Iran’s Cyber Attack on Billionaire Adelson Provides Lesson on Strategy

By Alyza Sebenius, Kartikay Mehrotra and William Turton | January 6, 2020

As the U.S. awaits possible retribution over a recent airstrike that killed a top general, there’s at least one American businessman who can attest, in detail, to what happened after he provoked Iran.

In October 2013, Sheldon Adelson, the casino magnate and prominent supporter of conservative politicians and Israel, appeared on a panel in New York in which he suggested that the U.S. could send a message to Iran, regarding its nuclear ambitions, by detonating an American warhead in the middle of the Iranian desert.

“You want to be wiped out? Go ahead and take a tough position,” said Adelson, who later became a major supporter of President Donald Trump. His comments infuriated Iran’s Supreme Leader Ayatollah Ali Khamenei, who two weeks later said America “should slap these prating people in the mouth.”

Months later, in February 2014, hackers inserted malware into the computer networks of Adelson’s Las Vegas casino. The withering cyber-attack laid waste to about three quarters of the company’s Las Vegas servers; the cost of recovering data and building new systems cost $40 million or more.

A year after the attack, the top U.S. intelligence official confirmed that Iran was behind it.

Now, as Iran vows revenge for the airstrike, the U.S. faces an aggressive adversary in which digital warfare may be among its best options to strike directly at the American population. In the years since the Sands incident, Iranian hackers have continued their attacks, targeting a U.S. presidential campaign, universities, journalists, and even a dam in suburban New York.

“I’m sure the Iranians are asking their hackers for a list of options,” said James Lewis, senior vice president at the Center for Strategic and International Studies in Washington, who oversees the policy research group’s cybersecurity program. “Cyber-attacks can be tempting if they can find the right American target.”

Milan Patel, former chief technological officer of the FBI’s cyber division, said he was worried about what may come next since Iran has shown interest in targeting critical infrastructure. “Power generation like hydro and electric, that’s where they can cause the most real world damage,” said Patel, now the chief client officer at the cybersecurity firm BlueVoyant.

A representative for Las Vegas Sands Corp. didn’t return a message seeking comment.

Iran is hardly the only U.S. cyber adversary. China has allegedly stolen so much intellectual property from U.S. companies, including by hacking, that FBI Director Christopher Wray accused the country of trying to “steal their way up the economic ladder at our expense.”

But cyber-attacks can also be used to create disruptive effects that can impact millions. In a computer-dependent world, hackers can clog ports, shut down transportation networks, and open dams.

Iran has shown a willingness to use those types of digital attacks — targeting some of the U.S.’s biggest banks, the world’s top oil producer, and Adelson’s casino empire.

Destructive Attacks

Cyber adversaries, including Iran, have generally aimed attacks at targets unlikely to fully draw a response from the U.S.’s own potent cyberwarfare arsenal.

Evidence of possible retaliation of the American drone strike emerged late on Jan. 4 when the website for the little-known U.S. Federal Depository Library Program was hacked and defaced with “pro-Iranian, anti-U.S. messaging,” confirmed a spokesman for the Cybersecurity and Infrastructure Security Agency. The site has since been taken down.

“At this time, there is no confirmation that this was the action of Iranian state-sponsored actors,” reads a statement issued by CISA, part of the Department of Homeland Security.

The FDLP is a government entity created to make federal publications available to the public for free.

Tit-for-Tat Fears

Given the heightened tensions, a major digital strike by Iran could trigger the kind of escalating, tit-for-tat strikes that fling the two sides toward the brink of war. The U.S. is widely believed to have the ability to shut down power grids, interrupt air travel and create chaos at ports through digital strikes alone. Iran’s hackers and digital arms are less sophisticated, cybersecurity experts say, but the number of U.S.-related targets available to them is huge.

The digital feud between the U.S. and Iran dates back more than a decade, to when a devastating digital worm called Stuxnet crippled an Iranian uranium processing facility. That attack has been attributed by multiple media outlets to the U.S. and Israel.

Partly in response, Iranian hackers launched attacks starting in 2011 that overwhelmed the websites of Bank of America Corp., Wells Fargo & Co. and others over a period of months. The attacks eventually proved little more than an inconvenience for online customers, but financial institutions spent millions of dollars to keep their websites up and running over the period of the attacks.

Learning Period

Those early Iranian attacks are now seen as part of a learning period, as the country’s hackers worked to catch up with the sophistication of other cyberpowers before beginning to target physical infrastructure like pipelines and dams.

In 2013, Iranian hackers breached the control system of a small dam in Rye, New York, according to a federal indictment. While the hackers were successful in gaining access to the dam’s systems, which allowed them to see information like water levels and the dam’s settings, they were unable to operate the gate that controls water levels because it had been manually disconnected for maintenance. It isn’t known if the Iranian hackers intended to release water from the dam.

More recently, Iranian government-linked hackers tried to infiltrate email accounts of a U.S. presidential candidate, current and former U.S. officials and journalists, Microsoft Corp. reported last year. The New York Times and Reuters reported that President Trump’s re-election campaign had been targeted.

While the presidential campaign wasn’t among those compromised, that attempted breach, and the many others, has provided experience to a group of hackers that may now be assigned with seeking revenge on the U.S.

Norman Roule, a former CIA official who also served as national intelligence manager for Iran, said cyber-attacks “will almost certainly increase” in the coming months. Iran’s cyber strategy will likely seek to accomplish three goals: punishing the U.S., deterring the U.S. from future attacks and allowing Iran to save face, he said.

Lewis, from the Center for Strategic and International Studies, said if the Iranians decide to retaliate with a cyber-attack, they will likely “want something dramatic” in choosing a target.

“The big question is: will they do something symbolic, like the bank attacks?” he said. “Or try for both symbolic and disruptive, as they did with Sands?”

–With assistance from Ryan Gallagher.

Was this article valuable?

Here are more articles you may enjoy.