US Sanctions Iran Intelligence Ministry Following Albania Hacking

The US Treasury Department announced the move Friday, two days after Albania, a member of Nato since 2009, broke off diplomatic relations with Tehran after Albanian government computer systems were disrupted, apparently deliberately, in July. The US Treasury statement said the responsible “cyber threat actors” were “assessed to be sponsored” by Iran. Tehran has denied involvement.

Brian Nelson, the Under Secretary of the Treasury for Terrorism and Financial Intelligence, said that “Iran’s cyber attack against Albania disregards norms of responsible peacetime State behavior in cyberspace, which includes a norm on refraining from damaging critical infrastructure that provides services to the public.” Nelson vowed the US would not tolerate “Iran’s increasingly aggressive cyber activities.” Esmail Khatib, intelligence minister since August 2021, was also sanctioned.

The Treasury statement made clear that not only US citizens and entities were barred from dealings with Iran’s intelligence ministry and minister but that non-US persons and financial institutions dealing with them could face punitive US actions.

The action was taken under Executive Order 13694, signed by President Barack Obama in 2015 to deal with cyber threats. Given Iran’s intelligence ministry is already under a range of US sanctions, largely over links to regional allies the US deems ‘terrorists,’ the practical effect of the new designation is unclear.

Talks to revive the 2015 nuclear deal, the JCPOA (Joint Comprehensive Plan of Action), have already faced challenges in identifying which US sanctions, imposed since Washington left the agreement in 2018, contravene its terms. Tehran has argued that measures introduced under rubrics like ‘terrorism’ and ‘human rights’ potentially impede it ability to access world markets as required under the JCPOA.

Virtual warfare

Talks to revive the JCPOA under President Joe Biden, who took office January 2021, have not abated a long-running cyber ‘warfare’ between the US and Iran, and between Israel and Iran. Stuxnet, a malicious computer worm first uncovered in 2010 and reportedly developed jointly by the US and Israel, damaged Iranian nuclear facilities.

The US in 2019 refused to comment on reports it had carried out a cyber attack on Iran in the wake of missiles damaging Saudi oil facilities, an action claimed by Ansar Allah, the Iran-backed Yemeni group widely known as the Houthis.

Iran has also suffered hacks of television channels, railway systems, fuel distribution, and prison security cameras, generally claimed by shadowy groups of unknown provenance. The television hacking including the appearance of supportive images of the exiled opposition group the Mujahideen-e Khalq (MEK).

The MEK was moved by the US after 2013 to Albania from Iraq, where it had been allied with Saddam Hussein until the 2003 US-led invasion. The group operates an extensive social media operation from its heavily fortified compound, discourages visitors, and claims to have given up violence.