Qasem Soleiman
Khameini and Soleimani
Iran’s Supreme Leader Ayatollah Khameini and Quds Force commander Qasem Soleimani, right (Credit: Wikimedia Commons)

During the final US presidential debate on October 23, Democratic nominee Joe Biden threatened retaliation against those foreign actors that seek to interfere in the American electoral process and undermine voter confidence in its integrity. “They will pay a price if I’m elected,” the former US Vice President warned, specifically naming Russia, China and Iran. “They’re interfering with American sovereignty.”

The admonition came a few hours after the Director of National Intelligence John Ratcliffe announced in an abrupt news conference that operatives affiliated with the Iranian government were behind messages emailed on behalf of the far-right group Proud Boys to Democratic voters in Alaska, Florida,  Pennsylvania, and Arizona. The voters were told to cast their ballots for President Donald Trump “or we will come after you.” Ratcliffe, a Trump loyalist, concluded that the cyberattack was “designed to intimidate voters, incite social unrest and damage President Trump.”

While the possibility of Tehran’s systematic involvement in the operation cannot be ruled out, there are indications the Proud Boys story might also be an election-time publicity stunt. The Trump administration has every incentive to portray the president as an adversary, as well as a victim, of foreign powers that are going to great lengths to ensure a Democratic victory.

Does Iran Interfere?

Ratcliffe’s announcement of Iranian intervention, which took only one day from identification to attribution, was “the fastest-ever public disclosure of such intelligence by the United States,” according to The Washington Post. The quick conclusion contrasted sharply with the Obama administration’s months-long assessment in 2016 before it publicly blamed Russia for election interference.

FBI Director Christopher Wray, a favorite political target of Trump’s who is expected to be removed if he wins reelection, emphasized the sanctity of “public confidence” in the democratic process and election outcome. He did not mention Iran once.

MOIS intelligence
Logo of Iran’s Ministry of Intelligence and Security

On the Iranian side, however, the situation appears more complicated.

Iran’s main intelligence services, the Ministry of Intelligence and Security (MOIS) and the Islamic Revolutionary Guards Corps (IRGC) intelligence organization, are both actively monitoring hostile foreign states and their national security policies, with special attention to the United States as the Islamic Republic’s single most powerful adversary. It is not easy to operationally distinguish between them all the time and pinpoint responsibility accurately, given the high degree of interagency collaboration on foreign policy and national security issues. The IRGC’s intelligence arm, however, has become the top leadership’s agency of choice over the past decade. It is known for its ideological dedication and reckless audacity compared to its more professional yet less powerful partner as part of the elected administration.

[All about Iran’s Ministry of Information and Security  (in Farsi)]

As a rule of thumb, poorly designed and timed operations are more likely to originate from the IRGC than from MOIS. Notably, leaked intelligence documents on Iran’s “Spy Complex” in Iraq, published jointly by The Intercept and The New York Times in November 2019, contain clear warnings by MOIS agents about the adverse repercussions of former IRGC-Quds Force Commander General Qassem Soleimani appearing frequently in public and acquiring a celebrity status in media. Soleimani was assassinated in a US drone strike near Baghdad in January 2020.

Tehran is increasingly squeezed by the Trump administration’s “maximum pressure” policy of economic sanctions amid growing calls for comprehensive negotiations with Washington. The Iranian leadership might have decided to renew its message of defiance and recalcitrance, assured that the small scale and low impact of the cyber operation would fall short of eliciting significant American retaliation. In this sense, the menacing emails may be seen as a political signal.

Yet, some Tehran-based intelligence sources close to the Islamic Revolutionary Guards Corps (IRGC) believe that the breach was not a state-sanctioned operation but in fact the job of a fringe hardline group inspired by Supreme Leader Ayatollah Khamenei’s notorious “fire at will” mandate. These hackers are eager to demonstrate their competitive edge to foreign adversaries but more importantly to domestic rivals within the Iranian political establishment.

In a widely referenced speech on June 7, 2017, Khamenei authorized front-line agents defending the Islamic Republic against its enemies’ “soft war” to make revolutionary decisions in a spontaneous manner and independent of political hierarchy when state institutions malfunction in times of crisis. “Wherever you feel the central system is experiencing disruptions and cannot manage things correctly, then you can fire at will, which means you should decide, think, find, move and take action on your own,” Iran’s top decisionmaker asserted.

‘Hands Off’

The skepticism about Iran’s culpability as a state is mainly twofold.

