DUBAI, United Arab Emirates — Iran has emerged as a twofold concern for the United States as it nears the end of the presidential campaign.
Prosecutors allege Tehran tried to hack figures associated with the election, stealing information from former President Donald Trump’s campaign. And U.S. officials have accused it of plotting to kill Trump and other ex-officials.
For Iran, assassination plots and hacking aren’t new strategies.
Iran saw the value and the danger of hacking in the early 2000s, when the Stuxnet virus, believed to have been deployed by Israel and the U.S., tried to damage Iran’s nuclear program. Since then, hackers attributed to state-linked operations have targeted the Trump campaign, Iranian expatriates and government officials at home.
Its history of assassinations goes back further. After the 1979 Islamic Revolution, Iran killed or abducted perceived enemies living abroad.
A look at Iran’s history of targeting opponents:
For many, Iran’s behavior can be traced to the emergence of the Stuxnet computer virus. Released in the 2000s, Stuxnet wormed its way into control units for uranium-enriching centrifuges at Iran’s Natanz nuclear facility, causing them to speed up, ultimately destroying themselves.
Iranian scientists initially believed mechanical errors caused the damage. Ultimately though, Iran removed the affected equipment and sought its own way of striking enemies online.
“Iran had an excellent teacher in the emerging art of cyberwarfare,” wryly noted a 2020 report from the King Faisal Center for Research and Islamic Studies in Saudi Arabia.
That was acknowledged by the National Security Agency in a document leaked by former NSA contractor Edward Snowden in 2015 to The Intercept, which examined a cyberattack that destroyed hard drives at Saudi Arabia’s state oil company. Iran has been suspected of carrying out that attack, called Shamoon, in 2012 and again in 2017.
“Iran, having been a victim of a similar cyberattack against its own oil industry in April 2012, has demonstrated a clear ability to learn from the capabilities and actions of others,” the document said.
There also were domestic considerations. In 2009, the disputed reelection of hard-line President Mahmoud Ahmadinejad sparked the Green Movement protests. Twitter, one source of news from the demonstrations, found its website defaced by the self-described “Iranian Cyber Army.” There’s been suspicion that the Revolutionary Guard, a major power base within Iran’s theocracy, oversaw the “Cyber Army” and other hackers.
Meanwhile, Iran itself has been hacked repeatedly in embarrassing incidents. They include the mass shutdown of gas stations across Iran, as well as surveillance cameras at Tehran’s notorious Evin Prison and even state television broadcasts.
Iranian hacking attacks, given their low cost and high reward, likely will continue as Iran faces a tense international environment surrounding Israel’s conflicts with Hamas and Hezbollah, Iran’s enrichment of uranium to near weapons-grade levels and the prospect of Trump becoming president again.
The growth of 3G and 4G mobile internet services in Iran also made it easier for the public — and potential hackers — to access the internet. Iran has over 50 major universities with computer science or information technology programs. At least three of Iran’s top schools are thought to be affiliated with Iran’s Defense Ministry and the Guard, providing potential hackers for security forces.
Iranian hacking attempts on U.S. targets have included banks and even a small dam near New York City — attacks American prosecutors linked to the Guard.
While Russia is seen as the biggest foreign threat to U.S. elections, officials have been concerned about Iran. Its hacking attempts in the presidential campaign have relied on phishing — sending many misleading emails in hopes that some recipients will inadvertently provide access to sensitive information.
Amin Sabeti, a digital security expert who focuses on Iran, said the tactic works.
“It’s scalable, it’s cheap and you don’t need a skill set because you just put, I don’t know, five crazy people who are hard line in an office in Tehran, then send tens of thousands of emails. If they get 10 of them, it’s enough,” he said.
For Iran, hacks targeting the U.S. offer the prospect of causing chaos, undermining Trump’s campaign and obtaining secret information.
“I’ve lost count of how many attempts have been made on my emails and social media since it’s been going on for over a decade,” said Holly Dagres, a nonresident senior fellow at the Atlantic Council who once had her email briefly hacked by Iran. “The Iranians aren’t targeting me because I have useful information swimming in my inbox or direct messages. Rather, they hope to use my name and think tank affiliation to target others and eventually make it up the chain to high-ranking U.S. government officials who would have useful information and intelligence related to Iran.”
Iran has vowed to exact revenge against Trump and others in his former administration over the 2020 drone strike that killed the prominent Revolutionary Guard Gen. Qassem Soleimani in Baghdad.
In July, authorities said they learned of an Iranian threat against Trump and boosted security. Iran has not been linked to the assassination attempts against Trump in Florida and Pennsylvania. A Pakistani man who spent time in Iran was recently charged by federal prosecutors for allegedly plotting to carry out assassinations in the U.S., including potentially of Trump.
Officials take Iran’s threat seriously given its history of targeting adversaries.
After the 1979 Islamic Revolution, its leader Ayatollah Ruhollah Khomeini signaled how Iran would target perceived enemies by saying, “Islam grew with blood.”
“The great prophet of Islam, he had the Quran in one hand, and a sword in the other hand — a sword to suppress traitors,” Khomeini said.
Even before creating a network of allied militias in the Mideast, Iran is suspected of targeting opponents abroad, beginning with members of Shah Mohammad Reza Pahlavi’s former government. The attention shifted to perceived opponents of the theocracy, both in the country with the mass executions of 1988 and abroad.
Outside of Iran, the so-called “chain murders” targeted activists, journalists and other critics. One prominent incident linked to Iran was a shooting at a restaurant in Germany that killed three Iranian-Kurdish figures and a translator. In 1997, a German court implicated Iran’s top leaders in the shooting, sparking most European Union nations to withdraw their ambassadors.
Iran’s targeted killings slowed after that, but didn’t stop. U.S. prosecutors link Iran’s Revolutionary Guard to a 2011 plot to kill the Saudi ambassador to Washington. Meanwhile, a suspected Israeli campaign of assassinations targeted scientists in Iran’s nuclear program.
In 2015, Iran signed a nuclear deal that saw it greatly reduce its enrichment in exchange for the lifting of sanctions. Two years later, Trump was elected pledging to unilaterally withdraw America from the accord. As businesses backed away from Iran, Tehran renewed a campaign of targeting opponents abroad, but this time capturing them and bringing them to Iran for trial.
Belgium arrested an Iranian diplomat, Assadollah Assadi, in 2018 and ultimately convicted him of masterminding a thwarted bomb attack against an exiled Iranian opposition group. Iran also increasingly has turned to criminal gangs for some attempts, such as what U.S. prosecutors have described as plots to kill or kidnap opposition activist Masih Alinejad.
Among those targeted after Soleimani’s death was former U.S. national security adviser John Bolton. The U.S. has offered a reward of up to $20 million for information leading to the capture or conviction of a Revolutionary Guard member it said arranged to kill Bolton for $300,000.
An FBI agent quoted Guard Gen. Esmail Ghaani as saying in 2022 in a court filing, “Wherever is necessary we take revenge against Americans by the help of people on their side and within their own homes without our presence.”
