamic Revolutionary Guard Corps as a terrorist organization.

The U.S. attacks Thursday appear to be the first known instance of the U.S. Cyber Command using new authorities granted by the president and Congress last year to more easily allow for disruptive cyber operations against other countries that didn’t involve election security. Previously, in a classified operation known as Synthetic Theology, U.S. Cyber Command jammed servers belonging to the Internet Research Agency, a St. Petersburg, Russia, troll farm, during the 2018 midterm elections, according to people familiar with the operation.

White House national security adviser John Bolton, speaking earlier this month at a Wall Street Journal event, appeared to telegraph that these kinds of attacks would become more frequent.

“We’re now opening the aperture, broadening the areas we’re prepared to act in” beyond election security, Mr. Bolton said.

Mr. Bolton was one of several administration officials who last year advocated jettisoning a classified Obama-era memorandum that detailed when and how the U.S. could deploy cyber weaponry against its adversaries.

Those rules were replaced in August by new classified guidance intended to give the military a freer hand with cyberattacks, but details of the new policy have remained largely shrouded in secrecy.

Some Democratic lawmakers, including Rep. Jim Langevin of Rhode Island, have complained that they haven’t been briefed on or allowed to read the new rules, even as the Trump administration has become more active in its deployment of cyberattacks.

It wasn’t clear whether Thursday’s strikes were a one-off or the beginning of a larger crest of digital operations against Iran.

Army Gen. Paul Nakasone, the head of Cyber Command and the National Security Agency, has articulated a vision of “persistent engagement” in cyberspace that is intended to gain access to computer networks belonging to adversaries in order to understand what they are doing and planning and be ready with appropriate responses. The strategy is designed in part to keep multiple options open if and when conflict with another country may require disruptive or destructive cyberattacks.

Some former intelligence officials expressed skepticism that Cyber Command’s efforts would have a substantial impact on Iran’s operational capabilities, and said they may have been intended more to send a warning to Tehran that the U.S. is willing to engage with cyberattacks even as Mr. Trump exerted restraint with more traditional retaliatory operations.

Because Iran has a poor unified command and control, disrupting its central networks may do little to tactically disrupt rocket or missile launches, one former official said. “They use dudes on a truck with a phone,” the former official said.

Still, fears mounted over the weekend that the Islamic Revolutionary Guard Corps could punch back with its own cyberattacks. The group is viewed as having hackers who are easily provoked and who sometimes freelance without approval from superiors.

Iran has sought to blame the escalating tensions on the Trump administration, and said that concerns about more cyberattacks should rest solely with the U.S.

“We have no intentions to escalate anything,” said Alireza Miryousefi, the head of the press office at Iran’s United Nations mission. “On cyber capabilities, Iran’s policy and strategy is purely defensive, especially against malware and cyber attacks, as Stuxnet, emanating from the U.S. or others.”

Stuxnet was a sophisticated, multistage operation during the administrations of former Presidents George W. Bush and Barack Obama, which included use of the now-well-known Stuxnet virus. The operation impaired Iran’s nuclear program by disabling centrifuges that were enriching uranium. Some security experts have since criticized Stuxnet for helping to usher in an era where destructive cyberattacks are increasingly common.

Write to Dustin Volz at dustin.volz@wsj.com

Comments are closed.