Survey of Iranian Terror Threat to the U.S. – Forward Observer Shop

Survey of Iranian Terror Threat to the U.S.

Background: Last April, talks came to a “successful” end on the Iran Nuclear Agreement.  Setting aside the fact that the agreement will likely make it easier for Iran to build nuclear weapons, what’s more troubling in the short term is that the deal has freed upwards of $100 billion in cash and assets for the Iranian government.  It’s estimated that Iran spends between $3.5 – $16 billion annually, financing terrorism worldwide.  That amount is likely to increase, given access to new financial assets and opportunities. U.S. intelligence and counterterrorism officials have repeatedly stated that some of the sanctions relief money will be used to fund terror attacks.  Even Secretary of State John Kerry admitted as much.

According to James Clapper, the Director of National Intelligence, Iran is “the foremost state sponsor of terror”.  “Iran and Hezbollah remain a continuing terrorist threat to U.S. interests and partners worldwide,” Clapper said last year.  And a State Department Country Report on Terrorism noted that, “Iran’s state sponsorship of terrorism worldwide remained undiminished…” even after U.S.-led sanctions.

Iran has long been a state sponsor of terror, fueled almost entirely in the belief that they are the vanguard of Islam against the West which seeks to undermine Islamic values.  Iranian Supreme Leader Ali Khameini regularly discusses what he characterizes as successful attempts by the U.S. to pervert the true meaning of Islam while waging a cultural war that introduces the proverbial sex, drugs and rock and roll into the Islamic sphere of influence.  The Western world is at the heart of the troubles in Islam, according to Khameini, and that’s why the Islamic world must perpetually fight against the West.

Acknowledging this mindset is the first step in understanding why Iran chooses terror.  The second step is seeing that the military might of the U.S. actually drives much of the adversarial asymmetric warfare — in this case terrorism.  For the past several decades, the American military has been unrivaled in most aspects of conventional warfare.  In conventional, head to head conflicts, America is still heavily favored due to technological superiority and a well-trained and capable fighting force.  But it’s this conventional might that drives America’s adversaries to unconventional and asymmetric methods.  Because no country can fight conventionally against the U.S., nations like Iran build force projection to carry out regional and global objectives through proxy groups and other asymmetric means.

[wcm_nonmember] In this report…

  • How many Iranian proxy terror groups exist?
  • Where are they located?
  • What kinds of activities do they carry out?
  • How many Americans have they killed?
  • What’s the likelihood that an Iranian proxy group will attack inside the U.S.?
  • What are some potential targets for Iranian proxy groups?

To continue reading, please log in or subscribe here. [/wcm_nonmember]
[wcm_restrict plan =”fo-osint”]

Proxy groups like Hezbollah give the Iranian government extreme advantages.  The Iranian military can’t disappear, but its proxies can.  The Iranian military can’t invade South America, but its proxies can.  The conventional Iranian military can’t attack a foreign nation or entity and maintain plausible deniability, but its proxies can. And this is the basis for how Iran extends its force projection globally.

Regionally, proxy groups enable the Government of Iran to establish significant amounts of influence and control throughout the region, as these proxy groups are active in the capitol cities of Baghdad, Iraq; Damascus, Syria; Beirut, Lebanon; and Sana’a, Yemen.  Moving outside the region, Iran’s influence is greatly diminished, however, Iranian proxies maintain a presence in numerous places throughout the world, including in the United States, Mexico, Brazil, Venezuela, Colombia, and a handful of other Central and South American nations.


Significant Iranian Proxy Groups

Hezbollah – “Party of Allah” – was founded in Lebanon in 1982.  The terror group has established cells around the world and continues to plan terror attacks against Western and Israeli interests.  Congressional Counterterrorism and Intelligence subcommittee testimony in 2011 stated that Hezbollah was active in 15 U.S. and Canadian cities.  Furthermore, they are directly responsible for or involved in the following events:

  • 2012 bus bombing in Bulgaria
  • 2011 multiple plots in Turkey, Azerbaijan, Georgia, and Cyprus
  • 2009 Hezbollah cell in Turkey disrupted by counter-terror operations
  • 2008 Hezbollah cell in Azerbaijan disrupted by counter-terror operations
  • 2008 Hezbollah cell in Egypt disrupted by counter-terror operations
  • 2007 plot to target fuel tanks underneath JFK International Airport
  • 1996 Khobar Towers bombing, killing 19 U.S. servicemen
  • 1992 and 1994 bombings in Argentina
  • 1988 kidnapping and murder of a U.S. Marine in Lebanon
  • 1985 hijacking of TWA Flight 847
  • 1984 bombing of the U.S. Embassy annex in Beirut, Lebanon
  • 1983 Beirut Barracks Bombing, killing 299 American and French servicemen
  • 1983 bombing of the U.S. Embassy in Beirut, Lebanon
  • 1982 – Founded


Iranian Revolutionary Guard Corps – Quds Force (IRGC-QF) – Led by Iranian General Qassem Soleimani, the IRCG-QF conducts operations throughout the Middle East region.  Although the group could be compared to a cross between the CIA and Army Special Forces, the IRGC-QF does not have a global presence.  Its most notable activity in America is the 2011 attempted murder of the Saudi Ambassador to the U.S. while visiting Washington, D.C.  A U.S. Citizen was arrested for the attempted murder while an Iranian-national and IRGC-QF member remains at large.


