Tehran-backed hackers are expected to target the US and its allies to avenge the killing of a top Iranian general. So, how do Iran's cyberwarfare capabilities compare with those of the US? DW asks security experts.
A day after US air strikes killed Iranian general Qassem Soleimani, the US Department of Homeland Security issued an advisory warning against possible cyberattacks by Iran and its proxies.
"Iran maintains a robust cyberprogram and can execute cyberattacks against the United States," the advisory read. "Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States."
The authorities asked citizens to be prepared for "cyberdisruptions, suspicious emails, and network delays."
Within hours of the bulletin, a federal government website was hacked by allegedly Iran-affiliated hackers, who defaced it with an altered photo of President Donald Trump being punched in the face and a tribute to the slain general, who led the Revolutionary Guards' elite Quds force.
"Hacked by Iran Cyber Security Group Hackers. This is only small part of Iran's cyber ability! We are always ready," the hackers signed off.
It's not yet known if the hackers were linked to Iran but the attack on the nondescript US website was consistent with similar intrusions in the past by Iranian hackers. The timing of the attack, however, has got the experts alarmed.
Iran has vowed "forceful revenge" in the aftermath of the killing of Soleimani and cyberwarfare is expected to be a major component of that retaliation.
"I don't think Iran would use cyberattacks as the primary mechanism for revenge but as part of the wider revenge package," Philip Ingram, a former British military intelligence officer, told DW. "It's not if, it's definitely when."
Sophisticated cyber army
Iran is said to have developed advanced cybercapabilities in response to the 2010 Stuxnet virus attack on an Iranian nuclear facility. The attack is widely believed to have been carried out by the US and Israel to derail Tehran's nuclear ambitions.
Tehran has since been accused of mounting sophisticated, disruptive cyberattacks on its rivals. The most notable of them was an attack on a Saudi Aramco oil company in 2017. The malware attack forced the company to completely replace the network and all the hardware that was on it.
Iran-affiliated hackers have also been linked to cyberattacks on critical infrastructure, large banks and academic institutions in the United States, including one that saw hackers breach the systems of a dam just outside New York.
"The country (Iran) has developed, notably under the watch of late Soleimani, sophisticated cybercapabilities over the past couple of years to compensate for the weak conventional military force of the country and prepare Iran for indirect reprisals," Yana Popkostova, director at the European Centre for Energy and Geopolitical Analysis, told DW.
Popkostova says Iran will, however, try to avoid a direct military confrontation or state-sponsored cyberwar.
"While cyberattacks will be used for sure, they will be done via a proxy, hence allowing plausible deniability of sorts on behalf of the state," she said.
Jens Monrad, head of intelligence for EMEA at cybersecurity firm FireEye, does not expect an imminent destructive cyberattack by Iran on critical US infrastructure as such attacks require a lot of planning and preparation.
"I don't necessarily foresee that Iran would be able to, let's say, push a red button today and then carry out such an attack," he told DW. " It is probably more likely that we would see attempts to carry out espionage campaigns against government and military operations and organizations to either learn about policies that are in the making or get sensitive information related to future attacks."
Russia to the rescue?
While Iran's cybercapabilities have come a long way since the Stuxnet attack, they still do not match up to the cyberprowess of countries such as the US, China, Russia and Israel.
"I would put Russia and China into tier-one bracket and when we come to the western nations' capabilities, tier 1 would be the likes of the US, the United Kingdom and Israel." Ingram said. "Iran is slightly behind them principally because it is suffering from a lot of sanctions. It's more difficult for it to get its people trained in the better academic institutions, to get them the technologies and everything else that they need. But they're not completely isolated."
Experts say Iran could potentially make up for its shortcomings by launching cyberattacks in coordination with close ally Russia.
"There's an increasingly close relationship there," Ingram said. "Russia has got an aggressive, active cyber and wider disinformation campaign that's going on out there. If they could use Iran as a plausibly deniable outlet for Russian attacks in different places or use Russian influence to gain access to more Iranian oil and other things, I think that it [coordinated attacks] is distinctly possible if not probable."
Stung by past attacks, the US has over the years built a robust defense against hackers looking to target critical infrastructure. It has ramped up threat detection capabilities, ensured better information sharing with those running critical infrastructures and strengthened collaboration between private and government security professionals.
But the country's greater reliance on the internet to run everything from dams to financial markets makes it more vulnerable to a cyberattack than say Iran, which still has the ability to work on its legacy systems.
"Does that mean, it's impossible for our governments and our organizations to deal with such attacks. no," Ingram said. "I think there are robust plans in place to make sure that if elements are damaged in any way by cyberattacks that damage can be mitigated pretty quickly."