As the U.S. braces for blowback following its killing of a key Iranian commander, experts are warning of the possibility of cyberattacks targeting American institutions. Tehran and its proxies are thought to possess some of the most highly-developed cyber arsenals in the world.
Tehran and its proxies are thought to possess some of the most highly developed cyber arsenals in the world - major tools in modern, asymmetrical warfare, where countries and non-state actors fight ruleless, virtual battles with real-world repercussions.
Cyberattacks, combined with violence aimed at U.S. targets, could form the "harsh retaliation" promised by Iran's supreme leader following the death of Maj.-Gen. Qassem Soleimani in a drone strike in Iraq.
A top U.S. cybersecurity official was among the first to sound the alarm about the threat to Americans.
Christopher Krebs, director of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), advised late Thursday that it's "time to brush up" on Iran's tactics.
He shared a Homeland Security statement first posted last June, warning that Iran and its proxies had stepped up cyberattacks on U.S. targets, and that they're "looking to do much more than just steal data and money."
Iranian cyberattacks, Krebs wrote, "can quickly become a situation where you've lost your whole network."
In an interview with Fox News on Friday, Secretary of State Mike Pompeo added that the U.S. is prepared for any possible retaliation, including a cyberattack.
Iran has shown it can indeed do damage, as well as disrupt the everyday lives of Americans.
Tehran was linked to a string of so-called "denial of service" (DoS) attacks in 2012, which overwhelmed, then slowed or crashed banking sites belonging to the Bank of America, JPMorgan Chase and others.
The Obama administration also blamed Iran for a 2014 cyberattack targeting a Las Vegas casino operator, reportedly destroying the company's data, disrupting email systems and even taking down phone lines.
Iran has also been known to target its own citizens, and several other countries, too.
Suspicion fell on Iran in 2017, when a cyberattack left dozens of British MPs - including then-Prime Minister Theresa May - unable to access their email.
Tehran has boasted about having a staggering 120,000 volunteers trained in cyber warfare, although foreign experts dispute the figure.
Jim Lewis, a researcher at the Washington-based Center for Strategic and International Studies, acknowledges that "Iran has improved significantly in the past 10 years" when it comes to mounting cyber offence.
"They put a lot of money into it, they're well organized and they get a lot of practice, because they're always attacking their neighbours," Lewis said.
Indeed, Maj.-Gen. Nadav Padan, the Israeli military general in charge of network security, said in 2017 its regional rival was regularly targeting Israel - and that Tehran was getting help from proxies such as the Lebanon-based Hezbollah.
Building up capabilities for years
Experts point to two key moments that spurred Iran to bolster its cyber capabilities.
Iran is threatening "harsh retaliation" after the U.S. killed its most powerful general, Qassem Soleimani. Secretary of State Mike Pompeo says the U.S. is prepared for any possible retaliation, including a cyberattack. 10:36
The first, known as the Green Movement, saw Iranians attempt to oust President Mahmoud Ahmadinejad in a popular uprising in 2009. It led authorities to clamp down on internet access and seek tighter control on its citizens' use of social media.
Then, around 2010, the Islamic republic suffered a massive cyberattack targeting its nuclear machinery, damaging facilities and setting back Iran's entire program. Known as Stuxnet, no country ever admitted to deploying the computer worm, but the U.S. and Israel are widely believed to have been behind it.