NOEL KING, HOST:
After the U.S. killed Iran's top general in a drone strike, government officials and security experts have been warning that Iran could retaliate with cyberattacks. Iran is already suspected in some previous hacks - a Las Vegas casino, some big banks and even some U.S. cities. NPR's technology correspondent Shanon Bond looks at what could come next.
SHANNON BOND, BYLINE: Top American banks knocked offline, ransomware crippling the city of Atlanta...
(SOUNDBITE OF ARCHIVED NPR BROADCAST MONTAGE)
CARRIE JOHNSON: ...Weapons and bombarding servers for financial institutions like Bank of America, PNC and Capital One.
AILSA CHANG: Police officers are writing their reports up by hand. City workers are punching in and out with time clocks.
BOND: Iranian hackers were blamed in both of those attacks. In one of the most high-profile cases, hackers destroyed data on computers at the Sands Casino after its billionaire owner, Sheldon Adelson, called for a nuclear strike on Iran. Iran's investment in its cyber army dates back to 2010, the year the U.S. and Israel are suspected of infecting an Iranian nuclear facility with a powerful computer worm called Stuxnet. That destroyed critical equipment and set back Iran's nuclear ambitions.
JORDAN MAURIELLO: As a result of the impact that Stuxnet had on their uranium (ph) enrichment program, they formed, funded, trained and attached to their warfighting capabilities a very strong cybercapability.
BOND: Jordan Mauriello is vice president at cybersecurity firm CriticalStart.
Iran has created teams of warriors inside the Revolutionary Guard Corps, its elite military wing. It also relies on proxy groups and hackers aligned with its goals. In the weeks since a U.S. airstrike killed the Iranian general Qassem Soleimani, nationalist hacktivists are suspected of defacing a U.S. government website with pro-Iran messages.
Kara Frederick, a fellow at the Center for a New American Security, says cybertools enable asymmetric attacks against American military might by inflicting economic or reputational damage.
KARA FREDERICK: Cyber allows them to compete at a level of parity that they don't have in the physical world.
BOND: Iran has also used these tactics against other foes. U.S. officials blame Iran for wiping out the data on three-quarters of computers at Aramco, Saudi Arabia's giant oil company, in 2012. The threat of military escalation between the U.S. and Iran appears to have eased recently. Still, government officials and security researchers warn that hackers linked to Iran are probing U.S. companies for vulnerabilities. Jordan Mauriello of CriticalStart.
MAURIELLO: Right now, what we're seeing instead is a huge increase in reconnaissance activity - so specifically, looking for potentially vulnerable servers, data-gathering. They're kind of preparing the battle plan in the cyberspace.
BOND: Iran's activities have shown its ability to cause financial harm and embarrassment. Experts I spoke with say a more serious cyber intrusion into critical U.S. infrastructure, like electrical grids, would take more time and effort. Oren Falkowitz, a former National Security Agency analyst and CEO of Area 1 Security, says he doubts Iran could carry out a major attack immediately.
OREN FALKOWITZ: You know, cyber is not a magic button, meaning that it takes many months of planning to achieve a specific outcome.
BOND: Iran is not alone in amping up its cybercapabilities. Researchers say Russia and China present the biggest threats to American targets. And of course, the U.S. has its own digital weapons to use against adversaries.
Shannon Bond, NPR News, San Francisco.
(SOUNDBITE OF UNKLE, ELLIOTT POWER AND MIINK'S "AR.MOUR")
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.