海角大神

Longstanding tension between Iran and Saudi Arabia boiled over earlier this month after聽Saudi authorities executed a leading Shiite Muslim cleric.聽Now, the turmoil that followed the death of Sheikh Nimr Baqir al-Nimr appears to be moving online.

In the wake of聽Sunni Saudi Arabia and Shiite Iran severing diplomatic ties, unknown hackers attacked key websites belonging to the Saudi Defense Ministry in a digital assault that experts worry聽could聽set聽off a broader sectarian-fueled cyberconflict in the Middle East.

"Severing diplomatic relations between [Iran and Saudi Arabia] will not only escalate the cyberwar, but will escalate it fast," says聽Abdullah Al Ali, chief executive of Cyberkov, a Kuwait cybersecurity firm.聽

While no group has claimed credit for the Saudi cyberattack (Iran鈥檚 Fars News Agency linked聽it with Saudis protesting al-Nimr鈥檚 execution), the聽attack comes as Iran appears to be expanding its offensive capabilities in cyberspace.

In December, US officials said that the Iran Revolutionary Guard Corps hacked into e-mail and social media accounts belonging to Obama administration officials. Also, in the same month, The Wall Street Journal聽reported that the Department of Homeland Security had connected Iran with a 2013 hack against a small dam outside Rye, N.Y.聽

If the flare-up between the rival countries that have long jockeyed for power and influence in the Middle East spills onto the Internet, it wouldn't be the first time that Iran and Saudi Arabia 鈥� or the two nations' many surrogates 鈥� have battled in cyberspace.聽

In 2012, US officials聽claimed聽that Iran developed the Shamoon virus that聽wiped out聽the computers of Saudi Arabia鈥檚 top oil company, Aramco. Last year, in the wake of Riyadh鈥檚 bombing campaign in Yemen, a group calling itself the Yemen Cyber Army聽claimed聽responsibility for breaching the Saudi Ministry of Foreign Affairs, allegedly stealing the details of thousands of top officials and聽passing聽that information to Wikileaks. Iranian officials have said that their government has provided weapons and funding to Shiite Houthi rebels that pushed out Yemen's civilian government last year, which was backed by Saudi Arabia 鈥� prompting Riyadh to begin airstrikes in the country.

"Judging from the examples of Aramco and the foreign ministry, we believe Iran follows a methodology of deep infiltration and long term data extraction,鈥� says Cyberkov鈥檚 Al Ali. "[Iran is] silently waiting inside compromised networks, and then when the time is right from a political point of view the attack is made visible to the world either by destruction of data or disclosure of information to leak information or embarrass Iran's adversary."

Recorded Future, a Somerville, Mass., cyberthreat intelligence firm said details discovered in the Ministry of Foreign Affairs attack were similar to the Aramco hack, suggesting that Iran had a hand in aiding the Yemen Cyber Army.

The firm's report on Iranian capabilities, conducted last year using open source intelligence, found that Iran had more than 6 million more Internet users than Saudi Arabia, and that Saudi hackers were mainly focused on domestic campaigns, such as Anonymous鈥檚 #OpSaudi,聽an ongoing protest of the monarchy.聽Anonymous also聽knocked聽several Saudi government websites offline in September to protest the death sentence against Ali Mohammad Baqir al-Namir,聽arrested聽for his role in pro-Arab Spring protests in 2012.

During the Yemen campaign, Saudi and Iranian hackers seized social media accounts and vandalized websites 鈥撀燾ulminating in pro-Saudi attacks against the Fars News Agency.聽Recorded Future found that Iran has mounted far more digital attacks than Saudi Arabia, even though Riyadh has long standing relationships with US defense contractors that provide cybersecurity services such as聽Lockheed Martin聽and Raytheon, which聽upgraded聽the kingdom's Patriot Missile Defense System. The Russian Internet security provider Kaspersky Lab has also聽bolstered聽its presence in Saudi Arabia.

"You can go buy ten fighter jets, a hundred fighter jets, or fortified tanks 鈥� the Saudis know how to do that," said Christopher Ahlberg, chief executive officer of Recorded Future. "But it's a different sort of thing to buy or institute a cyber capability that Iran has very cautiously built over time, starting in their universities, even younger."

Many experts say that Iran began focusing on building up technical talent and cyberwar capabilities following the discovery of Stuxnet, the computer worm that attacked the Islamic Republic's nuclear program.

"Over that time we鈥檝e been able to see their capabilities increase in terms of tactics, techniques, and procedures," said聽Jon Miller, vice president of strategy at Cylance, a San Diego cybersecurity company.

While the country started with more basic attacks such as聽denial-of-service attacks and website defacements, their capabilities have advanced rapidly, said聽Benjamin Runkle, a former Defense Department and National Security Council official who currently writes about cybersecurity challenges in the聽Middle East. "Their development has been similar to China. They鈥檝e moved on to more sophisticated capabilities."

Mr. Runkle pointed out in a recent piece for Passcode that Iranian cyberattacks have increased so much that the State Department issued a report in May cautioning US businesses with overseas operations to be more vigilant. 聽"It shouldn't come as any surprise that Iran is constantly sharpening its arsenal of digital weapons," he wrote, "cyberspace is increasingly critical front for most modern nation-states."