Iran-Saudi Arabia row adds fuel for hackers on both sides
Longstanding tension between Iran and Saudi Arabia boiled over earlier this month after听Saudi authorities executed a leading Shiite Muslim cleric.听Now, the turmoil that followed the death of Sheikh Nimr Baqir al-Nimr appears to be moving online.
In the wake of听Sunni Saudi Arabia and Shiite Iran severing diplomatic ties, unknown hackers attacked key websites belonging to the Saudi Defense Ministry in a digital assault that experts worry听could听set听off a broader sectarian-fueled cyberconflict in the Middle East.
"Severing diplomatic relations between [Iran and Saudi Arabia] will not only escalate the cyberwar, but will escalate it fast," says听Abdullah Al Ali, chief executive of Cyberkov, a Kuwait cybersecurity firm.听
While no group has claimed credit for the Saudi cyberattack (Iran鈥檚 Fars News Agency 听it with Saudis protesting al-Nimr鈥檚 execution), the听attack comes as Iran appears to be expanding its offensive capabilities in cyberspace.
In December, US officials said that the Iran Revolutionary Guard Corps hacked into e-mail and social media accounts belonging to Obama administration officials. Also, in the same month, that the Department of Homeland Security had connected Iran with a 2013 hack against a small dam outside Rye, N.Y.听
If the flare-up between the rival countries that have long jockeyed for power and influence in the Middle East spills onto the Internet, it wouldn't be the first time that Iran and Saudi Arabia 鈥 or the two nations' many surrogates 鈥 have battled in cyberspace.听
In 2012, US officials听听that Iran developed the Shamoon virus that听听the computers of Saudi Arabia鈥檚 top oil company, Aramco. Last year, in the wake of Riyadh鈥檚 bombing campaign in Yemen, a group calling itself the Yemen Cyber Army听听responsibility for breaching the Saudi Ministry of Foreign Affairs, allegedly stealing the details of thousands of top officials and听听that information to Wikileaks. Iranian officials have said that their government has weapons and funding to Shiite Houthi rebels that out Yemen's civilian government last year, which was backed by Saudi Arabia 鈥 prompting Riyadh to airstrikes in the country.
"Judging from the examples of Aramco and the foreign ministry, we believe Iran follows a methodology of deep infiltration and long term data extraction,鈥 says Cyberkov鈥檚 Al Ali. "[Iran is] silently waiting inside compromised networks, and then when the time is right from a political point of view the attack is made visible to the world either by destruction of data or disclosure of information to leak information or embarrass Iran's adversary."
Recorded Future, a Somerville, Mass., cyberthreat intelligence firm said details discovered in the Ministry of Foreign Affairs attack , suggesting that Iran had a hand in aiding the Yemen Cyber Army.
The firm's report on Iranian capabilities, conducted last year using open source intelligence, found that Iran had more than 6 million more Internet users than Saudi Arabia, and that Saudi hackers were mainly focused on domestic campaigns, such as Anonymous鈥檚 #OpSaudi,听an ongoing protest of the monarchy.听Anonymous also听听several Saudi government websites offline in September to protest the death sentence against Ali Mohammad Baqir al-Namir,听听for his role in pro-Arab Spring protests in 2012.
During the Yemen campaign, Saudi and Iranian hackers seized social media accounts and vandalized websites 鈥撎齝ulminating in pro-Saudi attacks against the Fars News Agency.听Recorded Future found that Iran has mounted far more digital attacks than Saudi Arabia, even though Riyadh has long standing relationships with US defense contractors that provide cybersecurity services such as听听and Raytheon, which听听the kingdom's Patriot Missile Defense System. The Russian Internet security provider Kaspersky Lab has also听听its presence in Saudi Arabia.
"You can go buy ten fighter jets, a hundred fighter jets, or fortified tanks 鈥 the Saudis know how to do that," said Christopher Ahlberg, chief executive officer of Recorded Future. "But it's a different sort of thing to buy or institute a cyber capability that Iran has very cautiously built over time, starting in their universities, even younger."
Many experts say that Iran began focusing on building up technical talent and cyberwar capabilities following the discovery of Stuxnet, the computer worm that attacked the Islamic Republic's nuclear program.
"Over that time we鈥檝e been able to see their capabilities increase in terms of tactics, techniques, and procedures," said听Jon Miller, vice president of strategy at Cylance, a San Diego cybersecurity company.
While the country started with more basic attacks such as听denial-of-service attacks and website defacements, their capabilities have advanced rapidly, said听Benjamin Runkle, a former Defense Department and National Security Council official who currently writes about cybersecurity challenges in the听Middle East. "Their development has been similar to China. They鈥檝e moved on to more sophisticated capabilities."
Mr. Runkle pointed out in a recent piece for Passcode that Iranian cyberattacks have increased so much that the State Department issued a report in May cautioning US businesses with overseas operations to be more vigilant. 听"It shouldn't come as any surprise that Iran is constantly sharpening its arsenal of digital weapons," he wrote, "cyberspace is increasingly critical front for most modern nation-states."
听
