Israel and the United States are the prime suspects in the large-scale 26 October hack attack which crippled Iran’s gas station network, civil defence chief Brig. Gen. Gholam Reza Jalali has alleged.
“From our point of view, this attack has definitely been carried out by the Americans and the Zionists,” Jalali said, speaking to local television on Saturday, his comments cited by Tasnim.
The civil defence chief said the attack targeted middleware – or software acting as a bridge between an operating system and application of Iran’s gas station systems – making it difficult to defend against.
“If the attack had taken place in the hardware layer, there would have been a need for infiltration,” he added.
Jalali indicated that further forensic investigation is needed, with the probe ongoing.
Iran’s gas station network was crippled by a massive cyberattack on Tuesday, with some 4,300 stations’ electronic systems going offline, and payments using government-issued electronic cards allowing for fuel to be purchased at subsidised prices unable to be processed. The outages sparked anger from motorists and long fuel lines snaking around pumps, with fuel sold for cash at significant markup.
Using the electronic cards, Iranian motorists ordinarily pay just 15,000 rial per litre for up to 60 litres of gas per month. That’s equivalent to about 5 US cents a litre, or 20 cents a gallon. The price tag goes up to 30,000 rial per litre for anything above the 60 litre quota.
Iran’s oil ministry officials held an emergency meeting to deal with the hack attack, with about 80 percent of stations resuming operations as normal by Wednesday morning.
Also on Wednesday, Iranian President Ebrahim Raisi suggested that the cyberattack was designed to make “people angry by creating disorder and disruption,” and stressed the need for “serious readiness in the field of cyberwar and related bodies” to prevent “the enemy to follow their ominous aims to make problems in people’s lives.”
Iran remains wary of possible unrest stemming from fuel price-related public anger, with the country hit by large-scale protests over rising gas prices in 2019, which left several hundred people dead and thousands more injured.
Supreme Council of Cyberspace Secretary Abolhassan Firouzabadi said Tuesday’s attack may have been conducted from abroad, and said it may be linked to the hack attack which targeted Iran’s railway network in July. That incident caused widespread chaos and the delay or cancelation of hundreds of train journeys. A mysterious hacking group was suspected of involvement in the incident.
On Thursday, Gen. Ali Shamkhani, chief of Iran’s Supreme National Security Council, issued a Hebrew-language message saying that Iran had uncovered enemy plans to “wreak havoc in Iran in a coordinated action” in connecting with the gas station hack attack, and stressing that the plot had been foiled.
Hidden War
Iran and Israel have accused one another of engaging in a back-and-forth cyberattack campaign targeting a broad range of virtual and physical infrastructure, from websites and servers to ports and utilities, for over a decade now.
In April, the Natanz nuclear plant suffered major damage in a cyberattack. Iran described the sabotage as an act of “nuclear terrorism” and blamed Israeli foreign intelligence. Israel neither confirmed nor denied its involvement.
On Saturday, Israeli media reported that a hacker group allegedly affiliated with Iran had infiltrated the servers of a major Israeli internet hosting company, causing a number of widely used websites to go offline, with hackers threatening to leak data. Before that, a hacking collective known as ‘Moses Staff’ carried out a cyberattack against the Israeli Defence Ministry, leaking files, operational maps, letters, correspondence and photographs from ministry systems. Iran has not claimed responsibility for either attack.
Earlier this month, Microsoft reported that a separate hacking group allegedly affiliated with Iran targeted US, European and Israeli defence technology-related companies.
In 2010, Iran’s nuclear energy infrastructure was infected by the Stuxnet virus, alleged to have been engineered by Mossad, the CIA and Dutch intelligence, causing a broad range of problems and forcing Iran to pull most of its infrastructure offline.
Ordinarily, neither country takes credit for hack attacks on the other. However, last year, Israeli military intelligence awarded members of cyber warfare Unit 8200, reportedly over their involvement in an attack on the Iranian port of Shahid Rajaee in May of that year.