These are probably the most highly guarded facilities in Iran. Justified or not, it is absolutely incredible that certain intelligence organizations are able to pull off these types of attacks again and again.
We will probably never know how they did it, but I hope I can read about it one day.
Iran isn't a totalitarian society and it doesn't keep tabs on all its citizens. There are lots of dissident groups in Iran that want to see the regime fall (many Arab minorities, for example). Recruiting from these groups to do Israel's dirty work is not complicated. Some of the Iranian scientists Israel has had killed were apparently killed by Iranian gangsters. In one instance, they drove up to the car the scientist was travelling in at an intersection, smashed the car window and fired multiple shots at him. Not that sophisticated, but gets the job done.
There is not much evidence that Israel's cyber warfare capabilities exceeds that of other states. However, Israel is clearly less reluctant than other states to use what they have offensively. Perhaps because Israel would suffer virtually no diplomatic fallout from getting caught and because it would be Iranians - not Israeli agents - who would be hanged.
Personally, I think praising Israel's cyber warfare is like praising pedophiles for amazing tech savyness for running child pornography rings undetected for so long. It leaves a bad taste, especially since Israel is trying to rebrand itself as a tech leader. The idea is that we should forget about its ongoing human rights abuses and gawk at all the tech Israel is producing.
> There is not much evidence that Israel's cyber warfare capabilities exceeds that of other states.
Israeli cyber warriors are known to be among the best in the world, on par with anything other major powers have to offer.
It's not "branding". They sell stuff buyers want.
it is a totalitarian state, just a weak one
If you go back and watch how Stuxnet, ie "Olympic Games," was created, and the methods they used to figure everything out down to the particular model of centrifuges to target, it really is quite eye opening on how extensive these operations are.
Thereâs a lot of blatant racism in that video, but that aside, his description does not align with the way I understand the attack occurred.
Alternatively, now literally any normal fuck up at Natanz can be played off as a cyber hack for political points, and everyone unquestionably assumes that is plausible.
The null hypothesis is underrated everywhere.
While not downplaying it, It was probably around 70% "human hacking" and only 30% computer\hardware hacking.
For me that makes it all the more interesting. I would assume that most of the people that work at those facilities are subject to intense security checks and surveillance.
Despite that someone is able to either convince or trick some of the workers to do something that comes at a huge personal risk. Human hacking is no less interesting than software/hardware hacking
The soft spots are always blackmail, extortion and threats. Once they have people in one of these positions, they have a lot of leverage.
Human hacking in a police state with no diplomatic mission for cover and where nearly every foreigner is surveilled from the moment they enter makes this even more remarkable.
The fact that western intelligence agencies and especially the Israelis managed to develop a network of assets in Iran is marvel of tradecraft.
I remember a while ago some disgruntled folk at US army base started shooting at and killing a group of other army men. In other instances some folks were radicalized online and killed a bunch of random citizens.
US has top notch intelligence.
A lot of Israel operations are done through recruiting and paying dissidents. Iran is a big country and their rulers have made many internal enemies and aren't that competent in general. Israel is just using this weakness to incur as much damage it can either to the infrastructure or by killing civilians (eg. scientists being exploded in front of their homes) without any apparent consequence from the so called "free world".
So should we celebrate how those who radicalized these mass shooters online have such sophisticated cyber capabilities?
On something like this, I expect the "human hacking" to be much harder, and the "everything is broken" nature of computing to be nearly unchanged. So I expect it to be computer hacking at any place where it's possible, and human hacking only to run around theoretically unbeatable protections (like air-gaps).
This is a baseless guess.
The real take-away from this is that you have a _very_ competent cyber-actor (Iran) getting pancaked at will by an _extremely_ competent cyber-actor (Israel) in what one would presume to be one of it's most, _if not most_, cybersecure locations (Natanz).
Nation-states using cyber capabilities in this way, and the non-response it evokes, is reminiscent of how pre-WWI nation-states would conduct policy and international affairs with their armies.
It's something I wish the general public were more cognizant of. We need to openly talk about this type of power and conflict. Otherwise we're going to have another WWI-type moment, where it takes millions of people dying before we realize that the state of the game has changed because of new technologies.
> _very_ competent cyber-actor
Please elaborate on this. As someone with direct exposure to this area and in this geography, my experience could not be described this way at all.
