WASHINGTON (Reuters) - Two years after the Stuxnet computer worm attacked its nuclear program, Iran is increasingly turning to cyber warfare itself in a growing, stealthy confrontation with its enemies.
While the immediate threat of an Israeli military strike on its nuclear facilities has eased for now, Tehran’s rulers are under increasing pressure from crippling sanctions, a collapsing currency and rising popular discontent.
With all sides apparently keen to avoid an outright conflict, deniable cyber attacks seemingly offer one of the easiest ways of fighting back without risking too much.
Definitive proof of responsibility in cyberspace, experts say, is often all but impossible. But government and private security officials say what evidence exists points to Iranian involvement in a rising tide of attacks in the last year.
Among the most serious were directed denial of service attacks that took down websites of several U.S. banks including Citigroup and Bank of America as well as an assault on Saudi oil firm Aramco that destroyed some 30,000 computers.
What the attacks show, experts with knowledge of government intelligence say, is that Tehran is raising its game fast - although its capabilities remain well behind those of the United States, Israel, Britain other powers such as China and Russia.
The attacks, they say, have been increasing in both sophistication and intensity.
“We’ve known for a long time that the Iranians were working on these kind of techniques, but it is a surprise how fast they have advanced,” said James Lewis, a former U.S. foreign service officer now senior fellow and cyber specialist at Washington D.C.’s Centre for Strategic and International Studies.
“Neither side really wants a war because of the economic costs in particular. So this is what they do instead.”
Speaking through local media, Iranian officials denied involvement in the bank hacking. But they say they themselves have come under mounting attack, with oil facilities, infrastructure and communications firms all suffering system failures they blamed on cyber attacks from other countries.
What Stuxnet unleashed, experts say, is the most sophisticated and perhaps dangerous cyber conflict yet seen.
While no government has ever taken responsibility for Stuxnet, it is widely assumed to have been a joint U.S.-Israeli project designed to damage and destroy nuclear centrifuges.
“Stuxnet was effective, but it wasn’t a knockout blow,” says Ilan Berman, a former CIA and Pentagon consultant now vice president of the American Foreign Policy Council. “What it has done, however, is open a new front.”
The Islamic Republic’s rulers first woke up to the dangers, and the potential, of cyberspace in 2009 when anti-government protesters used the Internet to organize huge protests against presidential elections they said were rigged.
Since then, largely Shi‘ite Iran has beefed up the ability of its Revolutionary Guards to monitor the web to track and intimidate potential dissidents. But it has also ploughed resources into hitting back at its enemies, not just the United States and Israel but Gulf monarchies such as Saudi Arabia and Qatar.
Some believe Tehran may also be providing technical support to long-term ally Bashar al-Assad in Syria, where cyber warfare has played a role in the worsening bloodshed.
Assad’s own e-mails were hacked by the opposition, while experts suspect Syria or Iran may have been behind last week’s apparent interference in regional broadcasts of BBC World.
“Cyber is the domain where the brunt of the confrontation will move to,” says Dina Esfandiary, a research associate and Iran specialist at London’s International Institute for Strategic Studies. “For Tehran, (it) is the ‘safest’ form of confrontation because of its secretive and deniable characteristics.”
Exactly who is doing the hacking, however, is harder to say.
“A lot of these capabilities are fluid,” said the American Foreign Policy Council’s Berman, who has testified to Congress on the issue.
“You have groups of hackers that may or may not be part of the Revolutionary Guards but clearly are encouraged by them. There is also the possibility that Iran is buying additional cyber capabilities, or even manpower, on the open market. We simply don’t know.”
In a major speech on cyber security last week, U.S. Defense Secretary Leon Panetta described the attack on Aramco as the most destructive ever suffered by a private sector company -- although he stopped short of explicitly blaming Tehran.
The thrust of his speech, however, was seen by analysts as an explicit warning that further attacks could bring consequences.
The very attractions of the silent war - deniability and use of arms-length proxies - may make it harder to control.
The rules in cyberspace, experts say, remain far from clear. Washington announced last year it reserved the right to retaliate militarily for any cyber attack that caused death or damage, but in reality most believe the technology has far outpaced the discussion on its use.
“States at the moment seem to have little self-restraint in cyber,” said Alexander Klimburg, cyber security expert at the Austrian Institute for International Affairs. “This is very dangerous... The consequence may be that... we find ourselves with a redefinition of ‘war’ - one that is never declared, seldom visible but effectively constant.”
What is increasingly clear is that cyber confrontation will be at the heart of many if not all international disputes and rivalries in the years to come.
Russia and China are believed to have ploughed billions into capabilities they believe may allow them to work around the conventional military dominance of the United States, allowing them to turn off essential systems and communications.
U.S. officials already accuse China of hacking corporate and state secrets and stealing technology. Meanwhile, Beijing accuses Washington of supporting Internet dissidents it fears want to bring down the communist government.
At worst, some fear cyber disputes could wreck international relationships and spark shooting wars - and not just in the Gulf.
“We have a situation where governments and their proxies are increasingly indulging in cyber attacks to damage rivals’ interests,” said John Bassett, a former senior official at British signals intelligence agency GCHQ and now senior fellow at London’s Royal United Services Institute.
“There’s a really serious lack of shared understanding and informal rules needed to regulate and limit these activities.”
Reporting By Peter Apps; Editing by Jon Boyle