In just over two years, the Iranian government has managed to build up a sophisticated cyberarmy that experts now say is capable of crippling key global infrastructure.
"Five years ago, I would have never imagined Iran to be where they are today," cybersecurity expert David Kennedy, founder of information security firm TrustedSec, told Business Insider. "Iran was once considered a D-grade cyber threat. Now it's almost on the same level as Russia or China."
Iran has increased its cybersecurity spending 12-fold since President Hassan Rouhani assumed office in 2013, according to a report released Monday by British technology research firm Small Media. Vowing to ramp up the country's cyber capabilities, Rouhani has given the Islamic Revolutionary Guard Corps (IRGC) an annual cybersecurity budget of roughly $19.8 million.
While Iran's initial cyber efforts were focused on countering internal dissidence, the government put its cyber experts on the offensive after an American computer worm, Stuxnet, infiltrated Iranian government servers and ruined almost one-fifth of the country's nuclear centrifuges in June 2010.
By November 2010, the Basij Cyber Council had trained 1,500 cyber-warriors who, according to IRGC commander Hossein Hamedani, "have assumed their duties and will in the future carry out many operations," according to a report released in 2013 by the Middle East Media Research Institute.
“Out of any country on the planet, I can’t think of a country that has been more focused than Iran from the high levels of government on cyber, and that includes the United States,” Dmitri Alperovitch, co-founder of cybersecurity firm CrowdStrike, told The Hill back in November.
And they'll only get better.
"In 10 years time, Iran's cyber capabilities will be more troubling than its nuclear program," geopolitical expert Ian Bremmer, president of the Eurasiaa group, tweeted earlier this week. He also noted that aggressive cyber operations by the US can be turned around on them by weaker adversaries.
The US government is now at a severe disadvantage when it comes to protecting the country's critical infrastructure from foreign hackers, especially given the current global political climate. The US' ongoing nuclear talks with Iran and its frosty relationship with Russia — a major Iranian ally — have made conditions ripe for Iran to try and use its cyber capabilities as negotiating leverage.
"Russia has probably helped Iran a lot in stepping up its cyber capabilities in the event of a conflict with NATO," Kennedy said. "If they [the Iranians] want to topple the US' financial sector, or cripple the military's ability to communicate, they can do that."
"Russia has probably helped Iran a lot in stepping up its cyber capabilities in the event of a conflict with NATO," Kennedy said. "If they [the Iranians] want to topple the US' financial sector, or cripple the military's ability to communicate, they can do that."
Kennedy noted that while Chinese and Russian hackers are typically motivated by competitive advantage or monetary gain, Iranian hackers are trained to infiltrate servers so that they can destroy them.
"Iran's cyber warriors ask themselves one question," Kennedy said. "Can I entrench myself in key sensitive areas and take the US down in the event of a conflict?"
Iran's cyber warriors ask themselves one question:
"Can I entrench myself in key sensitive areas and take the US down in the event of a conflict?"
Most likely, they can. Cyber security and hacking has become a booming industry in Iran — as a result, more and more Iranian students are choosing to study computer network defense, exploitation, and warfare in high school and college.
"At the Sharif University of Technology, which is like the MIT of Iran, students are participating in cyber 'capture-the-flag' games to hone their hacking skills," cyber-jihad expert Jeff Bardin, chief intelligence officer of cyber intelligence firm Treadstone 71, told Business Insider. "They compete to see who can find security holes and break through servers' encryptions and firewalls the fastest."
Colleges and universities in Iran also offer their students internships with notorious Iranian hacker groups, according to Bardin, who they then go on to work for after they graduate.
"It's all highly institutionalized," Bardin said. "The irony is that, after looking at some of the professors' resumes, you'll see that most of these cyber experts teaching students how to hack were initially trained in the US or UK."