Published on August 7th, 2019 📆 | 7691 Views ⚑0
High-Level Cyber Intrusions Hit Bahrain Amid Tensions with Iran
Suspected Iranian hackers infiltrated critical infrastructure and government computers in the Persian Gulf nation of Bahrain within the last month, raising fears among leaders in the region that Tehran is stepping up its cyberattacks amid growing tensions.
The intrusions, according to people familiar with them, rose above the normal level of Iranian cyber activity in the region.
On Monday, hackers broke into the systems of Bahrain’s National Security Agency—the country’s main criminal investigative authority—as well as the Ministry of Interior and the first deputy prime minister’s office, according to one of the people familiar with the matter.
On July 25, Bahrain authorities identified intrusions into its Electricity and Water Authority. The hackers shut down several systems in what the authorities believed was a test run of Iran’s capability to disrupt the country, the person said. “They had command and control of some of the systems,” the person said.
Around the same time, Aluminum Bahrain—a major employer and one of the world’s biggest smelters—was also hit, the person said.
Two former U.S. officials familiar with the matter confirmed the cyber breaches in Bahrain, saying that at least three entities had suffered intrusions. One of the former officials said the breaches appeared broadly similar to two hacks in 2012 that knocked Qatar’s natural-gas firm RasGas offline and wiped data from computer hard drives belonging to Saudi Arabia’s Aramco national oil company, a devastating attack that relied on a powerful virus known as Shamoon.
Share Your Thoughts
What if anything can or should be done to slow the use of cyberattacks as a weapon against adversaries? Join the conversation below.
Bahrain is the smallest country in the Persian Gulf, but it is strategically important because it’s the permanent home of the U.S. Navy’s Fifth Fleet and Navy Central Command. It is closely allied with its much larger neighbor, Saudi Arabia, a regional rival of Iran.
The Bahrain authorities haven’t definitively attributed the attack to Iran, but they have been provided intelligence by the U.S. and others suggesting Iran is behind it, the people familiar with the matter said. Regional leaders in the Gulf—and security officials in the U.S.—believe Iran has been increasing its malicious cyber activity since tensions ratcheted up over a series of incidents across the Middle East and saber-rattling by the U.S. and Iran over Iran’s nuclear program and U.S. sanctions, people familiar with their discussions said.
It couldn’t be determined how damaging the intrusions in Bahrain have been, or whether the hackers had been expelled from the networks they had compromised.
“Robust safeguards are in place to protect Bahrain’s interests and essential public services from increasingly sophisticated external cyberattacks,” a spokesperson for Bahrain’s Ministry of Interior said.
“In the first half of 2019, the Information & eGovernment Authority successfully intercepted over 6 million attacks and over 830,000 malicious emails. The attempted attacks did not result in downtime or disruption of government services,” the spokesperson said in a statement.
Alba, as Aluminum Bahrain is known, didn’t respond to a request for comment. An Iranian government spokesman didn’t respond to a request for comment. Iran has consistently maintained it is not hacking its neighbors.
Unlike most Gulf states, where Sunni Islam is the dominant branch, Bahrain’s population is about 70% Shia—the predominant faith in Iran—and its Sunni-led government for years has accused Iran of meddling in its affairs. Earlier this month, Bahrain’s minister of interior accused Iran of conspiring with Qatar to “subvert national unity and spark chaos” in the region after the two nations held a maritime security meeting in Tehran.
The two most powerful Gulf states, Saudi Arabia and United Arab Emirates, are spending tens of millions of dollars to bolster their cyber defenses, in part to defend against potential Iranian intrusions but also against Qatar, which is in a prolonged standoff with other Gulf Cooperation Council members.
The attacks on Bahraini infrastructure come as U.S. officials are on high alert over malicious cyber activity linked to Iran since tensions between the two countries surged in June amid a series of incidents, including Tehran’s shooting down of an American reconnaissance drone.
The U.S. has used cyber weapons against Iran as well, as part of a low-level conflict between the two countries that involves nontraditional military tools.
In June, the U.S. military’s Cyber Command, in coordination with Central Command in the Middle East, launched cyberattacks against an Iranian intelligence group’s computer systems to control missile and rocket launches, The Wall Street Journal has reported.
During the administrations of former Presidents George W. Bush and Barack Obama, the U.S. deployed the Stuxnet virus in a sophisticated operation to impair Iran’s nuclear program by disabling centrifuges that were enriching uranium. Some security experts have since criticized Stuxnet for helping to usher in an era where destructive cyberattacks are increasingly common.
Iran has targeted its regional Gulf adversaries with cyberattacks—either for espionage or destructive purposes—for years, but people familiar with the matter said the Bahrain intrusions may be a sign of increased aggression.
“This is the new normal and such attacks are likely to continue,” said Norman Roule, who served until 2017 as the intelligence manager for Iran at the U.S. Office of the Director of National Intelligence. He did not comment on the specific attacks in Bahrain.
“For the last several years, Iran has undertaken, in waves, a series of attacks on Gulf state infrastructure,” Mr. Roule said, questioning whether Western countries are doing enough to deter Iran and safeguard their investments.
Three U.S.-based cybersecurity firms said in June they had seen signs Iran is targeting relevant computer networks for intrusion with spearphishing emails and appeared focused on U.S. government agencies and the American energy sector, including oil and gas providers. The activity was linked by each company to a known Iranian hacking group believed to possess powerful hacking tools.
The Department of Homeland Security issued a statement warning private industry that Iran’s cyber activity was on the rise and that Tehran could launch destructive hacking attempts against U.S. critical infrastructure if tensions further escalated.
“This is an actor that has previously demonstrated a willingness to go destructive,” Chris Krebs, the top cybersecurity official at the Department of Homeland Security, said last month. “They’ve done it regionally. If their calculus changes, they could go global here.”
“Iran uses targets in the Middle East to sort of test capabilities before bringing them here” to the U.S., said a former senior U.S. intelligence official. “They’ve got some pretty good teachers. The Russians help them.”
—Dion Nissenbaum contributed to this article.
Copyright ©2019 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8