Mr. Krebs hosted a call last Friday with more than 1,700 members of the private sector and state and local governments, encouraging them to back up their data on storage sites not connected to the internet and alert security personnel to be on the lookout for signs of breaches in their computer systems. While hackers have conducted attacks for ransom, Mr. Krebs warned that future attacks could be to simply cause mayhem.
Mr. Krebs’ agency serves mainly to advise private companies and local governments of risks before attacks are launched. While the United States government can assist in the event of a breach, private computer security firms and the companies themselves are expected to be able to handle the initial response and rebuild their networks.
Iranian hackers backed off from such destructive attacks in the lead-up to the signing of the Iran nuclear deal in 2015 and after it. But Iranian hacking units never ceased hacking; they moved to quieter espionage campaigns, with increasing sophistication.
After Mr. Trump backed out of the Iran nuclear deal in 2018, private security experts and American officials braced for a renewed campaign of Iranian computer warfare. At the time, Gen. Keith B. Alexander, the former director of the National Security Agency, told The New York Times, “With the nuclear deal ripped up, our nation and our allies should be prepared for what we’ve seen in the past.”
Last year, the Department of Homeland Security was alarmed by Iran’s successful hack of the internet’s underlying computer coding, called the Domain Name System, in which Iranians stole thousands of credentials from telecommunications companies, government agencies and internet infrastructure companies in the United States, Europe and Middle East. The department’s cybersecurity division issued a statement warning that Iran was looking to do more than “just steal money and data.”
The division released a new advisory Monday night warning that “Iran and its proxies and sympathizers” have the ability to conduct disruptive computer attacks, espionage and drone attacks. Customs and Border Protection, another arm of Homeland Security that employs agents at ports throughout the country, has instructed officers to enhance security.
Over the past year, Iranian hackers have been quietly probing American infrastructure and government networks, according to private researchers and the United States Cyber Command, the Defense Department agency responsible for carrying out attacks on computer systems. Iranian hackers may use their access to destroy databases, or they may choose to try to access the electricity grid that powers Silicon Valley “as a way of saying, ‘You may want to retaliate but there will be consequences,’” said Suzanne Spaulding, former under secretary for cybersecurity and critical infrastructure at the Department of Homeland Security. “‘We’re sitting here with a gun to your head.’”