Iran recruits heavily from online security forums to staff suddenly-launched hacking campaigns, according to new research by Recorded Future.

Why it matters: The report comes a day after security experts expressed fears Iran may retaliate against the United States for withdrawing from the Iran nuclear deal. As a Recorded Future official said yesterday — albeit without the detail of the report — if emergency hiring leads Tehran to hire amateurs, they may be less amenable to government control.

The report: Recorded Future based its conclusions on discussions with a well-placed source in the Iranian hacker community and analysis of Iranian security forums.

The intrigue: Iran operates a tiered system for cyber attacks, where government employees choose targets and contract private firms, including universities acting as contractors, to do the dirty work.

• There are 50 or so private firms acting as contractors, according to the report.
• Iran has a well-regarded cyber espionage program for slow, deliberate campaigns.
• But when Iran needs a quick response, the contractors often need a quick influx of talent. They use security forums as an emergency recruiting tool, sacrificing quality and patriotism for speed.

The examples: Recorded Future identifies two attacks that required this kind of immediate influx of talent:

• DDoS attacks against the financial sector between 2012 and 2014: Distributed denial of service attacks overwhelm victims' computers with internet traffic. These attacks were a rapid response to U.S. sanctions and cyber attacks against Iran's nuclear program that were widely attributed to the U.S. and Israel.
• A destructive attack against the Sands Casino in 2013: This was in response to Sheldon Adelson suggesting the U.S. launch a nuclear assault against Iran.