The Escalating Iran-Israel Wiper Attack War

First of all, what’s a wiper attack? Basically, it is what it says it is: a cyber attack with the simple goal of wiping out the data in a network. Yes, such attacks could be easily tweaked into ransomware attacks, but money isn’t the goal of these attacks. Destruction is. Causing trouble is. In short, they aren’t used by hacking groups but by governments or political activists.

So when you see a story about a wiper attack, you can assume that somebody hates somebody and wants to make them miserable. It could be political activists trying to disrupt a government agency or it could be a country trying to cause trouble for a rival country and, in this category, no two countries stand out more than Israel and Iran. But where did this all begin? To some extent, the infamous Stuxnet attack can be seen from this angle. Sure, it was more sophisticated than just wiping out data. It did wipe out data in the form of machine operating parameters, but, then, replaced these parameters with others that caused the Iranian centrifuges to self destruct.

Once it became clear that the U.S. and Israel were behind the Stuxnet attack, it was just as clear that Iran would retaliate. It attacked U.S. banks in 2012 and the same year launched the Shamoon attack which decimated Saudi Aramco. The Shamoon cyber attack was a pure wiper attack. In 2013, Iran hacked into a control system of a dam in upstate New York. Fortunately, nothing came of this. It launched an attack against Israel’s internet in 2014. The same year, it launched a wiper attack against a Las Vegas casino owned by Sheldon Adelson, a person known for his anti-Iranian views. This wiper attack was estimated to have cost the casino around $40 million.

So, Iran and its enemies have been engaging in numerous wiper attacks against each other for years. Here is a list of the most recent attacks from the Center for Strategic Studies. These are attacks that appear to have destruction as their main goal.

May 2018. Within 24 hours of President Trump’s announcement that the US would withdraw from the Iran nuclear agreement, security firms reported increases in Iranian hacking activity.

July 2018. Researchers report that a hacking group linked to Iran has been active since early 2017 targeting energy, government, finance, and telecommunications entities in the Middle East.

January 2019. Iran was revealed to have engaged in a multi-year, global DNS hijacking campaign targeting telecommunications and internet infrastructure providers as well as government entities in the Middle East, Europe, and North America.

May 2019. The Israeli Defense Forces launched an airstrike on the Hamas after they unsuccessfully attempted to hack Israeli targets.

June 2019. Iran announced that it had exposed and helped dismantle an alleged CIA-backed cyber espionage network across multiple countries.

September 2019. The United States carried out cyber operations against Iran in retaliation for Center for Strategic and International Studies (CSIS) | Washington, D.C. Iran’s attacks on Saudi Arabia’s oil facilities. The operation affected physical hardware, and had the goal of disrupting Iran’s ability to spread propaganda.

December 2019. Iran announced that it had foiled a major cyber attack by a foreign government targeting the country’s e-government infrastructure.

February 2020. Iran announced that it has defended against a DDoS against its communications infrastructure that caused internet outages across the country.

March 2020. A suspected nation state hacking group was discovered to be targeting industrial sector companies in Iran.

April 2020. Suspected Iranian hackers unsuccessfully targeted the command and control systems of water treatment plants, pumping stations, and sewage in Israel

May 2020. Israeli hackers disrupted operations at an Iranian port for several days, causing massive backups and delays. Officials characterized the attack as a retaliation against a failed Iranian hack in April targeting the command and control systems of Israeli water distribution systems.

July 2020. Israel announced that two cyber attacks had been carried out against Israeli water infrastructure, though neither were successful.

October 2020. Iran announced that the country’s Ports and Maritime Organization and one other unspecified government agency had come under cyberattack.

November 2020. U.S. Cyber Command and the NSA conducted offensive cyber operations against Iran to prevent interference in the upcoming U.S. elections.

Not specifically mentioned in this list is Iran’s use of its ZeroCleare wiper to destroy the master boot record of enemy machines in December of 2019.

As can be seen in the list above, the number of attacks from both sides has been markedly increasing. Sky News  published classified documents on July 26th, allegedly from Iran, that “reveal secret research into how a cyber attack could be used to sink a cargo ship or blow up a fuel pump at a petrol station.” Apparently, Iran has learned how to manipulate control systems on these ships to cause ballast pumps to overfill compartments and capsize the ship. This release was followed by an Iranian drone attack on a tanker three days later that killed two people and caused diplomatic outrage. Some said Iran had crossed the line and that this could be the start of an all out military war in the Gulf.  UK Foreign Secretary Dominic Raab stated that “the UK is working with our international partners on a concerted response to this unacceptable attack.”

But Israel didn’t sit idly by while Iran attacked numerous ships. They, in turn, had attacked over 20 Iranian ships in the past two-and-a-half years. The Israelis used cyber attacks to disable the ships and caused at least one explosion. In June, Iran’s largest warship caught on fire and sank in the Gulf of Oman. Neither side talked about the incident, but, knowing the history between the two countries, suspicion that Israel was behind the sinking runs high. As if this wasn’t enough, Israel caused widespread confusion in Tehran on July 8th when it posted fake train delays and cancellations on the railroad’s message boards. They also encouraged angry customers to contact supreme leader, Ayatollah Ali Khamenei, and gave his office’s phone number.

In fact, there have been numerous, mysterious explosions throughout Iran in the last few months. Some have been blamed on Israel but others have not. However, it has now gotten to the point where almost any calamity is concluded to have Israeli connections.

The only question remaining is: Will this turn into a shooting war? That’s where Iran made its mistake. They actually killed people in a drone attack. It may not have been planned that way, but that’s what happened. Iran has, therefore, opened the door to physical retaliation by its enemies. Iran denies the attack, but investigations found that physical evidence links the drone to them. This is the difference between a cyber attack and a physical attack. It’s always difficult to make a 100% attribution for the source of a cyber attack, but that doesn’t hold so well for a physical attack.

It’s no secret that Israel has been waiting for such an opportunity. In fact, Israeli Defense Minister Benny Gantz said that, “we are at a point where we need to take military action against Iran. The world needs to take action against Iran now.” Iranian Foreign Ministry spokesman, Saeed Khatibzadeh, responded to this on Twitter writing “we state this clearly: ANY foolish act against Iran will be met with a DECISIVE response. Don’t test us.”

Others say that no military action will be taken at this time because of the ongoing nuclear agreement being negotiated between Iran and the West. Iran could use any military action against it to cancel negotiations. Israel, however, always against these negotiations, may, in fact, initiate an attack to undermine them.

So, let’s take a look at what has happened in just the last few days and you can judge whether this could become an all out war. On August 10th, a large fire broke out at Iran’s Kharg Island oil terminal.

On August 14th, a ship carrying Iranian oil caught on fire while docked in Syria. Two people were injured.

Although Israel is widely believed to be behind both attacks, neither side has mentioned this.

For its part, on August 12th, Iran fired a warning shot at an American drone in the Gulf of Hormuz and, on the 13th, the Jerusalem Post claimed that “Iran’s nuclear program is chugging ahead at the highest levels of enrichment ever and with the least international supervision in years.” This is a troubling development.

The article questions whether it is time for Israel to make a military move. “A major public airstrike, at this stage, could lead to major negative consequences with the US on top of retaliation from Iran and its proxies.” Nonetheless, the article asserts that some of the explosions in Iran were done with inside help and not through a cyber attack, which, in some ways proves that a physical war has already begun. However, for the moment, it looks like Israel will remain patient and, barring some attack by Iran, will wait to see what happens with the nuclear negotiation talks.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s