Israel linked to a disruptive cyberattack on Iranian port facility
On May 9, shipping traffic at Iran’s bustling Shahid Rajaee
port terminal came to an abrupt and inexplicable halt. Computers that regulate
the flow of vessels, trucks and goods all crashed at once, creating massive
backups on waterways and roads leading to the facility.
After waiting a day, Iranian officials acknowledged that an
unknown foreign hacker had briefly knocked the port’s computers offline. Now,
more than a week later, a more complete explanation has come to light: The port
was the victim of a substantial cyberattack that U.S. and foreign government
officials say appears to have originated with Iran’s archenemy, Israel.
The attack, which snarled traffic around the port for days,
was carried out by Israeli operatives, presumably in retaliation for an earlier
attempt to penetrate computers that operate rural water distribution systems in
Israel, according to intelligence and cybersecurity officials familiar with the
matter.
A security official with a foreign government that monitored
the May 9 incident called the attack “highly accurate” and said the damage to
the Iranian port was more serious than described in official Iranian accounts.
“There was total disarray,” said the official, who spoke on
the condition that his identity and national affiliation not be revealed, citing
the highly sensitive nature of the intelligence. A U.S. official with access to
classified files also said that Israelis were believed to have been behind the
attack.
The Washington Post was shown satellite photographs
depicting miles-long traffic jams on highways leading to the Shahid Rajaee port
on May 9. In a photograph dated May 12, dozens of loaded container ships can be
observed in a waiting area just off the coast.
The Israeli Embassy did not respond to requests for comment.
The Israel Defense Forces declined to comment. Iran has repeatedly denied
involvement in the failed April 24 hacking attempt on Israeli water
distribution networks.
If accurate, the reports point to a new round of tit-for-tat
blows between the two bitter Middle East rivals, although U.S. cybersecurity
experts said the most recent exchanges have been relatively restrained so far.
“Assuming it’s true, this is in line with Israeli policy of
aggressively responding to Iranian provocation, either kinetically or through
other means,” said Dmitri Alperovitch, a cybersecurity policy fellow at the
Harvard Belfer Center and founder and former chief technology officer of
CrowdStrike, a cybersecurity firm. “Any time you see Iranian escalation, as
with their buildup of rocket capacity in Syria, you have consistently seen
Israeli retaliation with bombing runs on those positions. So it appears they
have now applied that doctrine in cyberspace.”
The sprawling Shahid Rajaee port facility is the newest of
two major shipping terminals in the Iranian coastal city of Bandar Abbas, on
the Strait of Hormuz.
The attack on the port’s computers was confirmed on May 10
by Mohammad Rastad, managing director of the Ports and Maritime Organization,
in a statement carried by Iran’s ILNA news agency.
“A recent cyber attack failed to penetrate the PMO’s systems
and was only able to infiltrate and damage a number of private operating
systems at the ports,” Rastad was quoted as saying.
On May 8, The Post, citing foreign intelligence sources,
reported that Iran had been linked to the attempted cyberattack on at least two
rural water distribution networks in Israel. Officials familiar with the
incident said hackers sought to cripple computers that control water flow and
wastewater treatment, as well as a system that regulates the addition of
chlorine and other chemicals. The intrusion was detected and thwarted before
significant damage was done.
Investigators found that the hackers routed their attempted
attack through computer servers in the United States and Europe — a common
tactic used by adversaries of the West. Israeli Water Authority officials
detected the attempt and immediately took measures, including changing system
passwords.
Each country has accused the other of similar attacks in the
past. Israeli Prime Minister Benjamin Netanyahu said in 2019 that Israeli
officials are “constantly detecting and foiling Iranian attempts” to penetrate
the country’s computer networks.
Years earlier, U.S. and Israeli intelligence agencies
unleashed a computer worm called Stuxnet on Iranian uranium-enrichment plants
in an attempt to disrupt Iran’s nuclear program. Neither country officially
confirmed its role.
Comments
Post a Comment