Escalatory Iran-Israel cyberattacks

While the frenzied India media has been bombarding domestic audience with the live reports of the first batch of five Rafale fighter aircrafts arriving in India from France enroute the Al-Dhafra, UAE airbase, reports of Iranian Missiles landing into the waters close to airbase rattled security agencies. It now emerges that US intelligence has issued high-alert to security forces stationed at Al-Dhufra airbase and Al-Udeid airbase in Qatar which houses French and American troops after Islamic Revolutionary Guard Corps (IRGC) launched military drills, Prophet Mohammed 14^{th 1}. Iran’s show of strength and deliberate attempt to coerce and intimidate the Western forces has inadvertently brought to fore the brewing escalatory attacks in the Middle East.

Since the assassination of General Qasem Soleimani in January, the animosity between the US and Iran increased several-fold leading to retaliatory strikes, rocket attacks on the US Embassy in the Iraq, killing of two Americans and One British in March. Trump administration’s unilateral revocation of the Joint Comprehensive Plan of Action (JCPOA) in May 2018, tightening of US sanctions, crippled Iran’s economy, triggered a wave domestic protests and brought the nation to its knees. America’s hardened position had irrevocably damaged the relations between Iran and America and turned the Middle East into powder keg of the World.

Like Trump administration, Israeli security agencies believed a pandemic stricken Iran to go slow on its geopolitical ambitions. Much against the popular perception, Iran infused fresh impetus to its attempts to draw Syria into its orbit and began to overwhelm Bashar Al-Assad, keen on extricating from Russian influence. Despite a weakened economy, Iran continued to support the Hezbollah in Lebanon as well.  To combat Iran’s aggression, former education minister of Israel declared the launch of “Octopus Doctrine”. Iran has been spreading mayhem in the Israeli neighbourhood through Hezbollah in Lebanon, Hamas and Islamic Jihad in Gaza strip and Shiite militant proxies in Syria.

In April, Iran launched a cyberattack on the Israeli water and sewage treatment plants across the country. Barring minor disruptions Israel didn’t suffer much damage. But the attack provoked Israel. Given the legacy of hostilities between Iran and Israel, Tehran’s involvement came under scanner. Mincing no words, Israeli media blamed Iran, but Iran denied any role.

As part of the “Octopus doctrine”, Israel launched a cyberattack on Iran’s busiest maritime hub Shahid Rajaee Port in Bandar Abbas. While Iran’s Port and Maritime Organisation quickly dismissed reports of any major disruptions, the Washington Post later claimed that attack caused severe congestion that lasted for some weeks. Fingers were obviously pointed at Israel. Without claiming responsibility, Israel Defence Forces Chief of Staff declared, “Israel will continue acting (against its enemies) with a mix of instruments”. While the arch-adversaries denied their involvement, a slew of cyberattacks followed which included two explosions at Khojir, Iran’s largest missile production facility and Natanz nuclear base.

Given Israel’s history of targeting nuclear bases in the region- Iraq’s Osirak nuclear base in 1981, Syrian nuclear facility at al-Kibar in 2007 and incapacitation of Iranian nuclear centrifuges in 2009 with active support of the US through the Stuxnet computer worm, an attack on Natanz nuclear base which houses the quintessential centrifuges hinted at Israel’s role. In 2012, Israel unleashed Duqu and Flame campaign on Iran to steal data. But Homeland Cheetah’s group comprising Iranian dissidents reportedly claimed responsibility for the attack ². Investigating the email of the group security agencies called it an attempt to mislead investigations, but without an iota of doubt, this group akin to other Iranian Cybergroups which are essentially handles of the Iranian Revolutionary Guard Cyber Army is composed to group of hackers. This fire accident at the nuclear base and a series of mysterious fire accidents at various places since the end of May in Iran hinted at a possibility of an ongoing Cyberwarfare between the arch-enemies Iran and Israel. Incidentally, Parchin and Khojir are strategically important places for Iran. The attacks clearly signal the intentions of the perpetrators to bring Iran to knees and force the Iranian military regime to stop financing the militant groups. After the blast at Nantz Pilot Fuel Enrichment Facility, Iranian administration acknowledged “(sabotage by) hostile countries, especially the Zionist regime and the US”.

