The U.S. government and cybersecurity companies agree that Iran has greatly improved its cyberattack capability over the past two years. A report being released tomorrow says Iran's cyberattacks have increased during nuclear talks, but some experts question that conclusion.
ROBERT SIEGEL, HOST:
WikiLeaks today posted tens of thousands of documents that hackers stole last year from Sony Pictures Entertainment. The U.S. blamed that cyberattack on North Korea. China, Russia and Iran are also accused by the U.S. of routinely hacking their adversaries. A private study that'll be released tomorrow says Iran in particular has increased the scope of its cyberattacks in the past few months. If true, Iran is doing so in the midst of delicate negotiations to curtail its nuclear program. But some are casting doubt on the study's conclusions. NPR national security correspondent David Welna has more.
DAVID WELNA, BYLINE: It's titled "The Growing Cyber Threat From Iran" and the yet-to-be-released report's co-author is Fred Kagan. He's the director of the Critical Threats Project at the American Enterprise Institute, the hawkish Washington think tank. Kagan warns in that report that Western nations have severely underestimated Iran's capacity to wage cyber warfare.
FRED KAGAN: We're seeing the Iranian capability and the scale of their attack infrastructure grow significantly over the past year.
WELNA: The data for this report assessing Iran's cyber mischief was applied by Norse, an international cybersecurity firm. Sam Glines, its CEO and founder, says Norse has found that over the past year, Iran's attacks have more than doubled on the more than 8 million sensors that Norse has placed around the world that pretend to be critical industrial control systems. Glines says those attacks have not diminished during Iran's nuclear negotiations.
SAM GLINES: There's been a slight increase, a slight spike in the last couple months. What we've also seen is that the distribution of the number of launch points from which the attacks are originating has increased dramatically.
WELNA: Others have found exactly the opposite. Stuart McClure is the founder and CEO of Cylance, another cybersecurity firm. He too has been tracking Iran's cyberattacks on critical infrastructure around the world.
STUART MCCLURE: And what we found was that their efforts, their activities, dropped-off dramatically over the last couple of months to the point where they've basically been, you know, shut down. I mean, not just we're seeing it, but I have other teams seeing it as well.
WELNA: So, what's going on here? Jeffrey Carr is the CEO of Taia Global, which evaluates the risk of cyberattacks on U.S. and foreign firms. He says even though an attack might look like it's coming from Iran, it could be coming from someplace else.
JEFFREY CARR: Anyone can compromise computers based anywhere in the world, send malicious traffic from those computers and have the victim see traffic coming from countries that the attacker wants them to see it coming from.
WELNA: Carr suspects the involvement of the American Enterprises Institute may explain the recent increase it reports in Iran's cyberattacks.
CARR: There's a right-wing political motivation here, which is to paint Iran as a, you know, as a threat.
WELNA: Carr notes that the report comes amidst sharp debate over lifting sanctions on Iran. The AEI's Kagan says there's no tie between the report and the nuclear talks.
KAGAN: If we had really wanted to influence this process, we would have released a lesser product, but a more hyperbolic product, some weeks ago.
WELNA: Still, Kagan says a nuclear deal could mean much more rapid growth in Iran's cyberattacks.
KAGAN: We assess with a lot of confidence that if sanctions are lifted the Iranians will receive a lot more cash and access to a lot more technology, and some significant portion of that will go into their cyber programs.
WELNA: It's a conclusion that Kagan contends is obvious. David Welna, NPR News, Washington. Transcript provided by NPR, Copyright NPR.