the grugq

Cyber. Strategy. Deception.

Iran in the membrane

by Leave a Comment

Iranian retaliation for killing soleimani

It is hard to see the assassination of Soleimani as anything but an act of war. Killing the second most important politician, and top military leader, of a foreign state outside of a war zone is essentially a de facto declaration of war. The saving grace here is that the US doesn’t actually want a war with Iran, and the Iranians are not prepared for a war.

(Everyone with clearance reading this)

Retaliation won’t be cyber

The Iranians will retaliate. Everyone is worried about cyber retaliation, but cyber is not a proportional response to murdering a top political leader. The Iranians are in an elite club, they have successfully conducted major covert operations in the Americas. They can “reach out and touch someone” if they need too. It’s unlikely they will, but the capability of the Iranians shouldn’t be dismissed.

Iran is actively conducting cyber operations now, just as they have in the past, and just as they will in the future. Although I did predict the nature of an Iranian cyber attack would likely be destructive and targeted at key US economic sectors, that is just linear extrapolation of their previous activities. I don’t think any Iranians will view flicking the lights in the US as a proportionate response. Nothing short of kinetic retaliation will suffice.

https://twitter.com/thegrugq/status/1213030922473197568?s=21

Any cyber will be “retaliation”

The first cyber operation by Iran that is detected after the assassination of Soleimani is going to be labeled by the media as a retaliatory cyber war attack. It is a self fulfilling prophecy, but while it might resonate with audiences in the West, it will almost certainly not be viewed the same way by Iran and her proxies.

Important events to look out for right now:

  • The Iraq government is about to vote on allowing US troops to remain in Iraq. There is a very strong possibility that support for this is too toxic, and they US will be asked to leave
  • The Saudi oil facilities are essentially as resilient as moon bases. They’re artificial environments that need everything delivered to them in order to operate. A serious Iranian missile attack could make them untenable.
  • Syrian deployment of US troops is only possible with troop bases in Iraq and cooperation from Turkey. This could very well be the end of a US military presence in both Syria and Iraq. Poor Kurds.

But, if it is cyber, what’s interesting?

Cyber options leave a lot on the table. The US has been getting slammed with ransomware attacks against all sorts of civil infrastructure. That could easily be stepped up with a NotPetya style destructionware payload.

Another option for cyber that is very interesting is going after television news channels. In this case Fox News seems most likely. One option is using cyber intelligence collection to find blackmail leverage against key operators (eg hosts, editors, etc) at Fox News.

Actual pure cyber manipulation of Fox News could be done in a couple ways:

  1. insert a video clip for a segment, as was done in Spain. This seems like it would be noticed early and I can’t see it being 2-3m long… it would be cut quickly I think
  2. access to the chyron. Sending messages via the chyron TBH, it is “easier” but I don’t think it would be that effective. No one reads anything.

Attacking Fox News has the benefit of being high visibility but not very escalatory. A high reward low risk operation that is also easy to accomplish seems like a good response. The attack is trivial. Which is more likely to win, a news channel’s cyber security team, or a nation state’s intelligence forces?

Liked it? Take a second to support grugq on Patreon!

Leave a Reply

%d bloggers like this: