US officials, lawmakers warn of potential Iranian cyberattacks
Senior government officials and lawmakers warned Friday that Iran may attempt to carry out cyberattacks against the U.S. in retaliation for the killing of Quds Force commander Qassem Soleimani.
“The Iranians have a deep and complex cyber capability, to be sure. Know that we have certainly considered that risk,” Secretary of State Mike Pompeo said on Fox News.
His remarks came the same day that Iranian Supreme Leader Ayatollah Ali Khamenei said a “harsh retaliation is waiting” for the U.S. after President Trump ordered a drone strike in Baghdad that killed Soleimani.
Lawmakers said the strike has raised the odds of possible attacks from Iran, long-identified as one of the top international cyber threats to the U.S.
House Homeland Security Committee Chairman Bennie Thompson (D-Miss.) told The Hill in a statement that “President Trump’s reckless actions in the Middle East have made us less secure and risk serious consequences for the security of the homeland by escalating an already volatile situation. We have to be vigilant.”
Rep. Elissa Slotkin (D-Mich.), who formerly worked as a CIA analyst and served three tours in Iraq focused on Iran-backed militias, also strongly warned of the potential for attacks on the U.S.
“The Iranian government has vowed to retaliate and avenge Soleimani’s death, and could do so in any number of ways: against our diplomats and service members or high-ranking military officers, against our allies and partners in the region, or through targeted attacks in the Western world,” Slotkin said in a statement. “It is critical that the Administration has thought out the moves and counter-moves this attack will precipitate.”
Both Thompson and Slotkin have been heavily involved in drafting and advancing cybersecurity legislation.
Rep. John Katko (N.Y.), the top Republican on the Homeland Security Committee’s cybersecurity subcommittee, said in a statement that “we must remain focused on keeping this country safe from retaliation – not only on the ground in the Middle East and here at home, but from potential cyberattacks against our nation.”
Top officials at the Department of Homeland Security (DHS) met over the past two days to discuss any potential threats stemming from Thursday’s deadly airstrike, according to acting Secretary Chad Wolf.
“While there are currently no specific, credible threats against our homeland, DHS continues to monitor the situation and work with our Federal, State and local partners to ensure the safety of every American,” Wolf said in a statement.
Christopher Krebs, who serves as director of the Cybersecurity and Infrastructure Security Agency (CISA) at DHS, urged Americans to exercise caution in cyberspace.
Krebs tweeted Thursday night that he was “re-upping” a warning put out by CISA last year regarding Iranian cyberattacks, and said Americans should be vigilant online.
CISA said in June it was aware that Iran had stepped up its cyberattacks against federal agencies and other critical groups. The statement followed reports that U.S. cyber forces had targeted and taken down Iranian military computer systems following Iran’s shooting down of an American surveillance drone.
Krebs said at the time that “Iranian regime actors and proxies are increasingly using destructive ‘wiper’ attacks, looking to do much more than just steal data and money. These efforts are often enabled through common tactics like spear phishing, password spraying, and credential stuffing. What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network.”
On Friday, New York City Mayor Bill de Blasio (D) sounded the alarm of potential attacks.
“The problem here is if we end up in a shooting war, then you can expect things like cyberattacks on a level we have never seen before,” he said on MSNBC. “And, unfortunately, Iran is a serious, serious adversary when it comes to cyber.”
John Hultquist, director of intelligence analysis at cybersecurity firm FireEye, told The Hill in a statement that the company was “anticipating an elevated threat from the Iranian cyberthreat actors.”
“We will probably see an uptick in espionage, primarily focused on government systems,” Hultquist said, adding that he “also anticipates disruptive and destructive cyberattacks against the private sphere.”
Hultquist said FireEye is “concerned that attempts by Iranian actors to gain access to industrial control system software providers could be leveraged to gain widespread access to critical infrastructure simultaneously.”
Other tech firms have previously warned about aggression in cyberspace from Iran.
In October, Microsoft said that a U.S. presidential campaign, which Reuters identified as Trump’s, was targeted by Iranian cybercriminals. The same cyber group also targeted 2,700 other Microsoft email accounts, but ultimately only gained access to four. Trump campaign emails were not among those compromised.
Jake Olcott, a vice president at the cybersecurity group Bitsight and former counsel for the House Homeland Security Committee, told The Hill that in order to counter potential cyberattacks from Iran, it may boil down to both government and industry paying attention to stepping up “basic” cybersecurity protections.
“The bad guys don’t have to develop sophisticated ways of breaking in because people are not doing the basics,” Olcott said. “It’s about knowing outdated browsers and operating systems that are on your network, it’s knowing which systems are at end-of-life, systems that need to be patched, systems that need to be updated.”
Olcott emphasized that “it’s the basic hygiene, and that is what critical infrastructure organizations need to be focused on today.”