The simmering cyber conflict between Iran and Israel reached a boiling point this week as the two enemies have been going tit-for-tat in an effort to quietly take down critical infrastructure that security analysts dub something of an electronic cold war.
“The fact that Iran is behaving so aggressively, and trying to disrupt critical services in Israel, is very disturbing,” David Kennedy, founder/CEO of TrustedSec, and a former hacker for the NSA and U.S. Marine Corps told Fox News. “Any time you have a state actor engaged in industrial sabotage, that is a real cause for concern. When you attack a critical service like water, power, hospitals, or transportation, you are essentially putting lives at risk.”
Last month, Iran fired the first shot by purporting to cyberattack water installations – including tanks, pumps, and pipelines in Israel – raising the alarm among national security and cyber experts over the vulnerability of critical infrastructure.
While some slight damage to water valves and control systems did take place, according to Haaretz, ultimately there was no persistent damage to the water supply as the hackers had likely intended.
And then on May 9, the Bandar Abbas port terminal in the south of Iran was suddenly crippled, and shipping traffic was suspended for days. Israel was behind the retaliatory strike back which successfully inflicted severe damage without causing casualties, the Washington Post reported this week.
Israeli Water Authority officials reportedly detected the attempt and immediately changed system passwords and took measures to secure their systems.
“It is definitely unusual to see a state actor targeting the critical infrastructure assets of another state. That type of activity is usually reserved for war or near-war situations, at least by most countries,” Kennedy surmised. “Iran doesn’t respect those rules.”
Moreover, analysts have also pointed out that Iran’s cyberattack was executed through servers based in the United States and Europe, which indicates some degree of sophistication, despite being a routine TACTIC used globally by those adverse to the West.
“The Israeli response was measured yet enough to cause logistical and economic disorder from Iran’s main port at a time when they can ill afford any further financial disruptions due to sanctions, low oil prices, unemployment, and massive inflation,” noted Jeff Bardin, the Chief Intelligence Officer at security firm Treadstone 71. “My assumption here is that the Iranians used extracts and updates to Stuxnet code to manipulate the Israeli equipment.”
The Stuxnet virus was a joint cyber operation between Israeli and American intelligence and was deployed in 2011 to infect Iran’s then-burgeoning nuclear program – effectively harming the electricity boxes linked to the centrifuges being utilized for uranium enrichment. Nonetheless, Tehran was able to course correct in the aftermath of the course contagion, learning how to bolster its own cyber defense and develop tactics of its own.
And following the April attempt to harm Israel’s water systems, the regime is said to have overinflated the outcome in its press as a means of distraction against the coronavirus pandemic crippling much of the nation’s health care system. The gloating prompted Israel to acknowledge that an incident had happened, although it was largely dismissed.
“We are in a state of constant cyber cold war accentuated by regular skirmishes such as the Iranian attack on Israeli water systems and the Israeli response on Iran’s main port. Israel does not usually come out of the shadows to execute publicly identified cyber-attacks,” Bardin continued. “They did so this time since Iran was chest-thumping over the attack on the Israeli water system, considered critical infrastructure. Israel had to strike back and did so in such a way that shut down the port for 10 days.”
And Kennedy further underscored that because Iran does not have the military might to confront Israel or the United States directly, it is instead forced to engage in asymmetric warfare, of which cyber is an important part.
“Ever since Iran was hit by Stuxnet, they have been actively developing their own cyber-kinetic capabilities. This capability is extremely important for Iran because it gives them the ability to strike inside the borders of countries that they could not attack directly with traditional military forces. It also allows them to score PR victories at home, without risking a humiliating military response,” he said. “Iran’s cyber operations against Israel are definitely becoming more aggressive during the pandemic. Anytime you target critical infrastructure, you are seriously escalating the situation.”
And things kicked up an extra notch on Thursday, after allegedly Iran-based hackers seemingly infiltrated tens of thousands of unsecured Israeli websites, disabling their functions and blasting threatening videos and messages pertaining to the “crimes against the Palestinians,” and “all we can do is revenge from a cyberattack.”
The group remains on both Facebook and Youtube.
“Thousands of Israeli sites, including sites of major and major companies in the economy, were vandalized following an attack by anti-Israel officials against the Upress hosting company,” Bardin explained. “The attack disrupted the company’s servers. Instead of the usual content of the sites appears content calling for the destruction of Israel. In addition, the sites ask the users permission to use the camera to take photos.”
He pointed out that, at this stage, it is unclear whether the company’s databases were hacked or is it merely a corruption. Upress, one of Israel’s largest website hosting companies, announced on its Facebook page that the attack was caused by security vulnerabilities in the WordPress plugin. “We work in collaboration with the state cyber authority, conduct security investigations, and handle all sites,” the company added. Hacking a web hosting company allows hackers to hit many sites at once.
In addition, Bardin’s Treadstone 71 found significant chatter in Iranian social media sites on WordPress vulnerabilities prior to the penetration.
But where the Iran/Israel cyber conflict goes from here – and whether tensions will continue to rise – remains to be seen. According to Behnam Ben Taleblu, a senior fellow and Iran expert at the Foundation for Defense of Democracies (FDD), the use of cyber tools for purposes of damage and espionage is consistent with Iran’s asymmetric military strategy.
“Just like proxy wars, the cyber domain permits Iran to mask its hand and involvement, as well as limit the potential for kinetic blowback and escalation,” he explained. “In this regard, Iran’s cyber wars have been successful, even if they invite Israel or other states to respond to Iranian aggression using The same or better cyber means.”
Some experts have also asserted that Iran’s reignition of the quiet fight with Israel last month was in response to Israel’s frequent targeting of Iran-backed, Hezbollah assets in Syria.
“(The cyber conflict) will not end anytime soon. The cyberattack that Iran launched on Israel's water infrastructure was a convenient and relatively low-risk way to retaliate against recent (presumed) Israeli strikes on Iranian targets in Syria,” added Heather Heldman, managing partner of Luminae Group and a former Middle East advisor at the US State Department. “Regardless of the fact that Iran's cyberattack failed to cause significant damage or disruption inside Israel, it gave the Iranian regime an opportunity to score points with its domestic audience and distract from the turmoil transpiring at home, which has intensified in the wake of Coronavirus and low oil prices.”