11 May 2018
Iran’s hackers likely to target Trump for pulling out of nuclear deal
Donald Trump’s decision to pull his country out of the nuclear deal with Iran may end up costing the United States’ President dearly.
As a starting point, reinstating sanctions on Iran will definitely hurt its economy, but this doesn’t come for free. Sanctions also will hurt the US. It’s estimated from 1995 to 2014 sanctions cost the US about $US10 billion a year in lost export revenue. Additionally, there are political costs such as damage to relationships with the other signatories: China, France, Russia, Britain and Germany.
But resuming sanctions also will expose the US and Trump to other forms of retaliation that are likely to involve cyber attacks.
Cyber security companies have warned that Western businesses should prepare for such attacks; Trump and his business empire could be a key target.
Iran has a very active state-sponsored hacking program. The Iranian government also has an interesting tradition of responding to sanctions and slights with targeted cyber attacks. It’s one of the few states that regularly uses destructive cyber attacks as a deterrent or as retribution in international diplomacy.
When the US imposed sanctions against Iran in late 2011, for example, Iran responded with distributed denial of service campaigns against leading US banks — it flooded bank websites with traffic so they were overwhelmed and unable to serve their customers. This is a relatively cheap and unsophisticated form of online attack — small DDoS attacks can be purchased for tens of dollars — but these large attacks over time cost the victims tens of millions of dollars.
Iran also has responded to individuals who have threatened Iran. Sheldon Adelson — a casino magnate, one of the Trump campaign’s largest donors and a strong supporter of Israel — suggested in October 2013 at Yeshiva University’s Manhattan campus that the US should use nuclear weapons in the Iranian desert and said of Iran regarding nuclear talks: “You want to be wiped out? Go ahead and take a tough position.”
By January 2014 Iranian hackers were probing casinos owned by Adelson and by the following month had taken control of the computer network at his Las Vegas Sands Corporation. That February 10, they launched an attack that shut down company emails, wiped computers and crippled the Sands IT network.
There are indications Iran’s hackers are prepared to attack critical infrastructure, too. The group of hackers that attacked US banks also has been indicted by the FBI for hacking the controls of a small dam in New York state.
It also has been alleged hackers linked to the Iranian government were responsible for the Triton (or Trisis) malware discovered in a Saudi Arabian petrochemical plant that appears to have been designed to cause an explosion. Last year’s attack was a disturbing escalation in the use of cyber operations to cause destruction and possibly death.
From an Iranian hacker’s point of view, Trump may be a more valuable target than critical infrastructure in the US. He is the leader of the world’s most powerful country. His Twitter persona illustrates his colourful personal life and volatile personality.
Most important, he’s personally strongly associated with the abandonment of the Iran deal. In his tweets the President has described the development as “my decision”.
His business empire — The Trump Organisation, a collection of about 500 entities that is now run by his children — is a soft target. Spanning real estate, casinos, golf courses, hotels and even bottled water, these businesses provide plenty of avenues for attack — what hackers call “attack surface”.
With such a large and diverse attack surface, a determined attacker inevitably will find its way into Trump Organisation’s IT systems.
From the point of view of an Iranian hacker, the questions will be: Where is the best point of leverage in this IT system? Where can I cause the greatest political effect? What can I do that will cause the most personal damage to Trump?
With the President’s businesses offering up such an array of potential targets, one of the biggest decisions the Iranians will have to make is where to focus their efforts. It’s likely the Trump Organisation is not a single entity with shared IT but, rather, a loose conglomerate of businesses. Just defacing the public website or even destroying the IT within any one of them would cause embarrassment.
Accessing and leaking more detail about Trump’s personal and business dealings could inflict real damage. We shouldn’t be surprised to see within six months an expose of Trump’s finances.