Micah Halpern
Cyberwar is the war of our future.
Before an all out cyberwar, there will be battles. The battles are called cyberattacks. The best we can do about these attacks is to arm ourselves with proper protection.
Cyber-warriors are hard to find. Anonymity is one of their prime objectives. They are ideologues. They are guns for hire. There is no specific age or M.O.
These attackers do not fit into a neat system of organization. They range from nations to special interest groups to corporations to governments to clubs to solo practitioners. Sometimes, several clusters join together to perpetrate their attacks, sometimes they collaborate and sometimes they work against for other.
For some cyberhackers, it’s a game. They are thrill seekers. For some of us, it’s all too real. For some of us – from individuals to nations, cyberattacks bring about ruination.
Iran was hit by a very successful cyberattack recently. This was one brilliant attack.
The target was gasoline fueling stations. Every gas station in Iran, in the entire country, was hit by the hack. The simple result was long lines snaked across the country as no one was able to fill up on gas. The more long-lasting result was a revolt by the people.
This attack prompted a move, by and for local Iranians, to erect billboards in Isfahan, one of the largest cities in the country. The billboards condemned the Grand Ayatollah. That doesn’t happen often in Iran.
Here is how the hack worked: All Iranians get their gas by using a government issued credit card that gives them a subsidy. Effectively, with the government card, a gallon of gasoline costs an Iranian five cents for up to 15.8 gallons. After that, gas costs 10 cents a gallon.
This hack attacked the card system.
Every time an Iranian used their card and began to fill-up on gasoline, the number 64411 flashed along with the word “cyberattack”.
The numbers 64411 echo a previous cyberattack that struck Iranian trains. That July attack was attributed to a hacking group named Indra – the Hindu god of war. And it was tracked by Check Point, one of Israel’s cybersecurity firms.
Iran is not their only target, though perhaps it is one of their favorites. Indra has been responsible for several other attacks including attacks against Syria and against its president, Bashar Assad.
While the average person does not understand the significance of the digits 6-4-4-1-1, the number has significance. For Iranians the number was an annoyance, a part of their difficulty in refueling a car.
For the hackers, 64411 was the crux of their message.
No number in a cyberattack is random. Numbers have meaning for hackers. This particular number is the number for a hotline in the office of the Grand Ayatollah. 64411 is the number that Ayatollah Khamenei’s office uses to handle questions concerning Islamic law.
The hackers knew things that most analysts do not know. The hackers understand Iran. They were sending a message rejecting the very purpose and definition of Iran. They were rejecting theocratic Islamic statehood - in a country once called Persia and now, The Islamic Republic of Iran.
This hack, this cyberattack of gas fueling stations, was not perpetrated on a random calendar date. It coincided with the anniversary of massive protests by Iranians against fuel price increases of 200%, in 2019.
These protests were so large and significant that they could not be hidden or kept secret. Even the official Iranian government media reported that 200,000 people came out to protest.
Those protests were met with brutal responses from the Iranian government. This hack caused long lines snaking for long distances even four days later.
Any number of groups could have perpetrated this cyberattack. Israel and Israelis are, of course, prime candidates.
Many Iranians have blamed the United States. But there is a long list of groups and countries that would benefit from disturbing daily life in Iran.
This cyberattack looks, to me, to be the second or maybe even the third in a series. There was the trains, the gas stations and there was also an attack on Iran’s ports.
During that hack traffic lights outside Iranian ports stopped working and the ripple effect made it impossible for trucks to move and caused the ports to shut down for days.
This is a series of cyberattacks that will continue on. “Cyberattack 64411” will be back. It will find and hit another segment of the Iranian infrastructure.
Its objective is to so aggravate the average Iranian that the people demand change in leadership in Iran. And the people are getting more and more aggravated.
No comments:
Post a Comment