Once the shell hit the car of Qasim Soleimani, commander of the Quds Force, and the second man in Iran, until freight rates between countries and the masses rose to a maximum, everyone suddenly remembered the assassination of Austrian Archduke Franz Ferdinand in Sarajevo, and how it caught the First World War, and everyone was ready to ignite Fighting on its various fronts, the third world war was marked by the United States on social networking sites such as "Twitter", and political discussions invaded Facebook, and it seemed that the sound of war drums had begun by clicking on keyboards.
But in the anticipated atmosphere of the outbreak of war, there was another field already burning with wars, and many did not turn towards it, a field in which lives fall and armies and airplanes lose their ability to fight before they originally moved from their bases, all of this was happening in a dark field called "electronic warfare" ".
“Electronic warfare” is one of the vague concepts, which have been shed little light on despite being the most dangerous during the past years, and also can be considered the most likely war in the coming years, which we cannot limit in that period between the United States and Iran, as they are considered On both sides of the current conflict, many world powers, such as Russia and China, will not be outside this difficult equation; So, in the coming lines, we will try to delve deeper into the context of electronic warfare as states use it in their battles by telling the story of the destruction of the Iranian nuclear reactor "Natanz" by an electronic virus without the need for any military or military moves, to see how electronic wars ignite causing huge losses without firing a bullet. one.
"We are in an unbalanced confrontation, between democracies forced to play a game according to laws and institutions that think democracy is just a joke. You cannot convince the extremists by saying that hate restricts you and love frees you. There are different laws that we must play with."
(Officer in the Israeli Mossad)
The Iranian nuclear project deviated from the borders that the United States expected, when it presented the idea of nuclear reactors for the first time to Iran in the era of the Shah in the year 1967 and made the Shah’s regime possess a nuclear reactor, then Khomeini came and decided to use the nuclear project according to his own agenda, so Khomeini’s regime and its expansion decided right Iran possesses a nuclear arsenal in light of its conflicts with the superpowers, but the escalating tone of hostility between Israel and Iran, which reflected on the American intervention, as the most important ally of Israel, made the Iranian project a danger that must be eliminated, and the dispute between the two allies occurred: the United States and Israel, the states The United States thought about a quiet and quiet way to fulfill its demand, while the Israeli approach included the most violent way to solve the crisis.
The American-Israeli intelligence alliance was then between the Bush administration and the Netanyahu administration at the highest levels, until the agreement between the members of the National Security Agency and the Mossad came to take a step that might carry many risks, but at the same time it will be the most important weapon in implementing the desired goal (1).
"Stokes Net", this is how cyber security experts called it when they uncovered it, but inside the American intelligence corridors they called the "Olympic Games", which is simply a military virus project that its creators and experts who worked on detecting it described as "the most dangerous military virus in history", and its mission was represented Clearly, the Iranian nuclear reactor "Natanz" is penetrated and its mechanisms are completely disabled by disabling its computers, in order to achieve the Israeli desire in the quiet American way, without the need for military moves.
Before the American administration agreed to go through the experiment, it needed actual confirmation of the effectiveness of the virus project and achieving the desired goals, without showing the American fingerprints and the American administration was involved in a confrontation with the Iranian regime. The American working groups began developing the virus and defining its tasks in preparation for the next steps.
After work on the virus was completed, experiments began on centrifuge units for nuclear reactors inside the United States, of the same type that Iran uses in the "Natanz" reactor, and the Mossad reactor carried out similar tests on the same model of the centrifuges, and the result was positive, so he decided Bush agreed to attack.
The idea of the attack simply included raising the working rates of the centrifuge units at the Natanz reactor to double the rate of its work, which causes it to explode completely, while computer monitoring programs indicate that the work is proceeding accurately, which was a disaster at the time for the Iranian administration, so the engineers They did not find any rationale or reason for the explosions to occur in the centrifuge units, which is a nightmare for an engineering team working on a dangerous project in this way. The identification of the problem is the most important point, and the administration believed at the time that the problem was the human element, and therefore a number of engineers were responsible for The project after that disaster.
After preparing the virus and verifying its results, during the pre-attack phase; The most important question for the United States came about. How will the virus reach the mainframe inside the Iranian reactor? All workers inside the reactor are affiliated with the Iranian regime, and it will be difficult to control them, so the American strategy was to hit the support facilities surrounding the reactor such as power, electricity and maintenance stations with the virus itself, and then the virus is transmitted through the computers of those stations to the reactor during the maintenance and update of the programs.
