In the early days of his administration, President Obama was faced with a difficult decision. Young, idealistic, having won the election on promises of ending the wars in the Middle East and transparency, he had to decide whether he would continue a Bush-era cyberattack operation code-named Olympic Games.
Obama greenlighted the project, and the computer worm known as Stuxnet crawled its way into the servers of Iranian nuclear facilities. According to the New York Times, the president “repeatedly expressed concerns that any American acknowledgement that it was using cyberweapons…could enable other countries, terrorists, or hackers to justify their own attacks.”
But justification wasn’t the only thing the US was providing. A new classified document, originally meant to brief British intelligence agency, GCHQ, has been published by the Intercept. It reveals that the NSA is concerned that Iran has studied and learned from cyberattacks it has suffered from the US and Israel, and could launch similar attacks against Western nations.
In attacking Iran, the US has taught its enemy how to retaliate.
“Iran…has demonstrated a clear ability to learn from the capabilities and actions of others,” the document reads.
While the document mentions the Stuxnet worm, it also references a different attack on its oil industry in 2012: the Wiper attack.
Wiper was a particularly nasty computer virus which attacked the servers of the Iranian Oil Ministry and the National Iranian Oil Company. The malware essentially acted as a kind of internal, digital firebomb, destroying as many system files as possible.
While the US government never took credit for Wiper, security experts said it bore striking similarities to Stuxnet, and was most likely launched by either the US or Israel.
Wiper was likely the inspiration for a similar attack on Saudi Aramco later that year, which the NSA blames on Iran. Known as Shamoon, that malware operated in much the same way, wiping files and preventing the systems from rebooting.
The main difference was that Shamoon was meant to replace the terminated data with images of a burning American flag.
“Iran’s destructive cyber attack against Saudi Aramco in August 2012, during which data was destroyed on tens of thousands of computers, was the first such attack NSA has observed from this adversary,” the document reads.
Worse still, Iran may not be the only ones taking lessons from US cyberattacks. Wiper is also believed to be the inspiration for attacks on South Korean financial and media institutions in 2013, and the recent hack into Sony Pictures. US authorities have blamed both of these attacks on North Korea, and while many security experts doubt that, Iran, at least, does not appear to be a chief suspect.
On Tuesday, the Obama administration announced the creation of a new federal agency tasked with cybersecurity. The establishment of the Cyber Threat Intelligence Integration Center (CTIIC) is in response to growing White House concerns about digital warfare, both by enemy nations and non-state actors. If the NSA document is any indication, the US may be creating its own problems.
Last month, former CIA officer Jeffrey Sterling was convicted for providing New York Times journalist James Risen with information about a botched plan to give Iran false nuclear engineering data. The operation backfired, and may have, in fact, given Iran credible nuclear engineering data.
“Iran continues to conduct distributed denial-of-service (DDOS) attacks against numerous US financial institutions,” the document reads, but also notes that the NSA has “no indications at this time” of Iran planning a Shamoon-style attack against the US.
Still, the memo is from 2013, two years out of date, and also says “we cannot rule out the possibility of such an attack…”
If such an attack were to occur against American computer systems, the US may bear a large portion of the blame.