This article is more than 1 year old
Israeli air raid sirens triggered in possible cyberattack
Source remains unclear, plenty suspect Iran
Air raid sirens sounded for over an hour in parts of Jerusalem and southern Israel on Sunday evening – but bombs never fell, leading some to blame Iran for compromising the alarms.
While the perpetrator remains unclear, Israel's National Cyber Directorate did say in a tweet that it suspected a cyberattack because the air raid sirens activated were municipality-owned public address systems, not Israel Defense Force alarms as originally believed. Sirens also sounded in the Red Sea port town of Eilat.
Netizens on social media and Israeli news sites pointed the finger at Iran, though a diplomatic source interviewed by the Jerusalem Post said there was no certainty Tehran was behind the attack. The source also said Israel faces cyberattacks regularly, and downplayed the significance of the incident.
"There is constant cyber activity against Israel. In terms of Israel working on increasing its cyber resilience, it is not in a bad place," the source commented. "Part of the [state's] multi-year plan is to build a cyber iron dome in cooperation with other nations. The headlines exaggerated about the sirens yesterday."
Still, the Jerusalem Post pointed out, it's another bit of escalation in a cyberwar between the two countries that has gone on for years. This latest case, one analyst told the paper, was likely an attack of opportunity against weak infrastructure that would have the greatest-possible psychological effect on Israelis.
Earlier this year, Israel's government was hit by a series of massive distributed denial-of-service attacks that took its websites offline and led to a state of emergency being declared. Again, Iran hasn't been determined to be the culprit, and Israeli officials said they believed it was retaliation for an earlier alleged Israeli attack on an Iranian nuclear enrichment site.
While the enrichment lab assault is unconfirmed, Israel isn't innocent when it comes to cyberattacks against Iran. The Stuxnet infection that targeted Iranian uranium centrifuges was a joint US-Israeli effort, Obama administration officials confirmed in 2012.
- Info on 1.5m people stolen from US bank in cyberattack
- Ukraine's secret cyber-defense that blunts Russian attacks: Excellent backups
- Why do hackers keep coming back to attack you? Because they can
- CISOs face 'perfect storm' of ransomware and state-supported cybercrime
The New York Times reported in November that Israel and Iran's cyberwar had recently begun bleeding into the civilian world; where once both parties would stick to government targets, recent campaigns believed to be coming from both sides have targeted and affected civilians.
A cyberattack last year on Iran's fuel infrastructure left the country without regular gas supplies for nearly two weeks, an attack against Israel's water system was prevented, and some Israeli LGBTQ people were outed after information was stolen from dating sites. While none of those cyberstrikes have been directly linked to Israel or Iran, "foreign nations" have been accused of the incidents by both governments.
Yoram Hacohen, CEO of the Israel Internet Association, said in an interview following Sunday's incident that gaps between civilian and government cyber infrastructure were on clear display.
"It seems that the attack didn't compromise any infrastructure defined as critical, but at the same time, it again became clear how compromising relatively simple civilian systems disrupts Israeli citizens' lives," Hacohen said.
"This isn't the first attack to illustrate this gap. We have to increase awareness and employ better cyber-defenses across the board." ®