Israel, Iran Extend Cyber Warfare to Attack Civilian Targets
Millions of ordinary citizens in Iran and Israel have recently found themselves caught in the crossfire of a cyber war between their countries. In Tehran, a dentist drove around for hours looking for gasoline, queuing long at four gas stations before leaving empty.
In Tel Aviv, a well-known broadcaster panicked when intimate details of his sex life, and those of hundreds of thousands of others stolen from an LGBTQ dating site, were uploaded to social media.
For years Israel and Iran waged a covert war, by land, sea, air and computer, but the targets were usually military or government-related. Now, cyber warfare has widened to target civilians on a large scale.
In recent weeks, a cyberattack on Iran’s nationwide fuel distribution system has crippled the country’s 4,300 gas stations, taking 12 days for service to be fully restored.
The attack was attributed to Israel by two US defense officials, who spoke on condition of anonymity to discuss confidential intelligence assessments. This was followed days later by cyber attacks in Israel against a major medical facility and a popular LGBTQ dating site, attacks that Israeli officials attributed to Iran.
The escalation comes as US authorities warn of Iranian attempts to hack into the computer networks of hospitals and other critical infrastructure in the United States. As hopes of a diplomatic resurrection of the Iran nuclear deal fade, such attacks only proliferate.
Hackers have been infiltrating civilian arenas for months. Iran’s National Railroad was attacked in July, but this relatively unsophisticated hack may not have been Israeli. And Iran is accused of committing a failed attack on Israel’s water supply system last year.
The latest attacks are believed to be the first to cause widespread damage to large numbers of civilians. Non-military computer networks are generally less secure than those linked to state security assets.
No one died in these attacks, but if their goal was to create chaos, anger and emotional distress on a large scale, they achieved it on a large scale.
“Maybe there is a war between Israel and Iran, but from the point of view of the little civilian, we are being held as prisoners here in the middle and are helpless,” said Beni Kvodi, 52, editor. head of an Israeli radio station.
Mr. Kvodi has been openly gay for years, but the hack of the Israeli dating site threatened to expose thousands of Israelis who had not publicly disclosed their sexual orientation. The site collected embarrassing information about users’ sexual habits, as well as some explicit photos.
Ali, a 39-year-old driver from Tehran’s National Taxi Company who, like other Iranians interviewed, asked that his last name not be used out of fear for his safety, said he lost a day’s work at wait in the lines of gas stations. which meandered for miles.
“Every day you wake up in this country and you have a new problem,” he said in a telephone interview. “It is not our fault that our governments are enemies. It’s hard enough for us to survive.
Both countries appear to be targeting civilians to send messages to their governments.
The hack into Iran’s fuel distribution system took place on October 26, as the second anniversary of major anti-government protests sparked by a sudden rise in gasoline prices approached. The government then reacted with a brutal crackdown which, according to Amnesty International, left more than 300 dead.
The cyberattack appeared to be aimed at generating another wave of anti-government unrest.
Gas pumps suddenly stopped working and a digital message asked customers to complain to Iran’s Supreme Leader Ayatollah Ali Khamenei, displaying his office phone number.
Hackers have taken over billboards in cities like Tehran and Isfahan, replacing the advertisements with the message “Khamenei, where is my gasoline?” “
“At 11 am, the pumps suddenly stopped working,” said Mohsen, manager of a gas station in northern Tehran. “I have never seen such a thing.”
Rumors spread that the government designed the crisis to raise fuel prices. Iranian app-based taxi companies Snap and Tapsi have doubled and tripled their normal fares in response to drivers having to purchase expensive unsubsidized fuel, Iranian media reported.
The anti-government uprising never materialized, but the government struggled to contain the damage and quell the outcry. The Ministry of Petroleum and the National Cyber Council held emergency meetings. Oil Minister Javad Owji issued a rare public apology on state television and promised an additional 10 liters of subsidized fuel to all car owners.
To put the pumps back into service, the ministry had to send technicians to every service station in the country. After the pumps were reset, most stations could still only sell non-subsidized fuel, which is double the price of subsidized fuel.
It took nearly two weeks to restore the subsidy network, which allocates each vehicle 60 liters – about 16 gallons – per month at half price.
But the hack may have been more serious than an inconvenience for motorists.
A senior Petroleum Ministry official and an oil trader familiar with the investigation, who spoke on condition of anonymity to avoid repercussions, said officials were concerned that hackers had also taken control ministry fuel storage tanks and could have accessed them. to data on international oil sales, a state secret that could reveal how Iran escapes international sanctions.
Because the ministry’s computer servers contain such sensitive data, the system operates without an Internet connection, raising suspicions among Iranian officials that Israel may have had help from within.
Four days after Iran’s pumps stopped working, hackers gained access to the Israeli dating site Atraf’s database and medical records from the Machon Mor Medical Institute, a network of private clinics in Israel.
The files of the two hacks – including the personal information of about 1.5 million Israelis, or about 16% of the country’s population – were posted on a channel on the Telegram messaging app.
The Israeli government asked Telegram to block the channel, which it did. But the hackers, a little-known group called Black Shadow, immediately reposted the material on a new channel and continued to do so whenever it got stuck.
The group also released stolen files to Israeli insurance company Shirbit, which was hacked last December and insured employees of Israel’s Defense Ministry.
Three senior Israeli officials, who asked not to be identified in order to discuss secret cyber issues, said Black Shadow was either part of the Iranian government or independent hackers working for the government.
The dating site’s personal data could be disastrous “even for those who have already come out of the closet,” Kvodi said. “Each of us has a very close and intimate ‘relationship’ with Atraf.”
The site contains not only names and addresses, he said, but also “our sexual preferences, who is HIV positive, who uses prophylactics or not, as well as whether the site allows for uploading nude photographs and relevant video footage of us and send them to other subscribers.
Many Atraf subscribers soon complained that their Instagram, Facebook or gmail accounts had also been hacked.
Cyber experts said the hacks were not the work of Black Shadow, but hacks by criminals who used personal data that Black Shadow had posted. In some cases, they blocked accounts, demanding a ransom to restore access.
Neither Israel nor Iran have publicly claimed responsibility or blamed the latest round of cyber attacks. Israeli officials have refused to publicly accuse Iran, and Iranian officials blamed the attack on the gas station on a foreign country, without naming one.
Experts say cyber attacks against softer civilian targets could be the start of a new phase of the conflict.
Lotem Finkelstein, head of intelligence at Check Point, a cybersecurity firm, said Iranian hackers had “identified a failure in Israeli understanding” about the cyberconflict.
They realized that “they don’t need to attack a government agency, which is much more protected,” but could easily attack small private companies, with less sophisticated security, “which control huge amounts of information, including personal financial or intimate information about many citizens.
Each side blames the other for the escalation, and even if there was the will to stop it, it’s hard to see how this genius will be capped.
“We are in a dangerous phase,” Maysam Behravesh, former chief analyst at Iran’s Intelligence Ministry, said in conversation with Clubhouse on Monday. “There will be a next wave of widespread cyber attacks against our infrastructure. We are one step closer to military confrontation.