The Central Intelligence Agency (CIA) conducted a series of covert cyber operations against Iran and other targets after US President Donald Trump issued a secret order in 2018 giving the agency power to undertake such activities, according to a report.
Trump’s secret authorization gave the CIA freedom in both the kinds of operations it conducts and who it targets, undoing many restrictions that had been in place under prior administrations, Yahoo News reported, citing former US officials with direct knowledge of the matter.
The US president gave the CIA freedom to both conduct cyber operations and its own covert cyber operations against Iran without getting approval from the White House, the report said.
The order removed many of the restrictions that had previously been placed on the spy agency by previous administrations, the report added.
The “very aggressive” finding “gave the agency very specific authorities to really take the fight offensively to a handful of adversarial countries,” a former US government official told Yahoo News.
According to another former official, Trump’s secret authorization allowed the CIA to engage in offensive cyber operations against “adversarial countries,” including Russia, China, Iran and North Korea.
“The White House wanted a vehicle to strike back,” said the official. “And this was the way to do it.”
Under the CIA’s new powers, the spy agency could launch offensive cyber operations with the aim of producing disruption, like cutting off electricity or compromising an intelligence operation by dumping documents online, as well as destruction, similar to the US-Israeli 2009 Stuxnet attack, which damaged centrifuges that Iran used to enrich uranium gas for its nuclear program.
The Washington Post reported in June 2012 that the US National Security Agency (NSA), its spy service CIA, and Israel’s military had worked together to launch Stuxnet against Iran’s nuclear facilities.
In late 2015, Iran's then Foreign Ministry spokesman, Hossein Jaberi-Ansari, called the attacks that came in 2011 “illegal,” saying Tehran had never responded with “reciprocal cyber attacks.”
In November 2016, Iran’s top nuclear official said the cyber attack had worked against the US and Israel’s intended objectives and instead helped improve the Islamic Republic’s readiness against such acts of sabotage.
The CIA has reportedly carried out at least a dozen operations that were on its “wish list,” after the order was signed by Trump.
This reportedly involved “hack-and-dump”, where stolen documents or data are deliberately leaked online. One operation reportedly publicly dumped the details of 15 million payment cards from three Iranian banks.
“This has been a combination of destructive things — stuff is on fire and exploding — and also public dissemination of data: leaking or things that look like leaking,” according to this former official.
Senior Treasury Department officials of previous admonitions had argued against leaking banking data, like the Iran bank card operations, “because it could destabilize the global financial system,” the report added.
“Our government is basically turning into f****ing WikiLeaks, [using] secure communications on the dark web with dissidents, hacking and dumping,” an unnamed former official told Yahoo News.