Officials: Israel linked to a disruptive cyberattack on Iranian port facility
By JOBY WARRICK, ELLEN NAKASHIMA | The Washington Post | Published: May 18, 2020
On May 9, shipping traffic at Iran's bustling Shahid Rajaee port terminal came to abrupt and inexplicable halt. Computers that regulate the flow of vessels, trucks and goods all crashed at once, creating massive backups on waterways and roads leading to the facility.
After waiting a day, Iranian officials acknowledged that an unknown foreign hacker had briefly knocked the port's computers offline. Now, more than a week later, a more complete explanation has come to light: The port was the victim of substantial cyberattack that U.S. and foreign government officials say appears to have originated with Iran's archenemy, Israel.
The attack, which snarled traffic around the port for days, was carried out by Israeli operatives, presumably in retaliation for an earlier attempt to penetrate computers that operate rural water distribution systems in Israel, according to intelligence and cybersecurity officials familiar with the matter.
A security official with a foreign government that monitored the May 9 incident called the attack "highly accurate" and said the damage to the Iranian port was more serious than described in official Iranian accounts.
"There was total disarray," said the official, who spoke on the condition that his identify and national affiliation not be revealed, citing the highly sensitive nature of the intelligence. A U.S. official with access to classified files also said that Israelis were believed to have been behind the attack.
The Washington Post was shown satellite photographs depicting miles-long traffic jams on highways leading to the Shahid Rajaee port on May 9. In a photograph dated May 12, dozens of loaded container ships can be observed in a waiting area just off the coast.
The Israeli Embassy did not respond to requests for comment. Israel Defense Forces declined to comment. Iran has repeatedly denied involvement in the failed April 24 hacking attempt on Israeli water distribution networks.
If accurate, the reports point to a new round of tit-for-tat blows between the two bitter Middle East rivals, although U.S. cybersecurity experts said the most recent exchanges have been relatively restrained so far.
"Assuming it's true, this is in line with Israeli policy of aggressively responding to Iranian provocation, either kinetically or through other means," said Dmitri Alperovitch, a cybersecurity policy fellow at the Harvard Belfer Center and founder and former chief technology officer of CrowdStrike, a cybersecurity firm. "Anytime you see Iranian escalation, as with their buildup of rocket capacity in Syria, you have consistently seen Israeli retaliation with bombing runs on those positions. So it appears they have now applied that doctrine in cyberspace."
The sprawling Shahid Rajaee port facility is the newest of two major shipping terminals in the Iranian coastal city of Bandar Abbas, on the Iranian side of the Strait of Hormuz.
The attack on the port's computers was confirmed on May 10 by Mohammad Rastad, managing director of the Ports and Maritime Organization, in a statement carried by Iran's ILNA news agency.
"A recent cyber attack failed to penetrate the PMO's systems and was only able to infiltrate and damage a number of private operating systems at the ports," Rastad was quoted as saying.
On May 8, The Post, citing foreign intelligence sources, reported that Iran had been linked to the attempted cyberattack on at least two rural water distribution networks in Israel. Officials familiar with the incident said hackers sought to cripple computers that control water flow and wastewater treatment, as well as a system that regulates the addition of chlorine and other chemicals. The intrusion was detected and thwarted before significant damage was done.
Investigators found that the hackers routed their attempted attack through computer servers in the United States and Europe - a common tactic used by adversaries of the West. Israeli Water Authority officials detected the attempt and immediately took measures, including changing system passwords.
Each country has accused the other of similar attacks in the past. Israeli Prime Minister Benjamin Netanyahu said in 2019 that Israeli officials are "constantly detecting and foiling Iranian attempts" to penetrate the country's computer networks.
Years earlier, U.S. and Israeli intelligence agencies unleashed a computer worm called Stuxnet on Iranian uranium enrichment plants in an attempt to disrupt Iran's nuclear program. Neither country official confirmed its role.