In 2019, I wrote a post that asked the question: Did the U.S. Just Declare Cyberwar Against Iran? This question was posed after a U.S. cyberattack on a database maintained by Iran’s Revolutionary Guard. The database helped the Guard target shipping in the Persian Gulf. Stealing or destroying this database has since disrupted further attacks.
The interesting feature of this attack was that it occurred on June 20th; the same day that Iran shot down an American drone. In other words, this network had already been penetrated, and U.S. intelligence was simply waiting within it for the moment that it needed to be utilized in an attack. At the time, I made the following observation. “Where else in Iran’s military, political, economic, and social infrastructure has the U.S. already penetrated? The answer: Probably most of it. There are numerous cyber attacks lying in wait.”
Then, in August, an Iran missile blew up on the launch pad. The next day, President Trump tweeted a picture of the destroyed site and seemed to taunt the Iranians.
Only recently has information been leaked which shows that, back in 2018, President Trump gave the CIA more freedom to conduct cyber attacks on foreign adversaries. In other words, yes, the U.S. was behind the destruction of this missile but the Iranians would be unable to conclusively prove it.
It is more than likely that the U.S. isn’t working alone in this cyberwar. Ever since the legendary Stuxnet attack of 2009, Israel has worked closely with the U.S. to undermine Iranian nuclear aspirations.
It appeared that the U.S., Israel, and Iran were settling in for a serious cyber confrontation when Saudi Arabia was dragged into the conflict. In September of 2019, Iran launched a devastating attack on the state-owned Saudi Aramco oil processing facilities at Abqaiq. The attack, performed with a team of drones and, quite likely, Cruz missiles, wiped out 50% of Saudi oil production. This was an unprecedented attack which disrupted oil supplies around the world and it’s possible that Saudi Arabia elicited help from the U.S. to retaliate.
In response to this attack, the U.S. almost instantly launched an attack that targeted “Tehran’s ability to spread propaganda.” What precisely this meant has never been divulged but bringing down such a network helped the U.S. as much as it gave moral support to Saudi Arabia.
Tensions increased dramatically in January of this year when Iranian General Qassim Suleimani was killed in a missile attack. I predicted then that there would be some retaliation, mostly in the form of some sort of cyber attack. As if anticipating such an attack, the U.S. launched a massive Distributed Denial of Service (DDoS) attack against Iran’s infrastructure in February. Iran’s internet was down for hours as they battled to regain control of it. Some experts thought that this was just a test of U.S. DDoS capabilities and, by extension, a test of Iran’s defenses against such attacks. In other words, it seemed to be a preparation for more devastating attacks in the future. It also cannot be discounted that the attack was used to distract from simultaneous attacks that could have introduced malware into Iran’s infrastructure.
Then, just as tensions were ramping up, something unexpected happened. The world’s attention was turned to focus totally on Corvid-19. Many major stories, such as this incipient cyberwar, went under the radar as a pandemic swept the globe. Ironically, this coronavirus seemed to target Iranian politicians, killing 12 of them as well as one high-ranking cleric. In the end, 8% of the Iranian parliament was infected by the disease.
The result of this was that what would normally be considered headline news soon became supplemental material. Covid-19 grabbed the spotlight. But, all the while the cyberwar continued to develop. In March, Iran reported that nation-states were targeting their industrial sector. However, at the same time, Iran was found to be using compromised VPNs to install backdoors on the networks of major U.S. companies. The stage was being set for what was yet to come.
In April, a significant change in tactics occurred when Iranian hackers infiltrated the command and control systems of Israeli water treatment plants, pumping stations, and sewage treatment plants. According to sources, these attackers tried to alter the level of chlorine in the drinking water and, had they succeeded, may have caused civilian deaths; something that most nation-state hackers have traditionally tried to avoid. This seemed to up the ante considerably, as far as Iran’s enemies were concerned.
In May, 2020, Israel crashed the network which controlled Iran’s Shahid Rajaee port terminal, causing complete logistic chaos for days. This seemed to be the first strike in a major cyber offensive. In June, there was a a massive explosion at the Parchin military complex. Iran claimed it was simply an accident, and, had it not been followed by a series of other explosions, this explanation may have been believed. So who organized this attack? The New York Times reported that two Israeli sources said that Israel was not behind it. By default, this strongly points at U.S. complicity.
Then the Nantanz nuclear facility was blown up on July 2nd. Sources stated that Israeli agents had planted a bomb. That’s possible, but no conclusive evidence on what really happened here has been forthcoming. The attack, however, was said to have set back Iran’s nuclear development program for years.
But it didn’t end there. On America’s Independence Day, July 4th, a transformer burst into flames at the Shahid Medhaj Zargan power plant, knocking out power in the region for a short time. An hour later, a pipe containing chlorine ruptured at the Karun Petrochemical Company injuring 70 workers. Could either of these events have been the result of a cyberattack? Sure. But the true causes of these attacks have not been revealed.
The next event in this cyberwar has not been officially recognized as such. This was the fire on the USS Bonhomme Richard on July 11. Admiral Phillip Sobeck claimed that pressurization caused the explosion and that the fire suppression system was turned off. But that’s not how the Iranians were spinning it. Iranian foreign ministry spokesman Abbas Mousavi quipped, “it is interesting to know how rapidly the US warships can be set on fire.” The Iran Newspaper suggested this was a cyberattack in retaliation for U.S. cyberattacks on Iran. The Iranian press has also claimed that Iran may be behind other industrial fires in the U.S. Iranian Revolutionary Guards Quds Force Commander Esmail Ghaani added that, “Americans shouldn’t blame others, this is the fire they lit.”
Yes, it’s highly likely that Iran has malware that can override safety systems which could lead to fires that can’t be controlled. And although the U.S. says the cause of the fire on the Bonhomme Richard is still under investigation, ‘coincidentally’ three days later, a large fire started in the Iranian shipyard in Bushehr and seven ships were destroyed. That same day, a fire broke out at an aluminum factory in Lamerd. On July 19th there was an explosion in a power plant in Isfahan. Were these all unrelated accidents? Probably not. In this vein, it should perhaps be mentioned that the USS John F. Kennedy caught fire on July 20th. This, too, could be an unrelated incident, but in the context of this timeframe, it needs to be mentioned. Of course, Iran has threatened to retaliate for all of these attacks, and it’s a sure bet that they will. In fact, this time, they may even claim responsibility since they no longer have anything to gain by being coy.
For now, the conflict is primarily regional, with the exception of the participation of the U.S. However, at some point, other players may be called in. Iran is not without powerful friends. These include Russia, China, and North Korea. The U.S.- led contingent may draw in its European allies such as the U.K. and France. Japan would most certainly align itself with this group, especially if China throws its support behind Iran. Other nations will quickly take sides if this becomes a full-fledged cyberwar.
In short, the foundations for World Cyberwar I have been put in place. Within the next year, probably less, we will see if this develops into an open conflict with no one attempting to hide their responsibility for an attack, for when these nations begin to claim credit for a devastating cyberattack, you will know that World Cyberwar I has truly begun.
(As I posted this, reports of another explosion at a military base surfaced.)