Cyber Winter: Unveiling Israel and Iran’s Shadow Cyber War

In the information age, every real-world conflict is accompanied by a digital war.

While forces face each other on the battlefield, programers and computer analysts face off in the cyber domain.

The years-long schism between Israel and the Islamic Republic of Iran is no exception.

The cyber track of this conflict has seen an incredible escalation over the past several weeks with a series of tit-for-tat attacks that have become increasingly serious in both their scope and the sensitivity of their targets.

Let’s start from the beginning.

In late April, the Israeli Water Authority reported a breach to their system. Head of the organization’s security, Daniel Lacker, reported the attack in a public statement. “We have received a number of reports regarding a cyber attack on the… systems. No damage was reported during the incident.” on May 7th U.S. cable network Fox News was the first major outlet to link the attack to Iran. As the days went on more details of the attack emerged with sources confirming the attack targeted the command and control centers of several water treatment facilities.

Israel’s response was swift to come. On May 9th, Israel executed a cyber attack on the bustling Shahid Rajaee port terminal situated along the Straits of Hormuz. The attack brought the activities of the report to an abrupt and inexplicable halt. According to a Washington Post report, published weeks after the incident, the attack caused utter chaos at the Iranian port. “Computers that regulate the flow of vessels, trucks and goods all crashed at once, ­creating massive backups on waterways and roads leading to the facility,” the Post reported. Contributing journalists added that they had gained access to satellite photos showing miles-long maritime traffic jams leading to the port and ships still waiting to offload several days later.

Immediately after Israel was implicated, officials in Jerusalem braced for the inevitable backlash, which came only days later. On the 21st, Israeli media reported thousands of websites hacked by a group calling itself the “Hackers of Saviour.” The sites hit, nearly all unsecured platforms, were disabled and their pages replaced with images of Tel Aviv in ruins along with memes such as “the countdown to Israel’s destruction” and other threatening messages.

As is often the case with dark-ops such as cyber attacks, the significance of a particular event is only understood long after it takes place. As it turns out, the Iranians were planning something far more insidious than merely toying with Israel’s water deployment. According to a recent report by the Financial Times, the breach of Water Authority networks was aimed specifically at “operational systems and mechanisms for adding chlorine to wells.” Chlorine is a common chemical additive used to maintain sterility in drinking water. In small doses it is harmless. But enough of the substance can be dangerous and even lethal. What this means is that the attack, if it had been successful, could have left tens of thousands without drinking water, left farmers without irrigation, and poisonous hundreds if not thousands of Israelis. The claims in the report are completely plausible and are supported by attack’s targets. It also explains the outrage expressed by Israeli officials at the attack. In early May, days after the breach of the Water Authority came to light, Hebrew language media quoted several senior officials expressing outrage and even shock that Iran went after a non-military target, saying “even Iranians” could not be expected to fall so low. In a security cabinet meeting, the first since the outbreak of the COVID-19 in the country, Israeli leaders stated bluntly that they did not expect the April attack. “This was an attack that goes against all codes, even in war,” said an Israeli official to Israel’s Channel 13. “Even from the Iranians we didn’t expect something like this. This is an attack that cannot be done.”

The audacity of Tehran’s hackers is indeed an escalation in its tensions with Israel, but should hardly come as a surprise. Iran has shown itself willing to target critical infrastructure in the past. Attacks like this have occurred in the past, including in the United States, and remain a clear threat to this day. The current global health crisis has brought yet another series of high value targets into Iran’s crosshairs. At least two facilities working to produce vaccines for the novel coronavirus, one in Israel, another in the UK, have been targeted by Iranian cyber warriors.

The trend is signaling what security officials in Jerusalem have dubbed a ‘Cyber Winter’ in which no-holds-barred cyberwar is waged on targets previously believed to be out of bounds. The recent attempt on Israel’s water systems–in which, frankly speaking, Israel got off easy–should be a strong wake-up call, not just for Jerusalem, but for governments around the world.