As US issues warning to Iran, its cyberwar with Saudi Arabia takes on new meaning
WASHINGTON — For anyone wondering what cyber warfare might look like, the conflict between Iran and Saudi Arabia provides an ongoing example.
Since 2012, the two nations have been lobbing digital artillery fire at each other in a simmering conflict that began when Iranian hackers destroyed more than 30,000 computers of the Saudi crown jewel, Aramco, the world’s biggest energy company. Since then, and as recently as last week, new cyberattacks have unfolded.
Just eight days ago, Saudi Arabia issued a cyber defense alert, the equivalent of an air raid siren in a more conventional conflict.
“This is an urgent call for your cybersecurity team to be on alert for Shamoon 2 and ransomware attacks that could possibly cripple your organization’s systems,” the nation’s Computer Emergency Response Team told domestic network systems operators, referring to Iranian-created malicious code.
As the Trump administration casts about for a cybersecurity policy, the byte battle between Iran and Saudi Arabia may well be a harbinger for conflicts to come. It bears even closer watching following a statement Wednesday from President Donald Trump’s national security adviser, Michael Flynn, in which he listed recent “provocative” actions by Iran and said, “We are officially putting Iran on notice.”
As U.S. hostilities with Iran rise, its offensive cyber capabilities will become evermore pertinent to the U.S. government.
“Places like the (Persian) Gulf serve as canaries for the rest of the world,” said John Hultquist, who does cyber espionage analysis for FireEye iSight, a threat intelligence firm. “If you really want to learn about what an adversary is capable of before they become a problem, you look at places like the Gulf.”
Iranian capabilities are far below those of the world’s first-tier offensive cyber powers: the United States, Russia, China and Israel. But its expansive program of state hacking puts the nation definitely in the second tier, and its capabilities are improving, experts say.
“They are investing a lot of money. They won’t stay behind for long,” said Gabi Siboni, a colonel in the Israel Defense Forces reserves and director of the cyber warfare program at the Institute for National Security Studies in Tel Aviv.
Iranian hackers lack technical savvy, experts said, but their digital weapons work.
“I’ve seen the ugliest, sloppiest code do the most effective job,” said Dewan Chowdhury, founder and chief executive of Malcrawler, a company that helps detect and destroy malware that targets electrical grids and other infrastructure. Chowdhury has studied Iran’s capabilities.
For its part, Saudi Arabia largely hires foreign companies to manage its cyber defenses and likely carry out offensive retaliations. But it is not clear who may be responsible for some of the attacks on Iran; Israel and the United States have targeted it before. A series of fires at petrochemical facilities and a serious gaspipeline explosion hit Iran between July 29 and Sept. 14 last year. Brig. Gen. Gholam Reza Jalali, who heads an Iranian military unit in charge of combating sabotage, acknowledged that “viruses had contaminated petrochemical complexes,” according to the state-run IRNA news agency.