CDR (ret.) Eyal Pinko, Ph.D.
Israeli - Iranian Cyber War?
Updated: Feb 11, 2021
In late 2019, the New York Times reported cyber hacking to Iran’s three largest banks. During the attack, which was dubbed in Iran, “the biggest financial fraud in its history,” the details of millions of credit cards were stolen and leaked to social networks and Darknet. In Iran, the attack was attributed to Israel, but US and Israeli government officials have remained silent on the issue.
On May 4, the Fox News Network released an Iranian attack group during April in a cyber-attack against water infrastructure in Israel, using servers in the United States from which the attack on Israel was channeled to hide its exact origin.
About ten days later, on May 15, the Washington Post reported a cyber-attack on the southern Iranian Shahid Rajaee port and that the port and its systems were disabled. Two days after the attack on the Iranian port, the US press attributed the attack to Israel.
A response to this was not late, and on Thursday, May 21, thousands of Israeli sites were vandalized in the attack, which was identified as an attack by Iranian organizations. The relatively simple attack on the “uPress” servers’ company took advantage of a security breach and disabled the sites that received service from the servers’ company, including municipalities sites, commercial companies, and more. The cumulative damage from this cyber-attack was small in total but created a great deal of noise around it.
Journalists tried to attribute the attacks to the beginning of a growing campaign in the cyber domain between Iran and Israel. However, the exchange of cyber-attacks between the countries is not a new matter but a routine matter.
The Israeli Prime Minister also announced the cyber-attacks in his speech at the 2019 CyberTech conference. Mr. Netanyahu said that “Iran’s cyber-attacks on Israel are daily, and the State of Israel is investing many efforts to protect its infrastructure and systems from Iran’s cyber-attacks and the organizations it supports” (Hezbollah and Hamas, for example).
There is no precise and official information regarding the number of cyber-attacks on Israel in general and the Iranian attacks in particular. However, most of the cyber-attacks, whose purpose is to gather information or prepare for a broad attack, are carried out under the radar, and their results cannot be identified. Only a small part of the attacks is identified, especially those designed to influence public opinion or assaults designed to disable organizational or state infrastructure and prevent the provision of state or organizational services.
The campaign in the cyber domain between Iran and Israel was first revealed in 2010 when Iran’s central nuclear reactor was disabled through a cyber-attack used by the STUXNET virus. The cyber-attack that disrupted the Iranian reactor and with it a significant percentage of Iran’s nuclear enrichment capabilities were attributed to Israel and the United States.
The battle between Iran and Israel in the cyber domain is not new, despite the media coverage that has accompanied it over the past two weeks. The campaign in the cyber domain, which enables covert warfare, intelligence gathering, and infrastructure for a future campaign, has been ongoing between countries daily for more than a decade.
Cyberwarfare is a never-ending campaign where he will have the upper hand of the party that first upgrades his systems and defense capabilities.
Therefore, beyond the development of cyber-attack measures and capabilities in Israel, it is of great importance to maintain a cyber defense campaign at the state and organizational levels.
Protecting national infrastructure, governmental agencies, ministries, and the private companies as a whole not only takes place in the technological dimension but has many other dimensions of human behavior and threat awareness, organizational process management (such as supply chain risk management, procedures, and regulation), and another equally important dimension of intelligence gathering about the opponent capabilities and other technological attack capabilities in order to develop the system upfront.