Missile Strike vs. Cyberattack: How Iran Retaliates

January 8, 2020, 4:36 PM UTC

This is the web version of Data Sheet, Fortune’s daily newsletter on the top tech news. To get it delivered daily to your in-box, sign up here.

After the U.S. killed top Iranian military commander Qassem Suleimani in a drone strike on Jan. 2, Iran’s leaders vowed to take revenge.

Retaliation arrived last night. In the early hours of morning local time, the Iranian military fired more than a dozen missiles at two Iraqi bases housing U.S. troops, chief Pentagon spokesperson Jonathan Hoffman confirmed in a statement. No troops were harmed in last night’s attack, President Donald Trump said at a Wednesday morning press conference, while announcing additional economic sanctions on Iran.

Until last night, speculation had run rampant about what form Iran’s potential retaliation might take. Among the most frequently cited possibilities were cyberattacks. (See all the coverage.)

Iran was in a tricky situation. It was expected to display a show of force, but not so strong that it would provoke an outsized response. Iran’s Supreme Leader Ayatollah Ali Khamenei had stipulated that retaliation must be “direct and proportional” to the U.S.’s attack, according to the New York Times. An airstrike might fall within those parameters.

“Iran took & concluded proportionate measures in self-defense,” said Iranian foreign minister Mohammad Javad Zarif in a tweet. “We do not seek escalation or war, but will defend ourselves against any aggression.” (Iranian state media reported, without presenting evidence, that 80 soldiers were killed and 200 more wounded in the strike.)

The thing about cyberattacks: They’re less showy than missiles, and they require ample preparation. “Cyber is not a magic button. It takes a lot of planning, particularly for it to be something proportional to the killing of a top leader in your country,” says Oren Falkowitz, a National Security Agency alumnus who runs the cybersecurity startup Area 1 Security. “Most of the things you can do quickly are ankle-biting or uninspiring.” (See, for instance, the recent defacement of an obscure U.S. government website.)

If Iran had hooks in critical infrastructure in the U.S. that could be turned toward destructive (or, in the worst case, lethal) ends, its hackers still might wish to hold their fire. That’s because when attackers exploit network vulnerabilities to cause damage, they are effectively burning their assets, says Jake Williams, another ex-NSA hacker who leads the cybersecurity firm Rendition Infosec. “They’re gonna want to save bullets to fire later,” he says, especially if physical warfare remains a possibility.

This isn’t to say that cyberattacks can be dismissed. The U.S. Department of Homeland Security has warned businesses to be on the lookout for Iranian cyber threats. Iranian disinformation and digital intrusions have been ramping up for months since tensions began flaring with the U.S., according to Sandra Joyce, head of global intelligence at cybersecurity firm FireEye. Some previous examples of Iranian cyber might: Its hackers are believed to have used malware to destroy tens of thousands of computers at Saudi Aramco in 2012, to have pummeled companies like Bank of America and JPMorgan Chase with so-called distributed denial of service attacks around the same time, and to have infiltrated a dam north of New York City soon after.

Iran is likely to continue trying to penetrate U.S. and other foreign businesses. Every precaution should be taken to secure networks against intrusion.

Robert Hackett

Twitter: @rhhackett

Email: robert.hackett@fortune.com


Pick up the phone. The FBI requested help from Apple to bypass the "lock" screens on two password-protected iPhones believed to have belonged to a Saudi national who killed three people in a shooting at Naval Air Station Pensacola, Florida, last month. Apple said in a statement that it had given the law enforcement agency "all of the data in our possession." The incident echoes the FBI's attempts to compel Apple to assist in accessing the contents of an iPhone used by a terrorist in San Bernardino, Calif., in 2015.

Put the money in the bag. Hackers are holding Travelex, the foreign money exchange, for ransom. The company's websites have been down across Europe, the U.S., and Asia since Dec. 31st, the date of the alleged ransomware attack. The sites display a message that they are temporarily inaccessible due to "planned maintenance."

Don't touch that dial. Facebook is banning "deepfakes," hyper-realistic video forgeries from its websites and apps, though the company will still permit ones created for the purposes of parody or satire. Meanwhile, the New York Times got its hands on an internal memo penned by Facebook's head of virtual reality, Andrew Bosworth, urging employees not to use their privileged access to Facebook's systems to mess with President Donald Trump's reelection campaign. 

Going once, going twice, sold. Consulting firm Accenture has agreed to buy Symantec's cybersecurity services business for an undisclosed sum. Intent on continuing to beef up its cybersecurity chops, Accenture is acquiring the unit from Broadcom, a chipmaker which bought the assets from Symantec in the fall for $10.7 billion. Broadcom is retaining Symantec products relating to so-called endpoint security and data loss prevention.

"Let's see who this really is." (spoken in best Fred from Scooby-Doo voice)


Disinformation is a fast-growing threat. Look no further than the subterranean world of "black PR," a shady industry in which people pay unscrupulous firms to propagate fake news. BuzzFeed News and the Reporter, a Taiwanese investigative news site, teamed up to expose the manipulative marketing tactics

Peng Kuan Chin pulled out his phone, eager to show the future of online manipulation.

Unseen servers began crawling the web for Chinese articles and posts. The system quickly reorganized the words and sentences into new text. His screen displayed a rapidly increasing tally of the articles generated by his product, which he dubs the “Content Farm Automatic Collection System."

With the articles in hand, a set of websites that Peng controlled published them, and his thousands of fake social media accounts spread them across the internet, instantly sending manipulated content into news feeds, messaging app inboxes, and search results. "I developed this for manipulating public opinion,” Peng [said].


How Close Is Iran to Building a Nuclear Bomb? by Jonathan Tirone

My Predictions for Artificial Intelligence in 2020 by Jonathan Vanian

PlayStation 4 Becomes Second Best Selling Home Video Game Console of All Time by Chris Morris

The Driverless Car Moonshot Is Over by Clifton Leaf

Viral Video App TikTok Is Here to Stay by Polina Marinova

Pharma Needs to Stop Chasing Shiny Objects and Start Embracing Practical Technology by Paul Hudson


How—and why—do U.S. government agencies generate codenames? The methods and motives vary between the FBI, CIA, and Secret Service, as this story in Mel magazine, a men's magazine founded by the CEO of Dollar Shave Club, explains. For kicks and giggles, here are some presidential monikers: "Lancer" (JFK), "Rawhide" (Ronald Reagan), "Tumbler," then "Trailblazer" (George W. Bush), "Renegade" (Barack Obama), and "Mogul" (Donald Trump).

Read More

Artificial IntelligenceCryptocurrencyMetaverseCybersecurityTech Forward