The most disastrous point in the spread of the virus globally is the lack of conviction by the Israelis that the attack was effective until this moment. The American attack was limited, fearing many factors. When the Obama administration took the helm and Obama agreed to complete the project, the greatest fear for him seemed to discover the matter. This would open the fire of electronic attacks from the Russians and the Chinese to the United States, which made the attack limited from time to time, except that the Israelis rushed and took them to the virus and made it more hostile to carry out the largest possible number of attacks, causing the virus to develop eerily and make it able to spread significantly without Human control.
The virus spread in many countries of the world, until it reached Russia, which detected the virus, and was able to access the source code that enables it to use it, to appear as if it had obtained a code for a new nuclear weapon, not using it or destroying it as well, but it stores it for a specific time.
Stuxnet was part of NITRO ZEUS, a vast campaign against Iran's C2, power grid, air defense & transport, claims film https://t.co/ZKPDsiHJH9
- Thomas Rid (@RidT) February 16, 2016
After the Russian disclosure, it came at the time of the Iranian announcement that Iranian experts had revealed the attack that caused the disruption of Iranian centrifuges, but the fact is that Russia provided the code to Iran after its detection, and surprisingly, the nuclear work in Iran was completely stopped by removing the centrifuges and stopping for two years, so that the Iranian reactor would return After that much larger, and with multiples of centrifuges at the beginning of the year 2013, to make the Iranian nuclear system after that terrible attack stronger than it was, in terms of the number of centrifuges and production capacity of the reactor.
In 2016, the first American documentary came out to reveal the details of the "Stokes Net" process, or what was known in the corridors of American intelligence as the "Olympic Games", which showed that many members of the sovereign apparatus in the United States refused to disclose any information related to the process or its details, after that It has been classified as "highly classified," and therefore any disclosure of the information is a crime of treason, which requires trial.
However, what the experts of Internet security institutions revealed in the documentary is that the virus this time is different from any virus they encountered in their lives. Every virus that appears on the Internet anywhere in the world must have a vulnerability that stops it, just as for the infection to occur, traditional viruses need Until the hacker opens a link or takes a certain wrong step, as for Stuxnet, it was exactly the opposite, there was no vulnerability that could be detected by experts, and it does not need any steps to enter into industrial or military software, where the virus can spread On its own and automatically, the only vulnerability in the virus is known only to those who launched it, and they also provided it with a code known as the "zero hour", which is considered the worst nightmares of technical security experts anywhere in the world, because all the breaches that occur in different countries After doing it, the hacker leaves a vulnerability through which it can be accessed, and that vulnerability may be on purpose or unintentionally, but the "zero hour" code made the virus without a vulnerability, to become a closed circuit that revolves around itself and cannot be accessed from it.
With the passage of time and the continued detection, it has become certain for technical security experts that the virus is not normal and does not aim to steal money or similar things as regular viruses, the virus this time and with these capabilities can only be from the development of a country, and has obtained huge financial support to reach This point of complexity.
The most important disclosure on this point was what experts had expected, as the virus targets vital infrastructure, power plants, power grids, financial services institutions, transportation, transportation and health care, all by targeting a small computer from the German manufacturer Siemens, which is one of the most used devices in Many countries operate and operate infrastructure equipment, engines and drivers in general.
The malware of the virus appeared clearly in many European countries, but the attack did not really begin except in Iran, or to say that the greatest danger point was in Iran, when a group of strange events began in Iranian gas installations as an explosion of pumps without explanation, which was accompanied by the assassination Two Iranian nuclear energy scientists in Tehran, until the most important surprise emerged in the end, the first and most important target of this attack are Iran's nuclear facilities.
Until this moment, the United States or Israel did not recognize the "Stokes Net" or "Olympic Games" process as they are called inside the corridors of the American intelligence, and that until this moment, talking about the details of launching the process is strictly prohibited for any of the American official bodies that dealt with The process, but the only declaration that the United States was forced to make was made by Barack Obama by updating a political rule that says, "The United States has the right to attack with cyberattacks, but with only presidential approval." It seemed as if we were talking about a nuclear weapon.
This announcement was made compulsorily after the US Department of Homeland Security revealed that it was infected with "Stokes Net", which means for America and the Obama administration that the virus has spread outside the Iranian reactor, and that things have gone out of control because of Israel. The United States that developed the virus has become a victim of it. , A development that was not part of the American and Israeli calculations.
“The previous version of the Pentagon's war plan included a classified subset code-named Nitro Zeus, a cyberoperation that called for unplugging Iranian major cities, it power grid and its military.”
If another country drew up plans like this for the US, we'd call it terrorism.
