Iran’s Cyberarmy: Is “Norse Company” as good as they think they are?

A report has been recently issued regarding Iran’s possible plans to carry out cyberattacksin USA. This report is really surprising not only because of the shocking claims but also the identity of the reporters. A Silicon Valley cyber security Company and a Washington think tank which has been one of the strong oppositions of the nuclear deal with Iran had issued this report. The report warns that if US removed the sanctions against Iran, the Iranian government will use the money to strengthen its Cyber warfare program.

However, it is interesting to know that before publication of the report, the Silicon Valley cyber security company has been sharing his information about Iran’s cyber warfare with US intelligence organisations. According to some US government officials, the information provided by the security company received negative reactions from the US officials that were trying to reach nuclear deal with Iran.

Based on this report, which was written by the cyber security company Norsein January of this year, Norse company claimed that it had data on “more than 500,000 attacks on Industrial Control systems over the last 24 months” referring to the computers that help to run electricity generation companies, hydroelectric facilities, and other critical infrastructure in the U.S.

Norse’s claim of half a million “attacks” is a very large number and they haven’t explained or shown any evidence in the document to prove their claim. They have just mentioned that more details are forthcoming in a report that the company will publish “later this year.” The bulletin also claims that Iran is targeting computer systems and Web sites inside the United States.

It seems that Norse company’s conclusions were based on the idea that Iran was behind malicious cyber activity just because the traffic was emanating from particular Internet protocol addresses located in Iran. But hackersroutinely use IP addresses outside their own country to hide their true location.
Iranian cyber attacks against U.S. are not new: the cyber attack on the Sandscasino company destroyed some of the company’s information assets and Iran was behind an attack on U.S. bank websites in 2012. However, the Norse document was making some of the most possible serious claims in cyber security accusing Iran as a country hostile to the U.S. targeting industrial control systems. 

Later, Norse appeared to remove its findings when its joint report was published in April and the claim of 500,000 attacks is nowhere to be found in that document. The findings also says that Iran specifically targeted Industrial Control Systems (ICS) in the United States 47 times during 2014. Yet again, the final report also doesn’t include that statement.
This report was intended to present a strategic view of Iran’s capabilities in cyberspace—which many U.S. officials have described as growing and dangerous and not to provide evidence for the U.S. to carry out some retaliatory action before any crime has taken place.
Kurt Stammberger, who is a senior deputy managing director at Norse, defended the report by saying that “briefing summaries [such as the bulletin] make theories that sometimes, atthe end of the day, aren’t produced by the data”.

Norse’s critics say that it isn’t definitive enough to say that Iran was certainly trying to target industrial control systems. And it could make Iran look like more of a threat than it might actually be.

Even some of Norse’s critics have said that their ability to collect huge amounts of technical data is impressive and important. Although we don’t deny the company’s expertise but they are clearly not an expert on Iran.