Let's not forget Iran's first "military satellite" was launched with an over the counter unencrypted amateur cubesat transponder manufactured by a Californian company
Given when we're talking about nations states as cyber-actors we're working with a pool of ~190. Compared to 90% of the other nation-states out there Iran is a _very_ competent cyber-actor. Enough so that it may even export that capability. This still means there are ~20 that are more competent, if not _extremely_ so.
Given your exposure in this geography can you name any of it's neighbors who have greater or even equal competency that aren't Israel or don't use citizens from an _extremely_ competent nation-state? They certainly had their way with Aramco, so not Saudi Arabia. Egypt? Jordan? Syria? Iraq? Perhaps Lebanon? And this just their neighbors. What about compared to Portugal or Spain? South Africa? Nigeria? Argentina or Mexico?
> Compared to 90% of the other nation-states out there Iran is a _very_ competent cyber-actor.
.
> Given your exposure in this geography can you name any of it's neighbors
Saudi Arabia targetted at least Bezos' phone
If citing a couple boneheaded moves like that mean they're not a competent actor, then who is? Consider: https://www.huffpost.com/entry/nuclear-missile-code-00000000...
That wasn't incompetence, it was malicious compliance.
In my mind, most countries can't figure out how to plan or coordinate a cyber-attack. With a limited pool of nations to pick from, even being able to coordinate an attack makes you relatively "very competent" (among your peers), however, that would also be a matter of perspective. It's equally valid to determine a criteria of competency and rank/describe countries based on those thresholds.
I agree with your wider point but...
Launching a satellite means you can put a warhead anywhere on earth and no one can stop it. It's a achievement in rocketry, not whatever is on the end of the rocket. The actual satellite could be a crushed car for all anyone cares.
There is a new cyber study from HP and a UK Uni.
âWe may be at far greater risk from the internet than was ever suspected,â Michail McGuire, senior lecturer of criminology, said. His new study of the nation-state cybersphere shows that we may be closer to advanced cyber conflict (cyberwar) than at any point since the inception of the internet.
I thought it was far fetched, but incident like this show itâs not.
https://press.hp.com/content/dam/sites/garage-press/press/pr...
> A cyber-treaty wonât be coming overnight: As a comparatively new area of international relations, there are fewer 'rules' and far more grey areas â for example, blurred lines between Advanced Persistent Threat (APT) groups and Nation States. While there is hope we will one day come to an agreement on cyberwarfare and cyberweapons, today there is very little in place that can stem the tide.
And there it is on page 1!
Excellent contribution, thank you so much for this.
"closer" as in "if you listen to the firewall log, you can hear the artillery"
Having competency in red team scenarios doesn't translate to having a cyber-proof national infrastructure, as is evident.
They are actually two wildly different problem sets. And the latter is boring & unsexy.
Also in my opinion, blue teaming is harder. Red team has to find one weakness to win. If blue team misses any system, vulnerability, process, anything, they are in trouble against the right attackers.
This can be seen by how many automated infiltration agents are around, and how few automated defense systems. And how annoyingly succesful they are.
Absolutely. The cyber security asymmetry in play. I'm actually working on this problem so it's very close to heart!
Pretty sure there is a myriad of american working and middle class that would outright oppose a draft now more than ever. The government would have to go full on chinese censorship with the internet to suppress free speech regarding why you shouldn't have to go.
"Israeli media have suggested that the malfunction was a result of an Israeli cyber attack."
"Last July, sabotage was blamed for a fire at the Natanz site which hit a central centrifuge assembly workshop."
The same facility was targeted by Stuxnet in 2010.
It's in almost everyone's interest to keep Iran from getting nukes. So, if any one of them are planning another sabotage, there's probably a line.
I don't know, if Ayatollah Khamenei's fatwa against nuclear weapons is to be trusted, I can identify somewhat with the argument for Iran gaining a deterrent, even though I'd _much_ prefer total nuclear disarmament in the region (effectively meaning just Israeli disarmament).
Iran has no other agenda other than producing nuclear bombs and I say this as an Iranian.
Iran has spent tens of billions of dollars in the past decade on what the regime's claims "peaceful nuclear power", ie to produce electricity.
meanwhile after spending tens of billions and four decades what we have is a 1000 MW nuclear power plant, and i assure you that's only a shop front so they can argue enriching uranium and making centrifuges are necessary to fuel the plant.
