{"text":[[{"start":7.99,"text":"The writer is director of the Cambridge Cybercrime Centre and professor of emergent harms at the University of Cambridge"}],[{"start":17.52,"text":"When a major conflict erupts, there is always speculation that it will spark a full-blown cyber war. "}],[{"start":25.619999999999997,"text":"Since Russia’s full-scale invasion of Ukraine in 2022, my team at the Cambridge Cybercrime Centre has been measuring high-volume civilian cybercrimes committed during large conflicts. What we have found suggests that patriotism is usually a far less motivating factor than self-interested financial gain. "}],[{"start":48.81999999999999,"text":"Both Russia and Ukraine have high levels of technical capability. There was speculation that invasion meant cyber war was imminent. This turned out not to be the case. Some state-sponsored cyber attacks have taken place in the intervening years but the war has largely been fought using “hard iron” drones and tanks rather than “soft silicon” network exploitation. "}],[{"start":75.96,"text":"The cyber attacks that took place, such as denial of service attacks to disrupt networks or the defacement of websites, rose sharply in the early days of the invasion but returned to their baseline levels within weeks. "}],[{"start":91.28999999999999,"text":"Non-state actors who support Russia and Ukraine also have the ability to unleash cyber attacks. Yet despite predictions of “Cybergeddon”, any attacks have tended to be financially driven. Even when hackers leave messages of support for one side or another on defaced websites, their main focus seems to be to advertise their own hacking services and the tools they are selling for financial gain. "}],[{"start":117.38999999999999,"text":"Cyber attacks at the start of the Israel-Hamas conflict in 2023 followed the same pattern. Again, attack volume rose at the start of the conflict and then petered out. "}],[{"start":129.92999999999998,"text":"The main difference was that the destruction of internet infrastructure in Gaza meant retaliation was mostly one-sided. With very few remaining Palestinian targets to attack, the wrath of the cyber criminal underground was mainly directed towards Israeli infrastructure."}],[{"start":150.01999999999998,"text":"The picture in Iran is still evolving but what we observe suggests that this conflict may be a little different. Pro-Iranian ideological attackers could break the pattern."}],[{"start":162.21999999999997,"text":"A pro-Iranian group has already claimed responsibility for an attack against the US medical equipment firm Stryker. This attack, which has caused major network disruption and data deletion, is not believed to be financially motivated. Rather, the group claims it is retaliation for a deadly missile strike against an Iranian primary school. "}],[{"start":184.60999999999996,"text":"Attribution is always difficult to verify, meaning it is hard to know who is behind attacks and how they are funded. But this conflict is tripartite and all three countries involved have technical capabilities in this area. "}],[{"start":199.99999999999994,"text":"Israel and the US are widely thought to be jointly responsible for the sophisticated Stuxnet malware that in 2009 damaged the Natanz nuclear facility in Iran. "}],[{"start":211.22999999999993,"text":"Meanwhile, reports indicate that Iran’s investments in the technology sector have primarily focused on military power, including cyber weapons. The 2012 Shamoon cyber attack against Saudi Aramco, for example, which rendered more than 30,000 computers inoperable, has been attributed to Iranian state-sponsored actors."}],[{"start":234.00999999999993,"text":"A highly skilled tech workforce doesn’t stop when the state collapses. They become unemployed, armed and aggrieved. This could lead to the rise of a decentralised, ideologically motivated cyber insurgency that operates outside both the traditional economic motivations of the cyber underground and the geographical constraints of traditional conflict. They may target the sort of high-cost, high-disruption, low-reward attacks that are not economically rational to most cyber criminals."}],[{"start":266.44999999999993,"text":"The question is: will the war in Iran follow the same pattern we have tracked in other recent conflicts? In this scenario, there is likely to be a brief flash of low-level attacks, mostly against the US and Israel. Given communication blackouts and the current poor state of Iranian infrastructure, these attacks would then diminish. "}],[{"start":291.7899999999999,"text":"If this is the case then war in Iran will take place mostly in the physical world with little sustained, organised civilian cyber attack activity."}],[{"start":302.7399999999999,"text":"But if we look back further in history, we can see that when a state’s structure is destroyed, power tends to disperse. In 2003, the dismantling of the formal military in Iraq gave rise to a decade of insurgency. The key difference now is the opportunity for technology-facilitated attacks and the presence of technically skilled adversaries. If a power vacuum is created in Iran, it may be a step towards techno-economic guerrilla warfare that no longer requires a state to function."}],[{"start":345.5299999999999,"text":""}]],"url":"https://audio.ftcn.net.cn/album/a_1774409670_2293.mp3"}