Qasem Soleimani
MOIS analysts warned about public appearances by Qasem Soleimani, commander of Iran’s Quds force. Soleimani was killed in a U.S. drone strike in January 20202. (Credit: Wikimedia Commons)

On the one hand, the same sources acknowledge that a number of IRGC-linked elements campaign quietly for Trump in the hope that his reelection will further erode America’s global standing. More , they calculate Trump’s hawkish policy will help boost their political prospects in the Iranian corridors of power where rival hardline forces are already bracing themselves and making preparations for a daunting succession challenge upon Khamenei’s death. If truly Iranian in origin, the cyberattack was arguably a manifestation of hawk-hardliner symbiosis within the Islamic Republic, whereby certain hardline groups prefer a hawkish US administration whose confrontational actions call for policies that ultimately advance their vested political and economic objectives at the expense of Iran’s long-term national interests.

On the other hand, there are sensible intelligence assessments that the top Iranian leaders have reached a consensus on a temporary “hands off” policy of restraint in the face of increasing American pressure until the US election results are in. The “strategic patience” approach seems to extend to Tehran’s unconventional network of paramilitary allies in the region as well. This policy is clearly aimed at depriving the Trump administration of any credible excuse to stage an electoral spectacle in support of reelection, such as a military operation that could divert attention from his domestic failures and arouse patriotic rally-round-the-flag sentiments.

In other words, Tehran wants Trump out and is currently biting the bullet and exercising restraint. Another four years of “maximum pressure” would weaken the ruling system’s grip on power and threaten the survival of the Islamic Republic.

Hostile Activities

This does not mean, however, Iran is not interested in carrying out hostile cyber activities against the United States, but their rationale, scope and timing matter significantly.

Although Tehran is hoping for Trump’s defeat at the ballot box, it is not starry-eyed about a Biden presidency. Iranian leaders do not expect the mutual animosity to stop or even subside substantially if Biden is elected. As such, most state-sanctioned Iranian cyber operations targeting the United States are basically designed to undermine the American governance system as a whole, which would incur political costs for whoever occupies the White House. The possibility of Iran-linked hacking outfits operating outside the authority of the state or entirely independently of it is quite low.

Hacker groups like Rana Intelligence Computing Company, Charming Kitten, and Phosphorus are connected to the state in one way or another, but it is also worth noting that other US rivals and adversaries such as Russia occasionally cloak their cyberwarfare activities against American targets by infiltrating and then masquerading as Iranian operatives

This modus operandi does not spare critical infrastructure either, despite its potentially massive collateral damage and consequences. Advocates note that US pressure similarly disregards humanitarian factors and is systematically tailored to harm Iranian civilians and civilian infrastructure as well. A common denominator of these operations, however, is that they are deliberately calibrated to stay below a putative pain threshold exceeding which might provoke a military response.

The entrenched calculus is unlikely to change under a Biden administration, but the scope of such activities and their intensity will most probably vary in accordance with the specific characteristics and requirements of the prevailing political and security environment. More hardline elements of the Iranian security apparatus and intelligence community advocate secessionist movements across the United States and promote such projects as “Yes California” or Calexit that campaigns for the establishment of an independent state of California. Similar activities could be traced in the context of the Scottish independence movement within the United Kingdom, which Tehran typically sees as its most formidable nemesis in Europe and a major source of trouble, from an intelligence perspective.

A signature Iranian operation against the US that bears almost all the hallmarks of the USG-as-hostile-monolith calculus was revealed in March 2018. Federal prosecutors in New York indicted nine IRGC-affiliated operatives for undertaking a “massive, coordinated” hacking offensive that targeted at least 144 American universities over a multi-year span since 2013.

“One of the largest state-sponsored hacking campaigns ever prosecuted by the Department of Justice,” in the words of a New York state attorney, the cyberattack managed to compromise roughly 3,700 academic email accounts and steal $3.4 billion in intellectual property and research data.

No Matter Who Wins

The broad consensus in Tehran is that in the event of a second Trump term and his persistence with “maximum pressure” against the Islamic Republic such operations are likely to escalate and expand. In the framework of its “maximum resistance” policy, Iran will probably try to modify its nuclear policy and regional behavior. This shift to a more offensive and confrontational posture is generally believed to be Tehran’s most plausible option to halt Washington’s economic “war of attrition” — that keeps slowly enervating Iran and its various sources of power including military. Iran will likely seek to create a “balance of threat” dynamic in the absence of powerful allies to rely on, before possible negotiations with the US.

Whether Trump or Biden wins the race, the Islamic Republic will seek to achieve a “manageable” state of tensions with the United States and its allies without necessarily working to resolve them once and for all. Such an objective, however, will be much easier and safer to fulfill under a Biden administration. These long-term bleak prospects also drive Iran’s growing reliance on China as a pillar of its recently revived “Look East” strategy.

———-

Maysam Behravesh is a PhD Candidate in Political Science at Lund University, Sweden, and a Research Associate at the Netherlands Institute of International Relations (Clingendael). He served as an intelligence analyst in Iran from 2008 to 2010. He writes mostly about Iran and Middle East security. Follow him on Twitter @MaysamBehravesh.