The Iranian Cyber Army

Jul 12, 2011

By Alex Lukich

The Iranian government’s cyber intentions and capabilities seem to be congruent to that of its military.  The Iranian Cyber Army (IRA) has yet to be officially recognized as an Iranian entity, but many qualities and characteristics run parallel with how the Iranian military has been directed in recent years.   The attempted oppression of the pro-democratic Green Movement in Iran, political retribution against US organizations for critical reports, and intrusion of technologies supportive of freedom of expression are all acts in accordance to the current Iranian military vision.    The hacking of various government and business sector websites has been the ICA’s primary method of generating international awareness of its presence, but the simple manner in which it accomplishes its cyber hacks and the insignificant targets it has chosen suggests that the group is undeveloped.  This seemingly rudimentary organization replicates the Iranian military in that their technology is considerably inferior to that of the world’s most powerful nations, and Iran continues to be generations behind developing equivalent modern warfare.  The ICA may have accomplished hacks on prominent international websites, but these short-lived, insignificant invasions are testaments to the inferior capabilities of the Iranian cyber program.

Some doubt exists that Iranians are the operators of the ICA, and that Russian hackers are the true developers.   This claim seems unlikely given that Russian hackers are thought to be some of the best in the world.  Two of the most substantial instances of hacking to date were those performed by the Russians against Estonia and Georgia.  Russia has demonstrated its cyber capabilities are among the best in the world along with the United States and China, thus the methods used by the ICA to hack Twitter, Baidu, and Voice of America do not seem to reflect this acumen.  The ICA’s hacks did not penetrate any of the networks, but rather compromised an outside system that contained domain name server information.  Once they acquired control of the server, the ICA redirected traffic away from their intended destination to a page created by the hackers.   In the end, these hacks were corrected by the sites, and the disturbance was held to a minimum.  These hacks were nothing more than a disruption, no classified information was acquired, no money was stolen, and no technology was retrieved.  This indicates an inexperienced and untrained organization.

Interestingly enough, the ICA began to make its presence known in late 2009, after evidence of the Stuxnet virus began to surface in Iranian nuclear facilities.  Perhaps Iran and the Islamic Revolutionary Guard Corps (IRGC) witnessed the effects of the newest form of international espionage and warfare, and realized they needed to become a player in the game.  Similar to how the Armed Forces of the Islamic Republic have mimicked and incorporated technologies and tactics of their enemies in the past, the Iranians are pursuing the indigenous development of a cyber program to use against their adversaries in the West.*  

The Armed Forces of the Islamic Republic and the IRGC have not claimed ownership of the ICA, in accordance to their typical behavior for much of their programs and actions, but it can also be attributed to their denial of a vastly inferior cyber capabilities.  These hacks are relatively harmless political messages and there have been no indications for potential threat escalation from the ICA.  Simply put, the hacks on Twitter, Baidu, and Voice of America are trial runs for the upstart ICA.  Given the dedication Iran has put towards its filtering and regulating of the internet, the international cyber community should remain observant of the progress of the ICA in order to track its abilities.

It can be expected with great confidence that Iran will continue to develop its cyber programs within the military and private sector in order to better defend itself from another cyberweapon such as Stuxnet.  The IRGC has proven to be a very responsive military branch that remains accountable for both internal regulation and external opposition, thus the continuation of support for ICA hacking will remain integral to Iranian cyber security. 


* See Connell, Michael.  “Iran’s Military Doctrine.” The Institute of Peace. “The Iranians continue to use U.S. (air) training manuals and employ U.S. tactics—a legacy of U.S.-Iranian military exchanges during the shah’s rule.”  “Many aircraft in the IRIAF’s inventory, including mainstays such as the F-14A and the F-4D, were supplied by the United States before the 1979 revolution.”  “Iran has managed to acquire several batteries of the advanced Tor-M1 medium altitude SAM system from the Russians.”  Iran initiated its own ballistic missile program, beginning with the initial shipment of a limited number of SCUD-B missiles from Libya.”