Iran has 2nd largest natural gas reserves in the world, because of sanctions Iran has lost lots foreign investments it needed to sell it and/or use it to generate electricity. Natural gas costs peanuts in Iran.
We could've made a deal with a foreign company and ask them to build and fuel the power plant for 1/4th of the price and 5 times the capacity like our neighbours (https://en.wikipedia.org/wiki/Barakah_nuclear_power_plant)
just in case you don't know, fuel for nuclear power plant is the cheapest item in the bill when you are building one. There is no economic benefit (and lots of disadvantage) to start from scratch and enrich your own fuel.
I don't want a regime who shuts down an airliner and deny it for 3 days have access to nuclear weapons.
do not believe a word from the regime who is killing its own people all the time. (https://en.wikipedia.org/wiki/2019%E2%80%932020_Iranian_prot...)
The going theory is that these proclamations when attributed to religious proclamations (Fatwa) versus policy statements are examples of Taqiya. This view is not without controversy as some claim it's just dog-whistling Islamophobia.
However I think a more nuanced view is that Iran is both a nation state as well as a religious state, so (like all nation states) it will protect it's interests however it needs to which will include deception. Whether anyone thinks that the deception is primarily stemming from religious or secular instinct is an exercise for the reader.
> nuclear disarmament in the region (effectively meaning just Israeli disarmament)
Iran shares a border with Pakistan, which shares borders with India, which shares borders with China, which shares borders with Russia and NK (all nuclear powers). Why don't you want to disarm them too ?
India and Pakistan arenât in the region?
> It's in almost everyone's interest to keep Iran from getting nukes.
Itâs in almost everyoneâs interest, absent complete regional disarmament in WMD, for someone other than Israel in the region to get nukes, and Iran is probably the least-bad option.
OTOH, it would reduce the possibility of eventually convincing Israel to go the South Africa route, but its dubious whether that can be managed anyway, short of a similar trigger, which doesnât seem likely in Israel for both demographic and geopolitical reasons.
Define "everyone"?
Practically every nation on Earth except Iran. Even the countries that have friendly relations with Iran would prefer to negotiate from a position of power. Notice that even after all these years that neither Russia, China, or any of the other nuclear powers have âlostâ nuclear material or technical information to enable Iran to make a nuclear weapon. And none of the non-nuclear powers would be happy if Iran had nukes but they did not.
The âalmostâ qualifier was intended for you. Other than that, more nukes on earth arenât good for anyone, especially as Iranian nukes would enable - not restrain - their aggression.
There is a bit of a sweet feeling: Sabotage can be mostly done without victims where the only collateral is equipment. Please do not see this as validating this specific sabotage itself, but with such scenarios at least we might have reduced human suffering part of our existence.
This (and the recent ish attack on the IRGC ship) is most likely the doing of Israel to prevent the JCPOA from being reestablished and from Iran getting any sanctions relief.
If Iranian lawmakers believe these attacks were by the US (they possibly do believe that), they will be less willing to enter an agreement with the US, and Israel furthers it's goal of isolating it's adversary, Iran.
JCPOA failing means no IAEA inspections. I donât understand Israelâs rational around stopping the IAEA inspections if they donât want Iran as a nuclear power.
Israel is not against a nuclear agreement in principal. They want to make sure it has enough teeth that it can and will be enforced and that it doesnât expire like the current one does.
This is the same reason most of the gulf states are against the nuclear deal in its current form.
Do you have a source where I could read more about Israelâs goals with the JCPOA? Even with the sun setting, the idea seems to be to keep reimplementing a new agreement under threat of future sanctions, just like you refi a TLB, and the Israelis should understand this.
If Israel cared about the risk of Iran becoming a nuclear power, then the JCPOA would have been gold for them. No, I think nuclear weapons are just a great excuse to isolate Iran from the international community and destroy its economy. If you have a quarrel with your neighbour, do you prefer him to be rich and respected or poor and ignored?
Proof is, again, that the strongest campaigner against keeping Iran's nuclear research under strict checks has always been Israel.
No IAEA inspections means Bibi can once again entertain the UN with cartoon bombs without getting any serious headwind.
Throw in IAEA inspections and that whole rhetoric out of Israel becomes much less believable and might even reflect badly on Israel itself when the IAEA inspections show them to be not true.
