25 May 2020

Israel Hack of Iran Port Is Latest Salvo in Exchange of Cyberattacks

By Ronen Bergman and David M. Halbfinger
Source Link

TEL AVIV — Israel was behind a cyberattack on May 9 that disrupted operations at a major port in Iran, according to high-ranking intelligence officials and experts in the Middle East who are kept informed of covert Israeli actions in the region.

The attack on the computer systems at the Shahid Rajaee port in the strategically important Strait of Hormuz was limited in scope, creating traffic jams of delivery trucks and some delays in shipments, but causing no substantial or lasting damage.

Israel and Iran have recently been engaged in an exchange of attempted and successful cyberattacks, and the purpose of Israel’s relatively small-scale effort at the port, according to intelligence officials, was to send a message to Tehran: Don’t target Israeli infrastructure.

The hacking of the port’s computers came in direct response, those experts familiar with the decision-making process said, to a failed Iranian cyberattack on an Israeli water facility last month.

Officials in Israel initially decided the country should not retaliate for the attack on the water system, according to the intelligence sources, because its effect would have been minor even if it had succeeded.


But when the story of the attempted attack was published in Israeli media, government officials, led by Naftali Bennett in his last days as defense minister, thought Israel should react in the same token by targeting Iranian civilian infrastructure and then leaking that story to international news media.

Israel’s responsibility for the cyberattack on the port was first reported by The Washington Post.

The incident that prompted the Israeli attack on the port happened on April 24, when a pump at a municipal water system in the Sharon region of central Israel stopped working. The facility’s computer system resumed pump operation in a short time but also recorded the occurrence as an exceptional event.

A security company that investigated discovered that malware had caused the shutdown. Because water is defined as “critical infrastructure” in Israel, the incident was reported to the Israel National Cyber Directorate and other intelligence agencies in Israel.

According to Israeli experts with knowledge of the investigation, Israeli officials identified the malware as coming from one of the offensive cyberunits of Iran’s Islamic Revolutionary Guards Corps.

While some unprotected pumps connected to the internet were not properly protected, the facility’s computer system identified the malfunction, restarted the pump, and no damage or interference with the water supply to residents and farmers in region was recorded.

The attack and its quality were described by intelligence official as “miserable.”

Naftali Bennett, left, defense minister at the time, with Prime Minister Benjamin Netanyahu during a meeting in Jerusalem in March.Credit...Menahem Kahana/Agence France-Presse — Getty Images

The main push for an Israeli counterresponse came from Mr. Bennett, the outgoing defense minister, who had advocated an assertive line against Iran in his seven months in office, both in actions and in his public statements.

“We must not let go of Iran for a moment,” Mr. Bennett said on Monday in his farewell remarks to the ministry as Israel swore in a new government. “We need to increase political, economic, military, technological pressure and do that in even more and bigger dimensions,” he said.

The site in Iran was specifically chosen as a non-central target, with an intent to send a warning that attacking Israel’s civilian infrastructure would not go unanswered and was crossing a red line, the intelligence officials said.

Activity at the Shahid Rajaee port has been severely hampered by the American sanctions imposed on Iran after the United States abandoned the nuclear deal. No more than 20 freight ships reach it every month.

Soon after the cyberattack began, the port’s authorities detected it. They failed to fix it immediately but switched to manual management of unloading and loading.

The restrained nature of the recent cyberattacks seem to indicate that both sides want to avoid escalation.

On the Israeli side, this is somewhat similar to the way that the country is waging war against Hezbollah in Lebanon and Syria, where it is careful to bomb and destroy equipment but only after verifying that there is no danger to Hezbollah’s personnel.

An intelligence official said that Israel hopes the attack on the port will end this cyber exchange, but that according to one intelligence assessment, the Revolutionary Guards will respond by attacking Israel again.

In a ceremony Tuesday evening, Gen. Aviv Kochavi, the chief of staff of the Israel Defense Forces, appeared to allude to the cyberattack on the Iranian port. “We will continue to use a diverse array of military tools and unique warfare methods to hurt the enemy,” he said.

“While we do everything in our might to avoid harming civilians, the enemy makes every possible effort to harm civilians,” he said, adding, “The dozens of strikes that we have conducted, both recently and in the past, have already proved the superior nature of the intelligence and fire abilities of the I.D.F.”

No comments: