Israel braces for Iranian cyberattack after reportedly targeting strategic port

Workers at sensitive facilities told to be on alert for malicious activity after hacking of Bandar Abbas port, which Israel has said is used to supply weapons to Hamas, Hezbollah

Michael Bachner is a news editor at The Times of Israel

The Shahid Rajaee port facility in the Iranian coastal city of Bandar Abbas. (Iran Ports and Maritime Organization)
The Shahid Rajaee port facility in the Iranian coastal city of Bandar Abbas. (Iran Ports and Maritime Organization)

Israel’s security firms and agencies are reportedly preparing for a potential Iranian or Iran-linked cyberattack in response to an attack blamed on the Jewish state that was said to have crippled computer systems at a strategic port in the south of the Islamic Republic.

The Washington Post reported Monday that Israel brought down the Shahid Rajaee port’s computer systems, causing a total shutdown of the facility, on May 9.

Israel has refused to officially comment on the report, which cited US and other foreign officials saying Israel was likely behind the computer attack.

The attack was apparently in response to an alleged Iranian attempt to hack into Israel’s water infrastructure system. Israel’s high-level security cabinet held a secret meeting to discuss a response to the hack attack on May 7, according to Channel 13 news, and regarded the attempt to damage its water system, a non-military target, as crossing a red line.

Security officials on Tuesday instructed agencies and sensitive facilities to raise their awareness and preparedness for the option of a retaliatory cyberattack as part of an apparent new tit-for-tat war, Hebrew-language media reported.

Cyber-defense officials in the Israel Defense Forces and the National Cyber Directorate have raised their alertness, expecting an attack on websites, servers or services, the unsourced reports said.

Employees have been ordered not to open or download files from unknown sources or people whose credibility is questionable. Officials have stressed that malicious messages could be ostensibly about the coronavirus crisis.

Workers have also been told not to hand personal information or account details to unknown entities, and to only download mobile applications from known app stores.

In this photo provided May 11, 2020, the Konarak support vessel which was struck during a training exercise in the Gulf of Oman, is docked in an unidentified naval base in Iran (Iranian Army via AP)

Shahid Rajaee Port, in the southern Hormozgan Province, is located some 25 kilometers (15 miles) from the city of Bandar Abbas, and is by far Iran’s largest and most strategically important port. It is also known as the port of Bandar Abbas.

It accounts for some 60 percent of all the country’s port activity, Mohammad Saeednejad, the managing director of Ports and Maritime Organization of Iran, said in 2017.

“The significance of the port lies in the fact that it is located at the mouth of the Strait of Hormuz where nearly 50,000 vessels of different countries sail annually,” he told Iran’s ILNA news agency at the time.

Saeednejad added that between March 2016 and March 2017, exports from the port totaled some 44 million tons of goods worth more than $11.14 billion, and imports totaled nearly 10 million tons worth $18.65 billion.

Israel has long accused Iran of using the port for military purposes to aid terrorists elsewhere in the Middle East, including the Jewish state’s foes Hamas and Hezbollah, with the IDF intercepting some of the shipments.

Satellite images of the port on May 11 and May 12 taken by Planet Labs and seen by The Times of Israel showed a large number of ships idling off the port and a buildup of containers on dry land, days after the alleged Israeli cyberattack.

Army chief Aviv Kohavi on Tuesday hinted at Israel’s role in the cyberattack, saying the IDF would continue to use “various military tools” against the country’s enemies.

While it is not unusual for politicians to insinuate Israeli involvement in attacks on Iran and terror groups, it is less common for senior IDF officers —  who tend to maintain a policy of ambiguity regarding the military’s activities abroad — to do so.

The Shahid Rajaee port facility in the Iranian coastal city of Bandar Abbas (Iran Ports and Maritime Organization)

On Tuesday, the former head of IDF Military Intelligence, Amos Yadlin, said the Iranian cyberattack on water facilities, which failed to cause significant damage, appeared to be in response to recent Israeli airstrikes against Iran’s forces and proxies in Syria.

A security official, who spoke on the condition that his identity and nationality not be revealed, told The Washington Post that the attack caused “total disarray” at the port.

“Computers that regulate the flow of vessels, trucks and goods all crashed at once, ­creating massive backups on waterways and roads leading to the facility,” the Post reported, adding that it had seen satellite photos showing miles-long traffic jams leading to the port and ships still waiting to offload several days later.

Iran later acknowledged that an unknown foreign hacker had briefly knocked the port’s computers offline.

“A recent cyber attack failed to penetrate the PMO’s systems and was only able to infiltrate and damage a number of private operating systems at the ports,” Mohammad Rastad, managing director of the Ports and Maritime Organization, said in a statement carried by ILNA.

The response appeared to indicate that Israel has adopted a “tit-for-tat” strategy in responding to Iranian cyber warfare, like that already used by the Israeli military with physical, or kinetic, attacks, an Israeli official said.

View of the Eshkol Water Filtration Plant in northern Israel, on April 17, 2007. (Moshe Shai/FLASH90)

“The cyberattack on the [Shahid Rajaee port] in Iran was an Israeli response to the cyber attack that [the Iranians] carried out against Israel two weeks before against Mekorot [national water company] components — an attack that failed,” the official told Channel 12 news, on condition of anonymity.

“Israel hopes that [the Iranians] stop there. They attacked water infrastructure components. They didn’t really cause damage — but they crossed a line and [Israel] needed to retaliate,” the official said.

Iran — whose regime avowedly seeks the Jewish state’s destruction — and Israel have engaged in covert cyber-warfare for over a decade, including reported efforts by the Jewish state and US to remotely sabotage the Islamic Republic’s nuclear program in 2010 using an advanced cyber weapon known as Stuxnet.

Times of Israel staff and agencies contributed to this report.

read more:
Never miss breaking news on Israel
Get notifications to stay updated
You're subscribed
Register for free
and continue reading
Registering also lets you comment on articles and helps us improve your experience. It takes just a few seconds.
Already registered? Enter your email to sign in.
Please use the following structure:
Or Continue with
By registering you agree to the terms and conditions. Once registered, you’ll receive our Daily Edition email for free.
Register to continue
Or Continue with
Log in to continue
Sign in or Register
Or Continue with
check your email
Check your email
We sent an email to you at .
It has a link that will sign you in.