- Rania Khalek (@RaniaKhalek) May 14, 2019
Then the most important part of that process emerged in its advanced stages in 2016 at the time of the conclusion of the nuclear agreement with Iran, which was later revealed that if Iran refused to proceed through the agreement, there is an expanded cyber attack plan (2) that the United States was launching, in what was known as "Nitro Zeus", a program that allows the United States to penetrate all public and private facilities in Iran, such as electricity, water stations, dams, and banks, and to completely stop them from operating, in a more accurate sense; Putting Iran in a state of complete paralysis, which would ultimately lead to losses of money and lives, and it is necessary to pay attention to the fact that Iran is one of the most affected by cyber attacks every year. According to what its officials announced, it is exposed annually to approximately 50 A cyberattack, but Iran in front of all of those attacks does not stand still without a response.
The years following the "Stokes Net" attack witnessed a major Iranian shift in the concept of electronic warfare and breakthroughs. Attacking a nuclear reactor inside a country with military norms is only a declaration of war, but the incident this time had another reflection on the Iranian scene. Iran has started forming what is known as the “Iranian Electronic Army” (4), which is a large group of hackers that the Iranian government has not yet recognized, but they are directly affiliated with the Iranian Supreme Leader, and they joined the group that the Iranian Guide formed after the penetration. Because of the anger that hit the Iranian street after the American-Israeli attack on the "Natanz" reactor.
This army was divided into several groups, each with a mission specialized in penetration operations, the first of which is the APT 33 (3) groups and is one of the most dangerous groups in that army, it is responsible for penetrating military institutions and war and aviation equipment, and the second is the APT 35 (3) group that specializes In the attacks on the accounts of officials, journalists and public bodies in the United States and others. Then comes the Oil Rig Group, which is responsible for carrying out attacks targeting industrial organizations, companies, oil refineries, and other industrial targets. One of the most famous breakthroughs by this group is the penetration of the American "Sheldon Adelson" Foundation in 2014.
At the head of these groups is the "Izz al-Din al-Qassam electronic fighters", the group with the strongest and fastest response in 2012, when the group attacked the largest banking institution in the United States in 2012 after the announcement of the "Natanz" attack, and the attack had a major impact on those institutions, where Causes complete withholding of the financial statements of these institutions (3).
Despite the large number of Iranian groups, and the multiplicity of attacks they carry out annually, the question is how far can cyber attacks from Iranian groups affect the conduct of technical operations in the United States? In that regard, it would be useful to recall the most prominent operations carried out by Iranian groups over the past years.
In 2012, Iranian groups launched a fierce attack on the computers of Saudi Aramco (4) for oil. The attack was then directed at the American administration and a message to them about the extent of Iranian ability. The attack erased all Aramco data, and the attack bore the name "Shimon" "As a form of disinformation from Iranian groups, to direct attention to Israel instead of Iran, but it was easy at the time to reveal that the attack was purely Iranian.
Not much time had passed since the "Shimon" attack until Iranian groups attacked one of the most important water storage dams in New York City (5), and they were able to control the dam operations for a long time, as penetrators were able to control the water purification and purification operations and their proportions leaving the dam. , But professionally it hides the presence of a hack.
The attack on the New York Dam in particular became a milestone (6) in that confrontation. The attack opened the eyes of the United States to the enemy's capabilities in the face of the "Nitro Zeus" project, which enabled the United States to enter the data and drivers of the infrastructure in all of Iran, This would have enabled the United States to completely paralyze Iranian cities with all operations and facilities.
Given recent developments, re-upping our statement from the summer.
Bottom line: time to brush up on Iranian TTPs and pay close attention to your critical systems, particularly ICS. Make sure you're also watching third party accesses! https://t.co/4G1P0WvjhS
- Chris Krebs (@CISAKrebs) January 3, 2020
As for the latest influential attacks that were directed directly by Iran, this was in November of 2019, and before the beginning of the recent tensions, where Microsoft announced (7) that its servers, "Outlook", were subjected to a massive attack by Iranian penetration groups. This has affected many companies around the world, not just the United States, because of the global popularity of "Outlook" among millions of users.
In the same context, the United States has been exposed during the past years to a large group of technical breakthroughs, whether at the level of government institutions or private companies, but it is interesting to note that the source of these breakthroughs is no longer from one side as some can imagine, Iran, as the sources are different And multiple, including Russia for example and North Korea, and penetrators from within the United States itself, and in the midst of all this the United States did not provide an effective solution.
Where many of the states of America were exposed during a large number of technical attacks during 2019, most of them were the "ransomware" virus attack, an attack that works to block files, data and information available on all computers, which are not returned again until after the payment of a ransom determined by the hacker.
Louisiana was one of the last states to be subjected to a violent technical ransomware attack. The attack took place last August and caused the electronic systems of a large number of schools and government agencies to stop in the state, which necessitated the declaration of a state of emergency. But before the Louisiana attack, several US states witnessed similar attack patterns that fully encrypted system data, including an attack on the outskirts of Florida, during which hackers managed to obtain 600,000 dollars a ransom from the state to dismantle the attack, and was preceded by an attack on Rivera, which resulted in the city paying a million dollars after operations. Vote to retrieve encrypted data. (8)
In Baltimore, matters worsened greatly, as many systems and bodies in Baltimore state were suspended for a month last May, due to the state's refusal to pay the equivalent of $ 80,000 in ransom to Bitcoin currency, after encrypting the data of all official bodies.
