Israel and Iran Expand Cyber ​​Warfare, Now Attacking Civilian Targets

Millions of ordinary people in Iran and Israel recently found themselves caught in the crossfire of a cyber war between their countries.

In Tehran, a dentist drove for hours in search of gasoline, waiting in long lines at four gas stations only to come out empty. In Tel Aviv, a well-known announcer panicked when the intimate details of his sex life and those of hundreds of thousands of people were stolen from an LGBTQ dating site. they got on social networks.

For years, Israel and Iran have engaged in a covert war, by land, sea, air and computerBut the targets have generally been related to the military or the government. Now the war has expanded to attack civilians on a large scale.

In the last weeks, a cyber attack on the national fuel distribution system Iran paralyzed all 4,300 service stations in the country, which took 12 days to fully restore service.

A cyberattack on Iran’s national distribution system paralyzed all 4,300 service stations in the country. Photo Shutterstock

That attack was attributed to Israel by two US defense officials, who spoke on condition of anonymity to discuss confidential intelligence assessments. It was followed days later by cyber attacks in Israel against a major medical facility and a popular LGBTQ dating site, attacks that Israeli officials have attributed to Iran.


The escalation comes as US authorities warned of Iranian attempts to hack into computer networks of hospitals and other critical infrastructure in the United States. As hopes for a diplomatic revival of the Iranian nuclear deal fade, such attacks are likely to proliferate.

Hackers have infiltrated civil arenas for months. Iran’s national railway was attacked in JulyBut that relatively unsophisticated hack may not have been Israeli. And Iran is accused of carrying out a failed attack on Israel’s water system last year.

The latest attacks are believed to be the first to cause widespread damage to large numbers of civilians. Non-defense computer networks are generally less secure than those linked to State security assets.

No one died in these attacks but if your goal was to create chaos, anger and emotional distress on a grand scale, they did it enormously. «Maybe there is a war between Israel and Iran, but from the perspective of the little civilian we are held as prisoners here in the middle and we are defenseless,» said Beni Kvodi, 52, editor of an Israeli radio station.

Non-defense computer networks are generally less secure.  Photo: Shutterstock

Non-defense computer networks are generally less secure. Photo: Shutterstock

Kvodi has been openly gay for years, but the attack on the Israeli dating site threatened to expose thousands of Israelis who had not publicly declared their sexual orientation. The site collected embarrassing information about the sexual habits of users, as well as explicit photographs.

Ali, a 39-year-old driver for the national taxi company in Tehran who, like other Iranians interviewed, asked that his last name not be used out of fear for his safety, said that lost a day of work waiting in the lines of gas stations, that snaked for miles.

«Every day you wake up in this country and you have a new problem,» he said in a telephone interview. «It is not our fault that our governments are enemies. It’s hard enough for us to survive, ”he added.


Both countries appear to be targeting civilians to send messages to their governments. The attack on Iran’s fuel distribution system took place on October 26, close to the second anniversary of the large anti-government protests sparked by a sudden rise in gasoline prices.

The government then responded with brutal repression that, according to Amnesty International, killed more than 300 people.

The cyberattack appeared to be aimed at generating another wave of anti-government unrest.

Gasoline pumps suddenly stopped working and a digital message directed customers to complain to Iran’s Supreme Leader Ayatollah Ali Khamenei, displaying his office phone number.

Hackers took control of billboards in cities like Tehran and Isfahan, replacing ads with the message «Khamenei, where’s my gas?» «At 11 am, all of a sudden, the pumps stopped working,» said Mohsen, manager of a gas station in northern Tehran.

«I’ve never seen anything like this.» Rumors spread that the government had engineered the crisis to increase fuel prices. Iran’s app-based taxi companies, Snap and Tapsi, doubled and tripled their normal rates in response to drivers having to buy expensive fuel without subsidy, Iranian media reported.

The anti-government uprising never materialized, but the government was quick to contain the damage and quell the ruckus. The Ministry of Petroleum and the National Cyber ​​Council held emergency meetings. Oil Minister Javad Owji issued a rare public apology on state television and promised an additional 10 liters of subsidized fuel to all car owners.

To get the pumps back online, the ministry had to dispatch technicians to every gas station in the country. Once the pumps were restored, most stations would be able to sell only unsubsidized fuel, which is double the price of subsidized fuel.

It took almost two weeks to restore the subsidy network, which assigns each vehicle 60 liters, approximately 16 gallons, per month at half price.

But the hack may have been more serious than inconvenient for motorists.

A top Oil Ministry official and an oil trader with knowledge of the investigation said officials were alarmed that hackers had also taken control of the ministry’s fuel storage tanks and may have had access to data on international sales of oil, a state secret that could expose how Iran evades international sanctions.

Because the ministry’s computer servers contain such confidential data, the system works without an Internet connection, raising suspicions among Iranian officials that Israel may have had internal help.

Four days after Iran’s bombs stopped working, hackers gained access to the database of the Israeli dating site Atraf and to the medical archives of the Machon Mor Medical Institute, a network of private clinics in Israel.

The files from both attacks, including the personal information of approximately 1.5 million Israelis, approximately 16% of the country’s population, they were published in a channel of the messaging application Telegram.

The Israeli government asked Telegram to block the channel, which it did. But the hackers, a little-known group called the Black Shadow, immediately republished the material on a new channel and continued to do so every time it was blocked.

The group also released stolen files from the Israeli insurance company Shirbit, which was hacked in December, and insured employees of the Israel Defense Ministry. Three senior Israeli officials, who asked not to be identified to discuss secret cyber issues, said Black Shadow was part of the Iranian government or hackers. freelancers who worked for the government.

The dating site’s personal data could be disastrous «even for those already out of the closet,» Kvodi said. «Each of us has a very close and intimate ‘relationship’ with Atraf».

The site contains not only names and addresses, he said, but also «Our sexual preferences, who is HIV positive, who uses prophylactics or not, along with the fact that the site allows uploading nude photos and relevant videos of us. and send them to other subscribers «.

Many Atraf subscribers soon complained that their Instagram, Facebook or Gmail accounts had also been hacked. Cyber ​​experts said that these hacks were not the work of Black Shadow, but hacks by criminals who used the personal data that Black Shadow had published. In some cases, accounts were blocked and demanded a ransom to restore access.

Neither Israel nor Iran have publicly claimed responsibility nor have they blamed the latest round of cyber attacks. Israeli officials refused to publicly accuse Iran, and Iranian officials have blamed the attack on the gas station on a foreign country, not to mention one.

Experts say that cyberattacks on softer civilian targets could be the beginning of a new phase in the conflict.

Farnaz Fassihi and Ronen Bergman