Hack causes ‘chaos’ on Iran trains, posts supreme leader’s number for complaints

Messages posted on electronic timetables saying trains ‘long delayed because of cyberattack,’ railway also reported to lose tracking system; no claims of responsibility

Illustrative: People wearing protective face masks to help prevent the spread of the coronavirus stand inside a train in Tehran, Iran on July 8, 2020. (AP/Ebrahim Noroozi)
Illustrative: People wearing protective face masks to help prevent the spread of the coronavirus stand inside a train in Tehran, Iran on July 8, 2020. (AP/Ebrahim Noroozi)

TEHRAN, Iran — Iran’s railroad system came under cyberattack on Friday, a semi-official news agency reported, with hackers posting fake messages about alleged train delays or cancellations on display boards at stations across the country.

The hackers behind the strike were apparently trying to be funny, and along with messages saying “long delayed because of cyberattack” or “canceled,” they urged passengers to call for information, listing the phone number of the office of the country’s supreme leader, Ayatollah Ali Khamenei.

The semi-official Fars news agency reported that the hack led to “unprecedented chaos” at rail stations.

No group has so far taken responsibility of the incident. Earlier in the day, Fars said trains across Iran had lost their electronic tracking system. It wasn’t immediately clear if that was also part of the cyberattack.

Fars later removed its report and instead quoted the spokesman of the state railway company, Sadegh Sekri, as saying “the disruption” did not cause any problem for train services.

In 2019, an error in the railway company’s computer servers caused multiple delays in train services.

In December that year, Iran’s telecommunications ministry said the country had defused a massive cyberattack on unspecified “electronic infrastructure” but provided no specifics on the purported attack.

It was not clear if the reported attack caused any damage or disruptions in Iran’s computer and internet systems, and whether it was the latest chapter in the US and Iran’s cyber operations targeting the other.

Iran disconnected much of its infrastructure from the internet after the Stuxnet computer virus — widely believed to be a joint US-Israeli creation — disrupted thousands of Iranian centrifuges in the country’s nuclear sites in the late 2000s.

However, attacks attributed to Israel have more frequently targeted Iran’s nuclear program, like Stuxnet or recent explosions at the Natanz nuclear site.

Friday’s cyberattack follows a number of mysterious explosions, fires and mishaps that have plagued the country in recent months.

On Monday, an explosion at a state-owned warehouse outside of Tehran caused a major fire at the site. Tehran has yet to provide details on the location and cause of the blast.

A fire at a warehouse in Tehran, on July 5, 2021. (Screen capture/YouTube)

Last month, a massive fire broke out at the state-owned Tondgooyan Petrochemical Co. oil refinery, which serves Tehran. A blast was believed to have struck a pipeline for liquefied petroleum gas at the facility. No additional information was provided then either.

While many of these have been blamed on foreigners, much is a result of Iran’s failing infrastructure, which has been hard hit by years of mismanagement and made worse by sanctions.

However, numerous explosions have also been reported over the past few years in complexes vital to Iran’s nuclear program and its energy and military sectors

The most recent such incident was a drone attack last month that reportedly damaged an Iranian nuclear facility in Karaj, said to have been used for assembling centrifuges for uranium enrichment.

Most Popular
read more: