Iran, Israel Cyber Skirmishes Risk a Full-scale War


Cyberwarfare has added a new dimension to the Iran/Israel conflict, with tensions between the two countries dating back to the 1979 revolution. Both countries have increased their effectiveness in launching cyberattacks over the years.

The most recent cyberwarfare hostility between the two countries was  in April when an Iran-based hacking group tried to break into an Israeli water supply system. Tehran denied its involvement,  but  acknowledged  the Israeli retaliatory move on May 9  against its newest, sprawling Shahid Rajaee port facility in Bandar Abbas on the Strait of Hormuz. Cyber security experts  confirmed to the media that  Tel Aviv’s attack on the port was  “highly accurate.” This attack  was further verified by satellite imagery of miles-long traffic jams on the highways leading to the Shahid Rajaee port. It is believed that the jams lasted  for days.

 The Managing Director of the Ports and Maritime Organization of Iran, Muhammad Rastad, said that  the attack “failed to penetrate the PMO’s systems and was only able to infiltrate and damage the number of private operating systems at the ports.”

The alleged Iranian attack on Israel’s water distribution system was much more sinister. The hackers sought to damage computer systems that control water flow and wastewater treatment facilities in Israel. It was reported that via the attack the hackers intended to raise chlorine levels in drinking water.   As reported by  Ynet news service, Israel’s six or more water installation plants faced minor disruptions between April 24 and 25.

A pattern has been observed, with Iran’s cyber interference and hacking attacks against Israel coinciding with  Tel Aviv’s   airstrikes against Iranian positions  and its proxies  in Syria. Typically, the online subversive attack was  camouflaged with it routed through computer servers in the United States and Europe. 

In 2019, Israeli Prime Minister Benjamin Netanyahu lauded  Israel’s cybersecurity professionals  for “constantly detecting and foiling Iranian attempts” to penetrate the country’s vital computer networks.

 Cyberspace  allows Iran to hide behind the cover of plausible deniability. However, at the same time  it exposes Iran  to full-scale military retaliation  even though  Tehran’s provocations might only target civilian or private institutions.

Since the launch of the Stuxnet virus attack on Iran’s nuclear enrichment plant in 2010 by the United States  and Israel,  Tehran’s capability and will to engage in cyberattacks  has increased.  Iran has  never admitted to hacking the computer networks of rival states. However, the hacking has in most cases been traced back to Tehran.

Iran quickly realized  its limitations in avenging the assassination of  Qassem Soleimani, who was killed in Baghdad on January 3. As a result, concern was raised  that Tehran may avenge the killing with an assortment of cyberattacks. There are no  ready-made zero-day tools  to invade and disrupt a secure foreign computer network; preparation time is needed. Thus, it is believed that Tehran may launch further cyberattacks to avenge Soleimani’s killing. 

Iran’s steady cyberspace escalation after experiencing  the Stuxnet virus attack has proven its ever-increasing capability  to launch cyberattacks against rival states.  Iran’s 2012 Shamoon virus attack on Saudi Aramco  partially or totally destroyed the hard drives of the company’s 35,000 computers. This attack was followed by  another one in 2017, both were regarded as successful by foreign observers. About a year later, a modified version of the Shamoon virus emerged to take down the servers of Saipem, an Italian oil company. The virus attacked its servers not only in Saudi Arabia and the UAE, but also in Scotland, and India as well. Then in November 2019, it was discovered that Iran attempted to hack  manufacturing corporations, power distribution networks and oil refineries of rival states.

Iran has moved quickly to acquire impressive cyberattack capabilities. Though the cybersphere domain is  evolving fast,  Iran’s vast network of loyal students,  expatriates and spies across the world has helped  Tehran to access  know-how in this domain quickly. Besides, Iran has teamed up with hacking squads in North Korea and Russia. In addition, it has depended  on the  darknet where almost everything is available.  The anonymity of the darknet is a double-edged sword and it is not the safest route  for Iran to buy zero-day  attack capabilities.

Cyber security experts   analyzing  Iran-originated cyberattacks believe that the Shamoon virus no longer just exfiltrates and wipes out data but it is also now able “to encrypt and overwrite files, destroy the boot device, wipe attached hard drives, destroy the operating system, or wipe special prioritized files.”

No doubt, Tehran has developed  impressive cyberattack capabilities over the years  but it lacks defensive competency. Thus, Israel has signaled to Iran that any future  hacking attempts  will lead to severe retaliation.  As much as North Korea and Russia may like to team up with Iran against  mutual western targets, they may not be so forthcoming vis-à-vis the Gulf states and Israel.

Undeniably though,  cyberwarfare in the military domain is a fair game, and it is set to become costlier and deadlier in the future.

Editorial Team