An unprecedented Iranian cyberattack targeted six facilities in Israel’s water infrastructure on April 24-25 nearly dumped lethal levels of chemicals into the Israeli water system. Fortunately, the attack impacted some systems but did not cause any disruption in the water supply or waste management. The computer system was breached but the cyberattack was blocked before any damage could be done.
ATTACK FOCUSED ON CIVILIAN WATER SUPPLY
It has now been revealed that the Iranian cyberattack on the water infrastructure in Israel was not merely an attack on data systems of the type Israel faces on a daily basis. In the attack, the water computer system was breached but the attack was blocked just in time before any damage could be done. The attack was reportedly routed through US servers.
“This was an attack that goes against all codes, even in war,” said an Israeli official to Channel 13. “Even from the Iranians we didn’t expect something like this. This is an attack that cannot be done.”
Yigal Unna, Director General of Israel National Cyber Directorate, announced on Thursday addressed an international cyber-conference on Thursday, revealing that the intent of the cyberattack on the water infrastructure was far greater and far deadlier than previously thought, calling it a “historic turning point in cyberwarfare, but this was just the beginning.”
Cyber attacks typically target databases or websites. But this attack was the first of its type, attempting to effect real-world events.
“We can see something like this aiming to cause damage to real life and not to IT or data,” Unna said. “If the bad guys would have succeeded in their plot, we would now be facing in the middle of the corona crisis, very big damage to the civilian population; a lack of water,” Unna said, noting that the attack was well-organized and not conducted by regular criminals.
Even more concerning was the aspect of the Iranian cyberattack which attempted to control the release of chemicals into the water system, a cyber-first. “Even worse than that, when you mix chlorine or other chemicals with the wrong proportions within the water, it can be harmful and disastrous,” Unna added.
If successful, the attack could have theoretically poisoned all of Israel’s drinking water.
“It is a part of some attack over Israel and over the national security of Israel and not for financial benefit,” he said. “The attack happened but the damage was prevented and that is our goal and our mission. And now we are in the middle of preparing for the next phase to come because it will come eventually.”
Israel responded in kind, targeting Iran’s largest port, paralyzing the main economic ingress for several days. All navigation systems of the ships were severely disrupted and everything had to be stopped to avoid collisions between incoming and outgoing vessels.
“The attack displayed the cyber ability of a world-power. It appears that this was a clear Israeli message to Iran, don’t dare to touch civilian systems, the water and electricity systems in Israel, which were attacked this past,” Unna warned.”Cyber winter is coming and coming even faster than I suspected,” he said. “We are just seeing the beginning.”
Unna’s warning proved prophetic as tens of thousands of mostly unsecured Israeli websites were reportedly attacked ten days ago by Iran-based hackers calling themselves “Hackers of Saviour.” The websites, all using Upress servers, were replaced with the Hebrew/English message:
“The countdown of Israel destruction has begun since a long time ago,” (sic) reads the warning message in Hebrew and English posted by a group calling itself the “Hackers of Saviour.”
The phrase is accompanied by images of what appears to be the destroyed city of Tel Aviv, links to YouTube videos, and other threatening phrases. The group’s YouTube channel describes them as hackers set on avenging Israel’s treatment of Palestinians.
Iran’s cyber warfare comes at the expense of the Iranian people as much of the country’s assets are focused on an aggressive military program even while the country is hard-hot by the pandemic. The budget of the Revolutionary Guard’s cyber department was estimated at around $80 million a year around a decade ago but has likely multiplied several times since.
CYBER ATTACKS TARGETING THE US
Iran’s cyberattacks are not focused exclusively on Israel. In 2012, the country committed one of the largest cyberattacks in history at the time against the computers of Saudi Arabia’s national oil company Saudi Aramco. Within several hours, as many as 35,000 computers belonging to the company were disabled, disconnecting Aramco and creating a concern that the company, which is responsible for the production of around 10% of the world’s oil, would have to shut down its operations.
In 2014, the Iranians hacked into the computer network of the Sundance Casino in Las Vegas belonging to Israel supporter, Sheldon Adelson. U.S. intelligence announced a year later that the Iranian government was behind the cyberattack in which personal information of casino clients, including credit card details, was stolen.
In 2016, the U.S. brought indictments against seven Iranians on charges they had infiltrated the computers of dozens of American banks and attempted to take control of a small dam in a New York suburb
In October, Microsoft announced that hackers linked to the Iranian government targeted the campaign of at least one 2020 White House contender, which Reuters reported was President Donald Trump.
In February, a Microsoft researcher presented evidence that an Iranian hacker group narrowed its choice of infiltration targets to those linked to industrial control systems, the computers that operate facilities such as power plants and factories.
Following the killing of Qasem Soleimani, commander of the Revolutionary Guards’ Quds Force, it was reported in the U.S. that attempts to infiltrate computer systems of American power plants were prevented.
But this is a danger that President Trump is already working to combat. Earlier this month, he signed an executive order declaring that any threat to the U.S. power system represents a national emergency, which allows the government to put in place measures such as the creation of a task force on procurement policies for energy infrastructure.