become more public
Cyber war between Israel and Iran increasingly targets civilians
Cyber attacks targeted gas stations in Iran.
archival
picture
In 2010, the world learned about Stuxnet, a malware developed by Israel and the United States that successfully targeted and damaged Iran's Natanz nuclear facility.
Dubbed "the world's first digital weapon", Stuxnet has changed the way in which cybersecurity communities, whether governments, academia, or companies, understand the threats and harms posed by cyber attacks.
secret properties
Although the offensive cyber capabilities of both Iran and Israel have evolved greatly over the past decade, one thing about the Iranian-Israeli cyber conflict has remained constant: its secret characteristics.
But over the past two years, we've seen a dynamic change from secrecy to overt and more open cyber conflict.
The turning point can be seen in April 2020, when Iran tried to damage the water authority and sewage treatment facilities in Israel.
The Israeli Water Authority initially said it was a technical malfunction, but later admitted that it was a cyber attack, and that it was identified and thwarted?
Several weeks later, it was reported that intelligence officials believed Iran was behind the attack, which would have caused significant damage to the civilian population had it succeeded.
About a month later, in May 2020, a cyber attack targeted computer systems at the Shahid Rajaei port in Bandar Abbas near the Strait of Hormuz.
According to the Iran Sea Ports Organization, the attack damaged the operating systems of private companies for several hours, but did not affect the port's security and information systems.
About a week later, the Washington Post cited unnamed officials as saying that Israel had launched a retaliatory attack against the Iranian port.
This series of intrusions reflects two notable developments in the Iran-Israel cyber conflict.
These cyber attacks and intrusions are becoming more public as they begin to target the civilian populations of both Israel and Iran.
Second, as the Russian invasion of Ukraine demonstrated, cyber capabilities are no longer sufficient to win the battlefield and can achieve limited goals.
But nevertheless, cyber-attack capabilities are an important component of warfare.
These days, countries seem to be using cyber-attack capabilities in ongoing conflicts that have not reached the stage of hot wars.
This is because in many conflicts, such as between Israel and Iran, the use of offensive cyber capabilities allows states to engage in conflict less than armed conflict.
But staying below the threshold of armed conflict does not mean that there is no harm in these attacks. Over the past two years, we have seen tension between the two countries in the cyber field rising, where harassment of civilians and attacks against critical infrastructure have become commonplace.
Although infrastructure remains the primary target, civilians in both countries have also become targets, causing disruptions and damage to their daily lives through the leakage of critical information, among other challenges.
There are many attacks, intrusions, hacking operations and the disclosure of important information in public, which highlights this clear change.
Iranian cyber attacks on Israeli targets since 2020 were ransomware attacks carried out by the two well-known Iranian hacking groups “Black Shadow” and “By2K”, and in October 2021, “Black Shadow” hacked the servers of the host company “Cyberserve”. And leaked the personal data of users to various sites hosted by «Cyberserv».
The result of this violation caused problems for these sites.
In December 2020, Black Shadow stole a large amount of data from the Israeli insurance company Sherbet, and announced that it had sold that data and threatened to publish it.
Although the company announced that its defense systems were able to repel the attack, "Black Shadow" published thousands of documents that prove otherwise.
piracy
And this year, Israeli media platforms were hacked on the anniversary of the assassination of Qassem Soleimani.
The Jerusalem Post's homepage published an illustration representing Soleimani.
The American CNN website stated that the illustration showed a bullet-like object fired from a red ring he was putting on his finger, in a clear reference to the distinctive ring that Soleimani was putting on his finger.
The home page was replaced with a picture of the explosion of the Israeli Dimona reactor, in addition to a text that reads, "We are so close to you that you don't know."
Civil life in Iran was disrupted during that period.
In October 2021, Iran was subjected to a cyber attack that resulted in widespread disruption of gas stations across the country.
As a result, citizens were unable to purchase government-subsidized fuel, and only expensive fuel was available at the stations that were still operating.
When drivers tried to buy fuel for their cars with electronic cards, a message appeared on the screens indicating malfunctions, saying “Cyber attack 64411,” a reference to the hotline number of Iran’s leader, Ali Khamenei.
And it took the stations about three days to be able to work again, and Iran accused Israel and the United States of carrying out the attack.
Israeli cyber intrusions against Iranian nuclear facilities continued.
In April 2021, a cyber attack halted work at the Natanz nuclear site.
The damage was estimated to have reached 50 meters underground, as most of the facility was destroyed.
Following this attack, many media platforms mentioned that "Mossad" was behind the attack.
Israel did not officially comment, but it did impose restrictions on media platforms to prevent coverage of the event.
In June 2021, the Bushehr nuclear reactor was subjected to a cyber attack, which led to an emergency shutdown that lasted for several days.
Although Iranian officials claimed the attack was unsuccessful, they later admitted that the nuclear facility had been damaged.
With cyber conflict becoming more entrenched and public, it seems to be a form of "Wild West" movie, where countries can do whatever they want without facing any punishment.
While targeting critical infrastructure remains the primary threat to both countries, the past two years show that it has become acceptable to harm and harass civilians through hacking, data leaks, and cyber-attacks for ransomware.
This will continue to escalate tensions between Iran and Israel, and civilians on both sides will suffer the most.
• Cyber capabilities are no longer sufficient to win the battlefield, and can achieve limited goals.
• Cyber attacks and intrusions are becoming more public as they begin to target the civilian populations of both Israel and Iran.
Jill Baram ■ Cyber expert
Follow our latest local and sports news and the latest political and economic developments via Google news