Reuters has reported that the United States carried out secret “cyber operations” against Iran in retaliation against drone attacks on Saudi oil facilities in mid-September for which the United States and the UK believe Iran is squarely responsible.
According to the Saudi defence ministry, as many as 18 UAVs and seven cruise missiles were employed on 14th September to target the Abqaiq oil facility and no less than four cruise missiles hit the Khurais oilfield, the world’s largest, thereby reducing Saudi Arabia’s oil production capacity by half.
Following the attacks, Saudi Arabia claimed that the attacks were “unquestionably sponsored by Iran” and that experts had established that the UAVs and cruise missiles used in the operation were Iranian. In fact, a defence ministry official said that the cruise missiles used in the operation were the Iranian-built Ya-Ali missiles.
Even though Iran denied the charge and Houthi rebel groups claimed responsibility for the missile attacks, the United States publicly charged Iran for carrying out the operation with Secretary of State Mike Pompeo terming the aggression as an “act of war”.
President Donald Trump said that the United States would “substantially increase” punitive sanctions on Iran and that his country had “many options short of war” to teach Iran a lesson.
The US targeted physical infrastructure in Iran with cyber attacks
Earlier today, Reuters reported that the United States carried out “a secret cyber operation” against Iran and that the operation was aimed at reducing Iran’s ability to spread propaganda. Two unnamed US officials told the agency that that operation targeted and impacted “physical hardware”. The Pentagon did not confirm or deny whether the incident took place.
“Regardless of how successful the reported cyber strike was, Iran likely remained fully-equipped to retaliate, as it’s just unfeasible to destroy every single device and PC in the country,” said Ilia Kolochenko, founder and CEO of Immuniweb.
“The external attack surface of the US, including exposed critical national infrastructure, is one of the largest in the world. This provides Iran with a great wealth of formidable opportunities to inflict irreversible and irreparable damage to US organizations, companies and individuals.
“Recent reports shedding light on overly unprotected governmental agencies, millions of vulnerable routers and IoT devices connected to the Internet in North America will be a low-hanging fruit even for unexperienced attackers.
“Worse, US citizens and businesses are significantly more dependent on digital infrastructure compared to their adversaries. Therefore, such operations should be meticulously assessed and evaluated for collateral risks and eventual response,” he added.
Increasing use of cyber warfare as an effective response to state-sponsored terrorism
The use of cyber warfare as a state policy to respond to acts of terrorism is slowly gaining ground with the passage of time. In May this year, Israel announced that it carried out airstrikes targeting Hamas’ headquarters for cyber operations after the organisation carried out a cyber attack on Israeli assets.
“We thwarted an attempted Hamas cyber offensive against Israeli targets. Following our successful cyber defensive operation, we targeted a building where the Hamas cyber operatives work. HamasCyberHQ.exe has been removed,” Israeli Defence Forces posted on Twitter on 5th May.
In October last year, The Times reported that in order to respond to sophisticated cyber attacks targeting the country’s critical infrastructure, the defence forces, and government organisations, Britain could spend as much as £250 million on an offensive cyber-force composed of around 2,000 personnel.
Sources told The Times that the upcoming cyber-force will be composed of experts from the military, security services, and industry and will not only be required to respond effectively to cyber threats from Russia, but also to deter criminal gangs, paedophile rings, and people-traffickers.
The creation of the offensive cyber force was inspired by Britain’s successful cyber-offensive against the Islamic State in Iraq and Syria that involved British agencies disrupting cash transfers, disseminating fake news among terrorists, and using malware to block their access to data.