Saudi Arabia and Iran trade cyber-attacks
LONDON - The cold war between Saudi Arabia and Iran is heating up in cyberspace with the countries exchanging a number of computer-based attacks in recent weeks.
A group of websites affiliated with the Iranian Foreign Ministry were hit with a major cyber-attack recently and Tehran quickly blamed Riyadh. According to Iranian authorities, more than 50 Foreign Ministry websites were compromised in a series of hacks between May 24th and June 1st by activists who called themselves Team Bad Dream.
The hackers took down the websites and posted content that included a collage photo of Saudi kings.
One of Saudi Arabia’s most widely circulated daily newspapers, Al Watan, which is owned by members of the royal family, then had its website hacked, with its editor accusing Iran of being responsible.
Hackers remotely accessed the website of the newspaper, which is known for a liberal slant, and uploaded false reports and statements attributed to Crown Prince Mohammed bin Nayef bin Abdulaziz.
A statement issued by the newspaper said the publication’s website was hacked the morning of June 2nd by “hostile groups from outside the kingdom”, who “were able to control the website for a period of time and published fabricated news”, including a false statement attributed to the crown prince about Operation Decisive Storm in Yemen.
Al Watan Editor Othman al-Sini said in a television interview that the cyber-attacks uploaded fake news items that were sympathetic to Iran and the Houthi rebels, which are at war with an Arab coalition led by Saudi Arabia.
It is unclear whether the attacks were state-sponsored or the work of independent hacktivists.
Both Saudi Arabia and Iran have upgraded cyber-defence capabilities in recent years. Iran took such steps after a 2012 attack on its nuclear facilities, which Tehran blamed on the United States and Israel.
In March, the US State Department charged seven Iranians for allegedly compromising the computer systems of several banks in the period 2011-13.
The latest cyber-attack, allegedly by Iranian hackers, pales in comparison to previous cyber-sabotage actions.
In August 2012, Saudi Aramco, the world’s biggest oil and gas company, fell victim to a malware virus that infected 30,000 computers. The so-called Shamoon virus, which took Aramco ten days to eradicate, was planted by a politically motivated group calling itself the Cutting Sword of Justice, which US investigators say is tied to Iran.
Because of the growing regional threat that government-sponsored hackers, as well as cyber-terrorists, pose, estimates indicate that the Middle East cyber-security market will reach $9.56 billion in 2019. Iran, for example, has gone from low-level capabilities to almost the same standard of sophistication shown by China and Russia, analysts said.
“In terms of awareness, things are considerably better than they were two or three years ago,” said Mohamed al-Harbi, a 34-year-old Riyadh-based IT consultant, who counts a number of online publications as clients.
According to Harbi, the level of protection depends on what a particular entity has to lose. The financial and energy sectors can be described as being more secure than, for example, a newspaper website.
“Taking into consideration that we have not seen an attack on the level it was a couple of years ago is an indicator of better security procedures but that could change overnight as methods by cyber-armies are also evolving,” he said.
He stressed that the interception of text messages carrying personal codes and passwords has become popular in the Middle East, which gives hackers the ability to access personal information, including applications on smart phones.
The situation has escalated in recent years, leading Saudi Arabia to establish cyber-crime laws. According to Saudi statutes, if an individual or group knowingly accesses a government network without authorisation, particularly if the information accessed has national security implications, the act could lead to a $1.3 million fine and up to ten years in prison. It is the same penalty as for charges of supporting terrorism through the internet.