Tuesday’s report by my Haaretz colleague Amos Harel about an Israeli attack in Iran that destroyed hundreds of drones of various kinds is a new stage in the escalation of the covert campaign that has been waged for years between the two countries.
In its report, Haaretz wrote that six Israeli drones attacked last month, from a base in Iraqi Kurdistan targets in western Iran, resulting in the destruction of hundreds of Iranian drones, of various sizes. The report didn't specify if the attack was against drones' production facilities, drones' storage or drones launching sites. According to the report the attack caused a major blow to Iran's growing drones' Corp, run by IRGC.
To counter Israel’s air superiority, Iran decided to research, develop and operate drones. These drones have been used in battles in Syria against ISIS and Israel in Iraq against American troops and bases and against Saudi Arabian oil fields as well as in the civil war in Yemen. Worried about the advancement of its drones, it seems only natural that Israel decided to hit the Iranian drones manufacturing and operational capabilities.
The campaign between Israel and Iran is being fought in two dimensions – a so-called kinetic one involving military force, with bombardments on sea, land and air – and a cybernetic one, all of which relates to cyberattacks, as occurred on Monday when Israeli government websites crashed.
The two sides refrain from claiming responsibility for most of these covert operations, only hinting at them from time to time through media leaks, leaving both space for plausible deniability. At the moment, Israel is officially not naming a suspect in the cyberattack. Israel’s National Cyber Directorate, the Communications Ministry and cybersecurity experts at the Shin Bet security service, the Israel Defense Forces (Unit 8200 of the Intelligence Corps) and the Mossad intelligence agency are still carrying out a comprehensive examination of the issue.
One defense official said the attack was very broad and noted that only one country or large organization could be behind it. If that’s indeed the case, it points to one prominent suspect – Iran. A Twitter page purportedly linked to Iran’s Revolutionary Guards published a tweet not long after the cyber attack that translated was: “the Zionist regime will not forget this evening,” although it’s difficult to know whether the tweet is authentic.
- Cyberattack on Israel: Biggest Ever or ‘Iranian Propaganda’?
- Israel-Iran Drone War Goes Ballistic: A Timeline
- Hundreds of Iranian Drones Destroyed in Israel-attributed Attack Last Month
Cybersecurity experts believe that the cyberattack, which lasted about 70 minutes, was what is known as a DDoS attack, a distributed denial of service. In attacks of this kind, the targeted servers are bombarded with large quantities of information in an effort to cause them to crash. Among the Israeli government websites that crashed Monday evening were those of the Prime Minister’s Office, the Interior Ministry and the ministries of health, justice and social services. They are all civilian websites that operate with guidance from the National Cyber Directorate. The defense establishment’s websites, which are better protected, were not affected.
There was a change of personnel at the helm of the National Cyber Directorate last month. Yigal Unna, who earlier in his career had been a Shin Bet division chief, stepped down and was replaced by Brig. Gen. (ret.) Gaby Portnoy, who in his last Israeli army posting headed the operations division of the Intelligence Corps.
Following Monday’s attack, Portnoy convened an emergency meeting attended by Communications Minister Yoaz Hendel. Given that DDoS attacks are a longstanding and effective method that does not require extraordinary sophistication, the attack can be seen as a sort of PR offensive intended to create a big impression even if it only causes minor and short-lived damage.
If Iran was in fact behind the attack, then it was part of that covert war that it has been waging for years against Israel. The war is being fought in a large number of arenas both kinetic (attacks at air land and sea, assassinations and sabotage operations) and cybernetic. On the same day that the cyberattack was being carried out, Iran had also announced that its Revolutionary Guards had foiled a sabotage attempt by the Mossad at the underground Iranian nuclear facility at Fordo.
That’s a well-fortified facility where Iran enriches uranium using advanced 6IR centrifuges. The Iranians reported the arrest of several people who allegedly recruited the neighbor of a staff person at Fordo, who provided him with special equipment and who trained him in sabotage. A message on the Iranian Revolutionary Guards’ Telegram messaging service in Hebrew opened with the word “surprise.”
Iran is constantly looking for Israel’s vulnerabilities and of course, the reverse is also true. Over the years, the Islamic Republic has dispatched squads to various spots around the world and has attempted to attack Israeli targets such as embassies, diplomats and the offices of Israeli companies, as well as Jewish institutions. The Iranian Intelligence Ministry has also been trying to recruit Israelis, and just recently, the Shin Bet uncovered a network of several Israelis of Persian origin. At the same time, the Iranians have been trying to entice Israelis to meet in Europe so that they can then be kidnapped as bargaining chips or for other purposes. The Shin Bet takes pains to warn Israelis who it knows are in danger.
In retaliation for the attacks that Israel has been carrying out in Syria, the aerial division of the Revolutionary Guards has dispatched attack drones and missiles at American targets in Syria and Iraq. At the beginning of the week, Iran claimed responsibility for such an attack on a building in Irbil, the capital of the Kurdish enclave in Iraq and claimed that it served as a secret base for Mossad activity.
In the past, there were numerous reports that the Mossad had a station in Kurdistan and had close cooperation with Kurdish espionage services. According to those reports, Israeli intelligence and Kurdish espionage agencies were providing assistance to American intelligence and to the special forces that assassinated Gen. Qassem Soleimani, the commander of the Revolutionary Guards’ Quds Force, in January 2020 at Baghdad airport.
And so it goes, from one story to the next and from one report to the next: On Monday, it was reported that a 21-year-old Iranian woman by the name of Nika Nikoubin was arrested in Las Vegas after she tried to kill a man who was not identified. According to the New York Post, she enticed the man to come to a hotel room in the city, promising to have sex with him.
She reportedly blindfolded him, drew a knife and stabbed him a number of times in the neck.
The man managed to escape. Under interrogation, Nikoubin said that she was seeking to avenge the death of Soleimani. The FBI is now investigating whether she was acting on her own or on behalf of Iran.
And now back to the cyberwarfare front. Iran has learned lessons since the operation in which, according to reports, Israel and the United States infected computer systems at the Iranian uranium enrichment facility at Natanz with the Stuxnet virus more than a decade ago. It has improved its cyberwarfare defenses as well as its offensive capabilities.
In the past, computers at the Saudi oil firm Aramco were immobilized and the American banking system has also been attacked. When it comes to Israel, over the past year, Iranian hackers working on behalf of the cybertechnology command of the Revolutionary Guards attacked computer systems at an Israeli hospital (Hillel Yaffeh Medical Center), the Shirbit insurance firm and the LGBT dating site Atraf, and there were other unreported attempts that failed to cause damage.
Iran has been working on a daily basis to carry out cyberattacks on Israeli sites. Its most daring act so far was carried out in April 2020 against the Mekorot water company’s valves and pipelines carrying treated wastewater. The damage was minor, but it potentially could have caused huge damage by poisoning the country’s water.
About two weeks later, according to American press reports, Israel carried out a cyberattack at the southern Iranian port of Bandar Abbas. It paralyzed ship traffic at the port for a day. In another incident, it was reported that Israel shut down gasoline service stations in Iran.
If it becomes clear to Israeli defense and cybersecurity officials that Iran was officially behind Monday’s attacks on the government websites, there is no doubt that a powerful response will be forthcoming. This campaign is expected to continue and intensify even if Iran and the world powers ultimately sign a new nuclear agreement.