Iran is doing what every respectable state sponsor of terrorism does when their economy is going down the drain. They turn to bitcoin. Just like North Korea did (and still does). As bitcoin outpaces the Rial (Iran’s currency), the next wave of ransomware attacks will be coming soon, courtesy of Iranian hackers. And the payment will, of course, be in bitcoin.
The irony of the Iranian government turning to ransomware attacks to obtain bitcoin isn’t lost on their citizens. Cryptocurrencies are banned from use by lenders. This after over 2.5 billion Rials fled the country, according to Mohammad Reza Pourebrahimi, chairman of Iran’s economic commission. The government, however, isn’t above accepting bitcoin payments when they’re obtained through a criminal enterprise like ransomware attacks.
The US government isn’t making it easy. Over 500 bitcoins, valued at just over $5.7 million at the time, were seized by federal officials according to Iran. And since cryptocurrencies are banned in Iran, the owners of the bitcoin don’t seem to have any legal recourse in Iran or the United States.
Just to be safe, Iran is also stealing the processing power of computers so they can mine even more cryptocurrencies. It’s called cryptojacking, and the primary targets of these digital thefts have been in the Middle East. Iran’s main nemesis, Saudi Arabia, has been targeted and the loss of computing cycles has cost them millions of dollars.
Another tactic Iran is developing to avoid the crippling sanctions is the creation of their own digital currency. Since these digital currencies are not under the control of US regulators, Iran would conceivably be able to send and receive money and avoid the restrictions that apply to traditional banks.
Why would Iran go to all this trouble? To stay in power. A struggling economy and civil unrest threaten the stability of the current regime. According to a Fox News report, “Videos circulating on social media purportedly taken from inside Iran show thousands of protesters marching through the streets. In one video, crowds leaving a soccer match are heard yelling ‘Death to the dictator! Death to Khamenei! Death to Rouhani!’ and ‘Islamic regime must get lost!’ according to a translation tweeted by a Middle East analyst.”
Not a good omen. But Iran is hoping to hold out long enough to start using their native digital currency. And if that happens, we’re looking at a new type of warfare. The US will no longer be able to use its financial power to make banks refuse to do business with Iran. Iran’s end-run will leave our government without one of its most effective weapons.
In June 2010, news reports began appearing about the discovery of a computer worm targeting Iran’s uranium enrichment program and their centrifuges. Stuxnet had wreaked havoc and caused significant damage and delays. This code was so sophisticated it was called the first cyber weapon, and heralded the arrival of a new type of warfare.
It might be time to think about how to cripple Iran’s emerging digital currency instead. Doing so would create a one-two punch. The sanctions are causing a financial meltdown internally, which is leading to growing unrest. The question is whether Iran can hold on long enough for its new crypto currency to make a significant impact.
The trick is to have the patience to let the current sanctions wear the regime down. And then, just as the new currency is about to launch, the US should launch a similar Stuxnet attack and crush any hope of avoiding the impact of sanctions.
Iran is hoping to take a page out of Venezuela’s playbook. The South American country is on the verge of economic collapse from United States and EU sanctions. Their official cryptocurrency, the Petro, is tied to the vast oil reserves of the country. The state-owned oil company Petroleos de Venezuela will begin using the digital token starting August 20.
It remains to be seen how the markets will react. ICOindex.com, a site which tracks and rates ‘Initial Coin Offerings’ calls the Petro a ‘scam’. According to their rating, the same team behind the Petro was also behind the well-known Bolivar scam.
Russia and Iran are also collaborating on how best to use cryptocurrencies to conduct trade and also avoid US sanctions. What they’re actually trying to avoid is the SWIFT (Society for Worldwide Interbank Financial Telecommunication) secure financial messaging service. This is what prevents other banks from doing business with Russia or Iran.
Putin, not to be left out, has also ordered the development of the cryptoruble. It appears Russia and Iran fear the Dollar more than they fear our military might. Which signals a troubling change in tactics that we have been slow to respond to.
Should Russian and Iran successfully launch state-sanctioned cryptocurrencies, the United States and our allies will have lost one of the most effective tools we have to hit back. The choices are few. The United States could set heavy-handed regulations on digital currencies, but that would only affect law-abiding owners. It would have little effect globally unless all the major countries agreed. That seems to be a bridge too far at this point.
On the other hand, it might be time for us to take a page out of our own playbook and design a new cyber weapon. Instead of targeting centrifuges, we should consider targeting currencies. Iran clearly hasn’t gotten the message. Maybe “Transaction Declined” will get their attention.
Morgan Wright is an expert on cybersecurity strategy, cyberterrorism, identity theft and privacy. He previously worked as a senior advisor in the U.S. State Department Antiterrorism Assistance Program and as senior law enforcement advisor for the 2012 Republican National Convention. Follow him on Twitter @morganwright_us.