WASHINGTON (7News) — A former FBI agent warns that Iran is likely to respond to this past weekend’s bombings by the U.S. with cyber attacks, and probably already has “cyber sleeper cells” on the servers of U.S. and European organizations.
“They could be hospitals, universities, government systems that are holding Iranian malware. And you could inadvertently be the landlord to a sleeper cell on your network because you failed to keep it patched and up to date, and you have security flaws,” said Brian Boetig. “It’s just something that’s sitting there quietly, and ready to launch at a moment’s notice when needed, and we’re now in that time period, when [Iran may feel] that may be needed.”
Boetig is currently an advisor on safety and security with the firm Global Trace. Before that, he spent 24 years with the FBI, where he dealt with everything from terrorism to weapons of mass destruction, and served as director of the National Cyber Investigative Joint Task Force in DC.
SEE ALSO | DC security tightened as officials monitor potential cyberattacks, threats post-airstrikes
In that role, he dealt with an onslaught of Iranian attacks against U.S. financial institutions during the last decade.
“They were really setting us back, and at that time we had conversations with the White House daily about when those attacks were going to cross the red line, and we were going to need to be able to take some type of offensive cyber action,” he said.
Boetig says that, along with China and Russia, Iran is considered part of a “big three” in the cyber counterintelligence world. But he adds that what Iran’s cyber attacks are different than those done by Russia and China.
He says hackers sponsored by China are known for gathering as much information as they can, and the country doesn’t always seem to mind when they are exposed. Meanwhile, he says Russia is known for being stealthy and more specific about what information they want.
RELATED | Democrats break rank to support Trump Iran strikes, while some Republicans question move
“Where China will take anything, Russia is very specific in what they do,” Boetig said. “And the Iranians have always just been known to be very destructive. They’re not necessarily always collectors of intelligence, but they’re a very destructive force in their cyber activities.”
Boetig says it’s vital for workers in the IT world to make sure they’re prepared in case Iran gives the order for “cyber sleeper cells” to strike.
“If you’re running the IT department, you need to make sure that your defenses are up so that you can’t be taken down at this point,” he said. “If they’re already in your network, you either haven’t done your due diligence to find it, or they’ve been stealthy enough that they’re on there and you haven’t found it, and they’re sitting there lying dormant.”
“I would also caution that at this time, when all the focus is on Iran and Iranian potential cyber attacks, this is when other adversaries are going to take advantage of networks as well,” he added. “So China and Russia realize that we’re focused very heavily on Iran; this is their opportunity to take some of those risky and bold moves where they may go undetected because we’re only looking for one particular adversary.”
