Iranian hackers serve as Russia’s “agents of chaos.”
By Raphael Kahan, CTech
Iran may be many kilometers from the Russia-Ukraine war, but there is a connection between the two fronts, one most people aren’t really aware of.
“I grew up in Iran,” Morgan Wright, Chief Security Advisor at Israeli cyber unicorn SentinelOne says with a smile. “I know their mentality and even understand Persian because I was there as a child.”
Wright may seem like a likable American with gray hair and a carefully trimmed beard, but as an expert in security he has hopped between jobs in the CIA and the NSA and has advised and assisted governments and cyber companies
Wright is an expert on cyber strategy, online terrorism, national security and intelligence. He serves as a senior fellow at the Center for Digital Governance, a research institute of the U.S. Federal Government that deals with digital and governance issues. He also serves as a senior consultant and expert on the Fox network.
He has testified more than once in government committees, including the need to change the way the U.S. government collects identifying data in its digital healthcare system (healthcare.gov). He taught NSA agents behavioral analysis and spent about 18 years in uniform at various law enforcement agencies. Beyond that, he has also developed quite a few solutions for technology giants such as Cisco, Unisys and Alcatel-Lucent.
When Wright says that Russia and Iran are cooperating in the cyber field, it is worth listening to him because it also concerns us.
What exactly is the nature of relations between Russia and Iran?
“Russia is helping Iran in the offensive cyber field, not to mention enabling it. For the Russians, the Iranians are a ‘useful idiot’. They provide them with means to influence remote arenas. The Iranians also serve as a kind of agents of chaos that can create moves that are convenient for the Russians not to appear involved in.”
Are they the only ones used in this role?
“It’s not just Iran, Belarus is also part of this game, especially in the cyber world,” Wright said, in an interview that was conducted before the Russian invasion of Ukraine, when it was not yet clear whether Belarus was part of the conflict or just saying yes to all the demands of the Kremlin from Ukraine. It is now clear that Belarus’s leader Alexander Lukashenko is a full-time Vladimir Putin puppet.
It’s no wonder Wright knows what’s going on there. Eastern Europe is an arena that every cyber expert today must know. The Russians and Ukrainians were once partners in criminal cyber activities. The war made the hackers enemies, and in some cases it even manifested itself in the use and exploitation of their talents to hunt down the other side.
In what way does Russia threaten Ukraine with cyber?
“The cyberwar between Russia and Ukraine did not start today but a long time ago. The Russians act very symbolically: the Russians see Ukraine as a very important strategic place, and exactly one year after Ukraine decided to turn from a neutral state into an involved state – the Russians launched a deadly cyber-attack on its energy infrastructure.”
Why do you think they have waited a year?
“The Russians are very patient and have the ability to wait a long time until they take revenge. This is the country with the largest number of master chess players in the world. They always think strategically.”
Does Russia also help Iran in cyber?
“The Russians are using Iran as a proxy. They are their partners. They are helping the Iranians in the cyber field. Look at the Kaspersky company, for example. It is a cyber company, but I am convinced it is a company that works for the Russian government. They are the ones who identified the Flame and Stuxnet damages that hit the Iranian nuclear program computers. The Russians are helping Iran on all levels – cyber weapons, technical support and more. And Iran is useful to them because they can use it remotely.”
Russia, then, turned Iran into a cyber power, it provided it with weapons, knowledge and capability. Wright believes, for example, that after Kaspersky provided access to Flame and Stuxnet, Iran or Russia reverse-engineered the viruses and diverted them to Saudi Arabia and shut down the Saudi National Oil Company.
Are there any victories at all in the cyberwars?
“Enemies will always be able to get their hands on a sophisticated weapon used against them. We will never solve it, we will have to learn and live with it just like we will learn to live with the Coronavirus or terrorism.”
Which other countries pose a cyber threat?
“The Chinese. They have managed to overtake us, the Americans, technologically. They have capabilities that Russia does not have. Russia is successful because it is fast, but the Chinese are engineeringly sophisticated. I am concerned that China and Russia are getting closer to each other.”
What is missing in the West to address these cyber threats?
“The existing systems today rely on non-existent manpower. We lack between 300,000 and 400,000 cyber workers, and that is not going to change.”
‘America Responds Slowly’
Wright also does not spare his own government when it comes to cyber conduct. He said the main reason it took so long for the U.S. administration to respond to Russia was that governments are infected with a deadly bureaucracy.
How are these delays manifested?
“I’ll give an example, we know that China has been planting ‘backdoors’, a port in a product that allows connection to it for the purpose of taking over or stealing information, in Huawei and ZTE products for a long time, more than ten years, and still it took the government many years to impose sanctions on these companies.” (Author’s note: Huawei was boycotted by the Western world under American pressure only about three years ago).
The Kaspersky cyber company was also boycotted by the U.S. government a few years ago, but until then it was a recognized supplier of the U.S. government.
“It is easy to develop systems that detect certain scenarios and work as soon as the conditions are met. For example, when a government employee inserts his flash drive into a computer running Kaspersky’s antivirus software, the information was transmitted directly to servers in Russia. This is information that was revealed in court and appears in official documents.”
This is a pessimistic worldview. Is there some positive aspect?
“I have great faith in the new technologies: artificial intelligence, machine learning and quantum computing. Traditional encryption today is likely to disappear because of the capabilities of quantum computing. China, for example, is at the top of the list in AI and quantum computing.
“Even Putin once said that whoever controls artificial intelligence will rule the world. So Russia and China will continue to be forces that will cause a lot of trouble in the Western world as agents of chaos, but in the end, people are looking for freedom – so the situation will change for the better, but until then it will take time.”