Investigative bodies in the United States were able to identify two penetration elements responsible for the attack on several states in 2018, including Atlanta, Newark, and New Jersey, and it was found that they were from Iran, and they succeeded in achieving an estimated value of $ 6 million, after they carried out more than 200 attacks. With the ransomware virus, they destroyed more than $ 30 million in computers and technical systems (9).
Russia has been able to occupy an important position during the past three years, and this has appeared in many massive attacks at several different points in the world, and the emergence of prominent Russian penetration groups that have come under the spotlight clearly, and its name has been associated with several huge incidents of penetration.
Russian breakthroughs in particular appeared to be aimed at very accurate and dangerous targets, the most prominent of which is for example the major breach of the intelligence agencies in the United States and Britain (10), and official bodies in the United States announced that millions of computers and data storage machines in intelligence agencies The United States and Britain have been fully targeted. These attacks are called the "critical goals game". For Russia it is not a matter of penetration per se, but rather striking critical and important targets, which made finger pointing after any cyberattack operation heading towards Russia, and this is what actually happened after the 2018 Olympics attack. .
At eight in the evening of February 9, 2018, all computers and databases of the Korean Olympics were subjected to a severe electronic attack that caused a major catastrophe in computers and databases, and the breach of the Olympics was the most important electronic event in 2018, and investigations revealed that Russia had a lot One of the motives for the penetration process, which she wanted to keep her appearance present despite the official absence, as Russia was prohibited from participating in the Olympics (11), and Russian players were not allowed to raise their country's flag in the event of a victory or a medal during the Olympic competitions. Which made the Russian foreign minister deny the proportion of attacks to Russia, commenting: "We know that the Western media will work to put Russian fingerprints to penetrate the Olympics in Korea, although this is not true."
Russia hacked Olympics computers, turned blame on N Korea: report https://t.co/at4cjalF0I pic.twitter.com/w8EICXx3fz
- FRANCE 24 English (@ France24_en) February 26, 2018
In fact, the Russian attacks did not stop at a certain point, but they always reach their maximum points, so that even Russian hackers can work to topple a technical system for a whole country. January 2009 (12) witnessed penetration of the entire technical system of Kazakhstan, and the suspension of Computers that are in the whole country, simply stop all technical processes inside the whole country.
As for the most recent version of those massive attacks, it was last October, when Russian groups attacked more than 2000 computers in Georgia (13), penetrating through these computers the offices of the Presidency and the conservatives and three television channels, and a statement bearing the name of a president was broadcast on its screens The former Georgia and below it was written in English "I will be back soon", and that was one of the strongest and greatest technical breakthroughs in the past months. Here are the highest authorities that fall entirely under the control of another country, and with it the official state television, all of this without anyone having to move from his council.
Microsoft has also revealed (14) that Russia has already begun to organize its attacks to break through the Summer Olympics, which will be held this year in Tokyo, to start preparing for technical defenses to stop them and prevent the recurrence of the 2018 Olympics scenario.
Russia succeeded, according to what the government announced in conducting the experiment to completely separate the Internet in Russia from the World Wide Web (15), and announced that among the tests conducted, the possibility of the electronic system in Russia being attacked, and the ability of the alternative internal network in Russia "RUNET" to completely separate from Network in the event of an external attack, and the ability of the servers to control data coming from Internet servers from outside Russia.
It is a proactive step from the Russian side, at a time when Russian cyber attacks are considered the most dangerous globally, and the most influential for their counterparts from cyber attacks, so just as the Russian side in cyber attack reaches its extreme points, the defense side represents a complete isolation from the confrontation sides, which is A very important indication of Russian intentions regarding the upcoming confrontations.
At the heart of all these developments, it is difficult to say that the Russian movement in its offensive and defensive forms, in isolation from the escalations witnessed in the confrontation between the United States and Iran. The detection of the virus in Russia was the result of handing over the source code of the virus to Iran, as a form of Russian support for the Iranian confrontation, which makes speculation about the future of electronic war more like a mysterious future, especially with the development of the type of attacks that the United States was subjected to the full incidence of technical paralysis.
Hence, it can be said that the future of the war is no longer linked to military movements and nuclear weapons. There is a battlefield that may witness more violent and dangerous confrontations, and may result in the cessation of full combat operations before they start, or the injury to the infrastructure that ultimately leads to a loss of life without a shot. Single lead.