Cyberwarfare has added a new dimension to the Iran/Israel conflict, with tensions between the two countries dating back to the 1979 revolution. Both countries have increased their effectiveness in launching cyberattacks over the years.
The most recent cyberwarfare hostility between the two countries was in April when an Iran-based hacking group tried to break into an Israeli water supply system. Tehran denied its involvement, but acknowledged the Israeli retaliatory move on May 9 against its newest, sprawling Shahid Rajaee port facility in Bandar Abbas on the Strait of Hormuz. Cyber security experts confirmed to the media that Tel Aviv’s attack on the port was “highly accurate.” This attack was further verified by satellite imagery of miles-long traffic jams on the highways leading to the Shahid Rajaee port. It is believed that the jams lasted for days.
The Managing Director of the Ports and Maritime Organization of Iran, Muhammad Rastad, said that the attack “failed to penetrate the PMO’s systems and was only able to infiltrate and damage the number of private operating systems at the ports.”
The alleged Iranian attack on Israel’s water distribution system was much more sinister. The hackers sought to damage computer systems that control water flow and wastewater treatment facilities in Israel. It was reported that via the attack the hackers intended to raise chlorine levels in drinking water. As reported by Ynet news service, Israel’s six or more water installation plants faced minor disruptions between April 24 and 25.
A pattern has been observed, with Iran’s cyber interference and hacking attacks against Israel coinciding with Tel Aviv’s airstrikes against Iranian positions and its proxies in Syria. Typically, the online subversive attack was camouflaged with it routed through computer servers in the United States and Europe.
In 2019, Israeli Prime Minister Benjamin Netanyahu lauded Israel’s cybersecurity professionals for “constantly detecting and foiling Iranian attempts” to penetrate the country’s vital computer networks.
Cyberspace allows Iran to hide behind the cover of plausible deniability. However, at the same time it exposes Iran to full-scale military retaliation even though Tehran’s provocations might only target civilian or private institutions.
Since the launch of the Stuxnet virus attack on Iran’s nuclear enrichment plant in 2010 by the United States and Israel, Tehran’s capability and will to engage in cyberattacks has increased. Iran has never admitted to hacking the computer networks of rival states. However, the hacking has in most cases been traced back to Tehran.
Iran quickly realized its limitations in avenging the assassination of Qassem Soleimani, who was killed in Baghdad on January 3. As a result, concern was raised that Tehran may avenge the killing with an assortment of cyberattacks. There are no ready-made zero-day tools to invade and disrupt a secure foreign computer network; preparation time is needed. Thus, it is believed that Tehran may launch further cyberattacks to avenge Soleimani’s killing.
Iran’s steady cyberspace escalation after experiencing the Stuxnet virus attack has proven its ever-increasing capability to launch cyberattacks against rival states. Iran’s 2012 Shamoon virus attack on Saudi Aramco partially or totally destroyed the hard drives of the company’s 35,000 computers. This attack was followed by another one in 2017, both were regarded as successful by foreign observers. About a year later, a modified version of the Shamoon virus emerged to take down the servers of Saipem, an Italian oil company. The virus attacked its servers not only in Saudi Arabia and the UAE, but also in Scotland, and India as well. Then in November 2019, it was discovered that Iran attempted to hack manufacturing corporations, power distribution networks and oil refineries of rival states.
Iran has moved quickly to acquire impressive cyberattack capabilities. Though the cybersphere domain is evolving fast, Iran’s vast network of loyal students, expatriates and spies across the world has helped Tehran to access know-how in this domain quickly. Besides, Iran has teamed up with hacking squads in North Korea and Russia. In addition, it has depended on the darknet where almost everything is available. The anonymity of the darknet is a double-edged sword and it is not the safest route for Iran to buy zero-day attack capabilities.
Cyber security experts analyzing Iran-originated cyberattacks believe that the Shamoon virus no longer just exfiltrates and wipes out data but it is also now able “to encrypt and overwrite files, destroy the boot device, wipe attached hard drives, destroy the operating system, or wipe special prioritized files.”
No doubt, Tehran has developed impressive cyberattack capabilities over the years but it lacks defensive competency. Thus, Israel has signaled to Iran that any future hacking attempts will lead to severe retaliation. As much as North Korea and Russia may like to team up with Iran against mutual western targets, they may not be so forthcoming vis-à-vis the Gulf states and Israel.
Undeniably though, cyberwarfare in the military domain is a fair game, and it is set to become costlier and deadlier in the future.