Over the past decade, cyberattacks targeting the vital services and assets of one’s foes have become a routine occurrence in the Middle East. Last week, Iran’s Mahan Air was the latest target of unidentified hackers, which was blamed on Israel. The country’s second-largest airline admitted the breach of its “internal systems” or servers but downplayed it by insisting that it was not a “major issue.”
Mahan Air announced that its flights would continue as normal, even though its customers received text messages from an unheard-of group called Hosiyarne Watan which claimed responsibility for the cyberattack. Despite longstanding US sanctions and limits on the supply of aircraft spare parts, Mahan Air flights operate from Tehran to destinations in Asia, Europe, and South America.
The tit-for-tat asymmetrical attacks between Iran and Israel and Tehran’s other adversaries in the region have become the new normal. Iran has been accused of launching cyberattacks against facilities in the United States, Canada, Europe and Australia, not just for espionage purposes or to carry out retribution bids but also to spy on and hunt down dissidents and watchdog organizations. Though Iran’s own infrastructure remains extremely vulnerable to various kinds of hacking attacks, it works with a coalition of ideologically and politically driven cyber-activists as well as black hat (criminal) hackers who seek ransom or steal data to sell for big money.
In October, the Raisi government faced widespread public discontent when a software breach disrupted the sale of heavily subsidized gas, resulting in long queues at petrol stations. It followed a hacking attack on Iran’s train system which caused delays as well as cancellations until control was regained.
Geopolitical rivalries reached the cybersphere when the United States and Israel launched a malicious computer worm attack against Iran’s Natanz nuclear plant in 2010. The collaborative attempt was called Operation Olympic Games and the cyberweapon itself was later named Stuxnet. Iran’s nuclear program suffered substantial damage, but it was far less than expected. Moreover, Iran was able to replace the damaged centrifuges and the plant was back online faster than expected. Had Israel not over-ambitiously tweaked the hacking tool causing it to spread beyond the targeted plant, the computer bug might not have been discovered. In retaliation, Iran developed its own cyberweapons Shamoon and Shamoon 2 followed by several others. The process of determining the source of a cyberattack is extremely complex and often state actors and criminal hackers mask their identity.
Unlike the nuclear saga, Iran is not playing the victim card but exploiting every avenue in the cybersphere to seek classified information, carry out surveillance and retaliate. Last month, its operatives were alleged to have tried to hack over 250 Office 365 accounts of US and Israeli defense technology companies. Just days earlier, pro-Iran hackers were thought to be behind a cyberattack on Israel’s Ministry of Defense. The hackers leaked data and photos from 165 servers and 254 websites, and the heist is thought to have secured over 11 terabytes of data. The breach could be one of Iran’s efforts to avenge the hacking of its notorious prison which revealed documents, videos and images of the violent treatment inflicted on prisoners.
In April 2020, the hacking war intensified after a cyberattack on the sprawling Shahid Rajaee port facility in Bandar Abbas on the Strait of Hormuz. In retaliation, an Iran-linked group tried to break into Israeli’s water supply system.
The alleged Iranian attack on Israel’s water system was quite sinister as it aimed to control the flow of water and wastewater management which involves regulating the flow of chlorine and other chemicals. Israel’s six or more water installations faced minor disruptions for a couple of days. Iran’s online subversive attacks were camouflaged by making the traffic originate from US and European-based computer servers.
Besides employing sympathetic students, officials and spies, Iran has teamed up with hacking squads in North Korea and Russia alongside relying on the obscurity of the Darknet where almost everything is available for a price. The anonymity of the Darknet is a double-edged sword and it is not the safest avenue for Iran to buy zero-day (or readymade solutions) attack capabilities. The dangers of cyber skirmishes are more alarming than generally perceived. Not only are civilians extremely vulnerable to the ramifications of cyberattacks but also the garb of plausible deniability emboldens the aggressor.