March 21, 2012

TSG IntelBrief: Iran Increasingly Opts for Cyber-Strategies to Deal With Political Challenges

  • In addition to serving as a robust bridge between East and West, Azerbaijan has become a center for international intelligence activity, with Western services actively seeking information about Iran, while Iranian intelligence systematically tries to learn more about Western intentions.


  • Its expanding energy partnership and arms deals with Israel have placed Azerbaijan squarely in the cross-hairs of an increasingly aggressive Iranian cyber-campaign. The Iranian Cyber Army sends a message designed to put Baku on notice that a close relationship with Jerusalem and support for an Israeli attack on Iranian nuclear facilities will not be tolerated.



As of mid-March 2012, Azerbaijan has become the new center for internecine warfare among intelligence agencies from an array of countries. Much like Geneva, a city that served as a bridge between East and West as well as a center for international intelligence activity during the Cold War, Azerbaijan and its capital city, Baku, have seen an influx of intelligence operatives in the two decades since it declared its independence from the Soviet Union.

A quick review of the intelligence scorecard tells the story. The Russians, who by virtue of a leasing arrangement with the Azeris retain the use of an intelligence gathering and early warning facility in the ancient city of Gabala, are joined by the intelligence services of Iran, Israel, and several Western nations that are actively operating in Azerbaijan. In a contemporary version of The Great Game, both sides ? that is, Iran on one side and Israel and the Western services on the other ? are aggressively searching for kernels of reliable information about the plans and intentions of the other in the hopes of gaining the strategic advantage such intelligence may provide.

Iran's heightened concern about the specific presence of Israeli operatives in Azerbaijan is not ill-founded in light of the robust relationship that has emerged between Baku and Jerusalem in recent years, one fueled by lucrative military and commercial arrangements. As a case in point, Israel currently secures 30% of its oil from Azerbaijan and recently awarded a lucrative gas-drilling contract off its Mediterranean coast to an Azeri firm.


Increasing Azeri-Iranian Tensions

Even more worrisome for Tehran is the fact that elements of Azeri society have intimated that they would even be supportive of an Israeli attack on Iran. In the event of an actual operation, however, this pro-Israeli rhetoric is likely to moderate considerably to a more pragmatic position. This is especially true if an Israeli attack targeted areas inhabited by Iran's huge ethnic Azeri population, which far outnumbers Azerbaijan's own population of 9.2 million.

As previously reported in an earlier IntelBrief (March 16th, 2012), tensions between Azerbaijan and Iran have increased recent months. In the first quarter of 2012, Azerbaijan authorities arrested a number of individuals with alleged ties to Iran who were planning attacks on Israeli targets in Baku. Azeri police have claimed links between these suspects and either the Iranian Revolutionary Guard Corps (IRGC) or Lebanese-based Hezbollah, which receives extensive financial and political support from Iran.

In retaliation, Tehran accused Azerbaijan of collaborating with Israeli's intelligence service in the alleged operations that killed Iranian nuclear scientists, an allegation that Azerbaijan subsequently rejected as -absurd." Iran also challenged Baku over the US$1.5 billion arms deal it claims Azerbaijan completed with Israel. In this instance, the Azeri ambassador to Tehran was summoned to the foreign ministry to explain his country's position and to receive a stern warning that Israel cannot be allowed to use Azerbaijan as a staging post for "terrorist acts" against Iran.

According to official Iranian news agencies, Azeri Ambassador Javanshir Akhundov acknowledged the arms purchase. At the same time, Akhundov reportedly pledged that Azerbaijan, "will not allow the weapons to be used against third nations, in particular the Islamic Republic of Iran."


From the Political Realm to the Cyber Domain

As this complex, multinational affair was unfolding, Iran was making a definitive move from the conventional realm of political intrigue into the unconventional domain of cyberspace. Less than a week before the Azeri ambassador's appearance at the Iranian foreign ministry, the Iranian Cyber Army (ICA) attacked the website of the Azeri television network, AzTV. In this incident, ICA hackers replaced AzTV's homepage with the message: "Life is a game. Game over!"

The ICA began to make its presence known in late 2009, after the Stuxnet computer virus began to undermine the software controlling Iranian nuclear facilities. ICA's primary role thus far has focused on hacking foreign government and business sector websites, as well as social networking sites and Twitter accounts, the latter two being notable targets as both were heavily used in the Arab Spring uprisings and the Green Revolution in Iran to coordinate anti-government activities. It also successfully, if temporarily, shutdown the Voice of America (VOA) website in 2011 by diverting web traffic to other sites. As with the AzTV assault, the hackers left a message on the VOA website, this one calling upon U.S. Secretary of State Hillary Clinton to "stop interfering in Islamic countries."

In 2010, an IRGC commander boasted that Iran possessed the second largest cyber-army in the world. While this assertion is as grandiose as it is inaccurate, Iran's cyber-capability continues to expand. In addition, many analysts believe that, much like the Chinese People's Liberation Army, the Iranian Armed Forces are being augmented by organized civilian hacker groups (such as the Iranian Cyber Army).

An overarching theme that must not be overlooked is that Tehran's increased cyber-activity against potential adversaries has come against a backdrop of rapidly increasing regional and global tensions. As those tensions continue to escalate, the operational tempo of Iranian cyber-attacks is likely to increase exponentially.



Near-term Forecast:

  • The attacks on Azeri Television were a tangible warning to Azerbaijan ? and, perhaps, others in the region ? about the possible repercussions that will result from interfering in Iranian affairs and the costs of forming close ties with Israel.


Long-term forecast:

  • Given the confluence of increasing international pressure on Tehran designed to influence the country's nuclear policies and growing domestic tensions, we anticipate an substantial increase in the frequency and scope of a cyber-warfare campaign waged by Iran.



We welcome the opportunity to discuss your requirements and explore how our intelligence services can assist you in achieving your strategic objectives. For more information, please contact us at:

 Screen Shot 2013-10-21 at 9.32.42 AM