Israel's hack of Iranian port becomes latest salvo in two West Asian rivals' exchange of cyber attacks

Tel Aviv: Israel was behind a cyber attack on 9 May that disrupted operations at a major port in Iran, according to high-ranking intelligence officials and experts in West Asia who are kept informed of covert Israeli actions in the region. The attack on the computer systems at the Shahid Rajaee port in the strategically important Strait of Hormuz was limited in scope, creating traffic jams of delivery trucks and some delays in shipments but causing no substantial or lasting damage. Israel and Iran have recently been engaged in an exchange of attempted and successful cyber attacks, and the purpose of Israel’s relatively small-scale effort at the port, according to intelligence officials, was to send a message to Tehran: Don’t target Israeli infrastructure. The hacking of the port’s computers came in direct response, those experts familiar with the decision-making process said, to a failed Iranian cyber attack on an Israeli water facility last month. Officials in Israel initially decided the country should not retaliate for the attack on the water system, according to the intelligence sources, because its effect would have been minor even if it had succeeded. But when the story of the attempted attack was published in Israeli media, government officials, led by Naftali Bennett in his last days as defence minister, thought Israel should react in the same token by targeting Iranian civilian infrastructure and then leaking that story to international news media. [caption id=“attachment_4256379” align=“alignleft” width=“380”] Representational image. Reuters[/caption] Israel’s responsibility for the cyber attack on the port was first reported by The Washington Post. The incident that prompted the Israeli attack on the port happened on 24 April, when a pump at a municipal water system in the Sharon region of central Israel stopped working. The facility’s computer system resumed pump operation in a short time but also recorded the occurrence as an exceptional event. A security company that investigated discovered that malware had caused the shutdown. Because water is defined as “critical infrastructure” in Israel, the incident was reported to the Israel National Cyber Directorate and other intelligence agencies in Israel. According to Israeli experts with knowledge of the investigation, Israeli officials identified the malware as coming from one of the offensive cyber units of Iran’s Revolutionary Guard. While some unprotected pumps connected to the internet were not properly protected, the facility’s computer system identified the malfunction and restarted the pump, and no damage or interference with the water supply to residents and farmers in the region was recorded. The attack and its quality were described by an intelligence official as “miserable”. The main push for an Israeli counter-response came from Bennett, the outgoing defence minister, who had advocated an assertive line against Iran in his seven months in office, both in actions and in his public statements. “We must not let go of Iran for a moment,” Bennett said Monday in his farewell remarks to the ministry as Israel swore in a new government. “We need to increase political, economic, military, technological pressure and do that in even more and bigger dimensions,” he said. The site in Iran was specifically chosen as a non-central target, with an intent to send a warning that attacking Israel’s civilian infrastructure would not go unanswered and was crossing a red line, the intelligence officials said. Activity at the Shahid Rajaee port has been severely hampered by the US sanctions imposed on Iran after the United States abandoned the nuclear deal. No more than 20 freight ships reach it every month. Soon after the cyber attack began, the port’s authorities detected it. They failed to fix it immediately but switched to manual management of unloading and loading. The restrained nature of the recent cyber attacks seem to indicate that both sides want to avoid escalation. On the Israeli side, this is somewhat similar to the way that the country is waging war against Hezbollah in Lebanon and Syria, where it is careful to bomb and destroy equipment but only after verifying that there is no danger to Hezbollah’s personnel. An intelligence official said that Israel hopes the attack on the port will end this cyber exchange but that, according to one intelligence assessment, the Revolutionary Guard will respond by attacking Israel again. In a ceremony Tuesday evening, General Aviv Kochavi, the chief of staff of the Israel Defence Forces, appeared to allude to the cyber attack on the Iranian port. “We will continue to use a diverse array of military tools and unique warfare methods to hurt the enemy,” he said. “While we do everything in our might to avoid harming civilians, the enemy makes every possible effort to harm civilians,” he said, adding, “The dozens of strikes that we have conducted, both recently and in the past, have already proved the superior nature of the intelligence and fire abilities of the IDF.” Ronen Bergman and David M Halbfinger c.2020 The New York Times Company