Thus far, mysterious blasts were reported at-Medical clinic in Tehran, fire in Shiraz, explosion and fire in power plant in Ahwaz, Chlorine gas leak at Karoun Petrochemical plant Mahshahr, seven ships catch fire at Iran’s Bushehr Port.

Interestingly by breaching the redlines of Israel and attempting to dismantle the essential civilian supplies, Iran intended to wreak havoc. Israel which is feeling the heat of burgeoning Iranian attacks decided to pay back in similar coin. Though both countries have refused to own up the attacks, the digital trials left by Iranian hacker group had added strength to this growing discourse on Cyberwar.

Researchers of IBM X-Force security team during their routine monitoring chanced upon a five-hour APT35 or Charming Kitten, the popular Iranian hacking group, outlining the detailed process of exfiltrating and stealing data from emails in mid-July ³. These and the claims by an Iranian group to have launched a series of cyberattacks on Israel Rail Infrastructure goes on to confirm the use of cyberoperations as statecraft by the Islamic Republic ⁴.

After the crushing sanctions and dissolution of the JCPOA, Iran refused to adhere to the moratorium on enrichment and steadily restored nuclear activities as a leverage. Israel which has been firmly campaigning about Iran’s nuclear ambitions wary of Iran’s unabated missile development efforts has been closely monitoring Tehran’s activities in the region. Iran’s cyberattack as a part of Qod’s Day triggered Israel wrath which has been waiting for an opportunity to send a strategic signal. As a part of deterrence, Israel not only attacked the civilian systems, but paralysed strategically important military sites.

In recent years, Islamic Republic of Iran Shipping Lines (IRISL) and the shell companies operating from ports have turned into centres of missile and nuclear proliferation and Israel’s retaliatory cyber attacks on Bandar Abbas port is a signal to the adversary to refrain from escalating from cyber operations. Since 2012, Iranian administration focussed on building cyber capabilities to knockdown Israel’s utilities. Beginning 2016, Iranian groups attempted to take down Israel Electric Company. Popular as the “Operation Electric Powder”, Iranian group tried to spread malware through facebook profiles pages, breached websites and cloud-based websites. They renewed attacks in 2019 on Israeli utilities. Israel, which is technologically better endowed, effectively blunted Iranian attempts. Over the years, Iranian hacking groups AP34, Helix Kitten, Cobalt Gypsy or Oil Rig had reportedly intruded the water systems in Gulf. But the third-party leaks through hactivist groups of the groups tools and intrusions degraded their abilities to breach technologically mature Israel systems.

Over the years, Iranian Revolutionary Guard Corps (IRGC) has invested heavily in training Palestinian, Syrian and Lebanon hackers. The collective and coordinated attacks on Israel by the Palestinian Origin group Molerats or Extreme Jackal operating from Gaza strip and the operations of the Jerusalem Electronic Army (JEA) is part of the larger ecosystem cultivated by Iran to take on Israel ⁵. Instead of the prohibitive conventional war, Iran and Israel are now indulging in state-sponsored cyberattacks.

Cyberattacks and breaching of the security protocols by countries to infiltrate crucial information has been in vogue in the recent past. But the recent episode of shadow war has added new clandestine dimension to the state-sponsored cyberoperations. World Economic Forum’s Global Risks Report 2020 ranked largescale cyberattacks and breakdown of critical information infrastructure and network among the top ten risks to livelihood ⁶. The open-ended cyberskirmishes between Iran and Israel has now reinforced the dangerous fall outs of digital wars between adversaries which has potential to be mimicked by other nations as well. With no international guidelines or deterrence mechanisms in place to dissuade the countries from this ambition cyber campaigns, the World has been silently watching the unfoldment of new era of potentially threatening cyberwar.

@ Copyrights reserved.