Multiple regional proxy militias (current and historical):

  • Jaysh al-Mahdi – Iraqi-based Shi’ite militia led by Muqtada al-Sadr.
  • Khataib Hezbollah – Iraqi-based proxy group in Iraq, listed as a Foreign Terrorist Organization.
  • Asaib Ahl al-Haq – Iraqi-based proxy group in Iraq led by Qays al-Khazali and Layth al-Khazali.
  • Badr Organization – Iraqi-based political party and military wing dedicated to extending Iranian control over Iraq.
  • Liwa Abu Fadl al-Abbas – Syrian-based Shi’ite militia.
  • Iranian proxy groups like Jaysh al-Mahdi (JAM) and Asaib Ahl al-Haq (AAH) were very active in during the U.S. occupation of Iraq.  Asaib Ahl al-Haq claims responsibility for 6,000 attacks.  Jaysh al-Mahdi dwarfs AAH in size comparison and could easily be responsible for double what AAH claims.  Iran’s support of Shi’ite militias in Iraq is no secret, and those proxy groups are responsible for the deaths of over 500 U.S. service members.


Likelihood of Iranian Terror Attacks in the U.S.

The likelihood of Iranian terror attacks largely hinges on the national sovereignty of Iran and the integrity of its government.  Iran is likely content to continue cyber operations against U.S. and Western interests, focused on gaining access to intelligence information as opposed to disruptive or violent activities.  Expanding the cyber front against the U.S. is likely a top priority for the Iranian government.  Still, Iranian Hezbollah maintains the capabilities to conduct terror activities in the U.S.

  • In 2011, Hezbollah used a Los Zetas, a Mexican drug cartel, member to attempt the assassination of the Saudi ambassador.  Because of the continued reporting on Hezbollah’s ties with Latin American drug gangs and cartels, Hezbollah will likely maintain the intent and capability to use cartel activities to further Iran’s objectives.
  • In 2011, Hezbollah members conspired with Venezuelan diplomats to hire Mexican hackers to commit widespread cyber attacks against U.S. networks. Hezbollah’s activities throughout South America are aimed at expanding operational capability into the U.S.’s backyard.  They also gain the benefit of decentralizing their operations, stretching U.S. resources and attention to tracking them globally, as opposed to regionally.
  • In February 2015, an Iranian-born, dual U.S. citizen was indicted for using fake identities while working in an official capacity as an electrical engineer for the U.S. Navy in Maryland.  Born Majid Karimi in Iran, the Navy employee changed his name to James Robert Baker in 1985 when he was naturalized as a U.S. citizen.  He concealed his Iranian citizenship during a background investigation in 2002, after which he was granted a Secret clearance.  Baker is also charged with receiving foreign money, in what’s likely to be payment for espionage activities.

During 2016 Congressional testimony, when asked whether or not Hezbollah could be ordered by Iran to attack the U.S.,  Bilal Y. Saab, a Senior Fellow for Middle East Security at the Brent Snowcroft Center on International Security replied, “It’s going to be a tough decision but if it really comes down to this, and we witness a serious escalation of tension… there’s growing instability, everything is at stake, I suspect so.”  Simply put: if Iranian national sovereignty is threatened, then we expect a window of opportunity where Hezbollah is encouraged to attack U.S. citizens and interests at home and abroad.  Israel is still assessed as Iran’s greatest threat and their most desired target.


Potential U.S. Targets of Iranian Terror

The U.S. faces a continued espionage threat from Iranian actors, and while that is likely the most likely threat, it’s certainly not the most dangerous threat.  In 2010, a joint U.S.-Israeli cyber attack, a computer worm called Stuxnet, damaged Iranian nuclear infrastructure.  It was this targeted attack that convinced Iran that it had entered into a cyber war with the U.S. and Israel, and they likely maintain that mindset.  Due to reports that Iran is focusing on building cyber capabilities, and given their documented cyber attacks, we assess that a cyber attack from Iran is a significant threat.

  • Perhaps the most critical point, Iranian hackers have been documented mapping out U.S. infrastructure, including the power grid and refineries, among other critical infrastructure.  In a conflict with Iran, or one that threatens Iranian sovereignty, we assess that U.S. critical infrastructure will be primary targets for Iranian hackers.  Attacks could range from systems disruption to using malicious code to damage hardware, similar to the Stuxnet worm attack.
  • In 2012, Iran launched a cyber attack against Saudi ARAMCO, which affected nearly 75% of the company’s computers.
  • In 2012-2013, JP Morgan Chase, Citigroup and Bank of America suffered distributed denial of service (DDOS) attacks, which prevented financial clients from accessing their accounts online.
  • In 2013, an unclassified U.S. Navy network was targeted, whereby Iranian actors gained access to sensitive information.
  • In 2014, Iranian hackers targeted the Sands Corporation, iSight Partners, and U.S. defense firms.

Although Iran could certainly use terror and proxy groups already in the U.S. to conduct physical attacks, we assess that cyber attacks will be the preferred vector of attack.  In an unlimited war with Iran, we should expect significant physical terror attacks against U.S. infrastructure.  Until then, we can certainly expect further intrusion and attacks against U.S. corporations and interests, including Defense personnel and networks.


Photo via Flickr in Baalbek, Lebanon

Mike Shelby is a former military intelligence NCO and contract intelligence analyst. He spent three years in Iraq and Afghanistan and is now the intelligence and warfare researcher at Forward Observer.

1 Comment

  1. Saudi Aramco was put back to paper and pen during this attack. They had technicians all over the world unplugging servers from the internet to keep it from proliferating any further. All this started from a common means of attack, where hackers frequent watering holes and a spearfish attack via email. This attack alone caused the company to stop selling oil to tank trucks because they could not receive payments and eventually they gave away oil for free. Hackers are a force multiplier now, and a weapon of war…..some say more powerful that bombs and bullets. Russia and China are leading the pack currently.

Leave a Reply

Your email address will not be published. Required fields are marked *

Name *