Multiple sources are claiming that on Thursday, as the United States first began, then halted, an attack on Iranian air defense forces, a cyberattack was launched to disable those systems. And unlike the physical missiles, the hacks did “fly.” ABC News reports that the attacks were authorized by Donald Trump and specifically made against the systems used by Iran's Islamic Revolutionary Guard Corps. Indications are that the attack was successful. However, it’s difficult to be sure.
There are few countries that have made as much effort to harden their infrastructure against cyberattack as Iran—for good reason. The Stuxnet “worm,” widely though to be a joint development of U.S. and Israeli cyber forces, was introduced into Iran sometime between 2005 and 2010 with the apparent intent of disabling centrifuges used for uranium enrichment. The worm infects the small programmable logic controllers (PLCs) within semi-automated machinery, altering the behavior of motors and steppers, and can cause physical damage. Stuxnet can also attack and propagate itself using Windows-based computers.
However, the same Siemens-made PLCs in Iranian centrifuges are found on many types of systems. Stuxnet went on to wreck about a fifth of Iran’s centrifuges — and to spread to hundreds of thousands of other machines in Indonesia, India, Pakistan, and the United States. Worms derived from Stuxnet have attacked automated systems around the world.
What type of attack the U.S. used to supposedly shut down Iran’s mobile missile defense systems isn’t known. It might have been a more directed assault targeting specific systems. It might have been a new worm, virus, or bot going after a whole class of automation. For Iran’s part, they have been conducted a cyber offensive on the United States since Trump ordered increased sanctions, sending spearfishing messages to companies in the energy sector, government offices, and Wall Street agencies. Many of those messages have been intercepted. It’s not clear if any have made it through, or what kind of attack is intended to follow if a message is successful.
The missiles may be grounded, but the electrons are flying. And, as with Stuxnet, the fallout of attacks in both directions may not be clear for years.