If there are no inspections Israel can make up whatever story it wants and act accordingly, as there won't be any neutral party to contradict it and Israel figures it has more diplomatic allies than Iran.
I have no idea if this is what's happening; it's just a possible strategic rationale.
Israel is clearly enjoying a great moment for inflicting damage on its arch-enemy. If Iran reacts, it's going to get the blame for attacking (because history always begins after Israel's latest offensive action) and the US will find a much hoped for excuse not to re-enter the nuclear deal. So Iran can only endure the humiliation and suck it up. So far they've shown an incredible patience.
I am going to have to disagree. Iran recently attacked an Israeli ship, but more importantly it continues to arm terrorist groups (note I am Israeli, so I am probably not objective here, but yes I believe Hamas and Hezbollah are terrorist groups. Some of you may think differently on that. We can agree to disagree) that are against Israelâs existence. Those groups are constantly either attacking or trying to attack Israel.
Now you can argue Israel is also attacking those groups and you wouldnât be wrong. Itâs almost impossible to figure out who started each round. We only ever hear a very small part of the story.
It is a circle of violence that will hopefully one day end.
> Iran recently attacked an Israeli ship
I think you already tried to say it, but remember Iran attacked an Israeli ship after 12 attacks to Iranians ships in 2020 by Israel. And 4 other Iranian ships were attacked in 2021 which two of them happened after Iran tried to retaliate by attacking an Israeli ship.
Israel clearly believes that the best defense is a good offense, but that strategy makes it harder to have any dialogue or peace.
> it continues to arm terrorist groups
That's all the US does, day and night. And they even say this publicly (although always implying that it is a good thing).
From a rationally objective and internationally legal perspective, the military occupation of Gaza enforced through land, sea and air entirely deserve violent retaliation against the occupying force. The Gaza strip is not your land and grand delusions about your moral superiority because you are a historically persecuted people is simply not going to wash. Nor for that matter is silencing critics using fake antisemitism tactics.
> terrorist groups [...] that are against Israelâs existence
I think this is an oversimplification useful to justify Israeli aggressiveness. It's also part of the self-deluded statements of those groups. If Israel was interested in peace and justice, it could act like the adult in the room and try to heal the wounds that are at the root of the violence. Let's not forget that Israel is practically an apartheid state (but conveniently outside its fuzzy borders, so it can keep pretending it's not) and that it's been steadily appropriating more land from Palestinians since it's been in existence.
If Israel were interested in peace and justice. My take is that it's not interested, because that would put an end to its expansion and unchecked power in the region.
Iran very much need the money. Iran will show patience as long as it's needed to unblock the money they have in foreign banks.
Once that's done, they'll use that money to make more missiles and arm the militia in middle east.
> the US will find a much hoped for excuse not to re-enter the nuclear deal.
Can you elaborate? All the indications I've seen clearly point to the US wanting to reenter the deal. Biden denounced Trumps withdrawal numerous times during the campaign and vowed to bring the US back into the agreement. It was part of his presidential platform that he ran on, and he lifted several sanctions put in place by the Trump Administration on Iran when he initially got in office (first 2 weeks). If the US really wanted an excuse to stay out, this seems an odd way of going about it vs not saying anything at all and silently continuing Trump's policies.
If you look at the history this theory seems quite rational. Israel has the most to gain RIGHT NOW, and while others have something to gain too (e.g. Saudi Arabia), they lack Israel's technical prowess.
It is really up to the US, if they want the JCPOA to move forward, to try and corral Israel (or better bring them in so they're fully onboard with JCPOA).
I have to say that I'm not seeing a ton of evidence that the US really wants to go forward with the JCPOA. The "adhere to the old agreement and then we'll come to the table" position seems designed to be unacceptable to Iran.
It's designed to partially neutralize partisan attacks from the right. I expect diplomatic discussions are far more substantive and nuanced, while the executives figure out how to manage the optics of an agreement.
Actively working against US foreign policy goals seems to be a pretty egregious act. If proven true, that seems like it would seriously erode or destroy the US alliance with Israel. There's a lot of institutional weight towards support of Israel, but that action would make them an enemy of US foreign interests.
"a 2013 National Intelligence Estimate on cyber threats âranked Israel the third most aggressive intelligence service against the USâ behind only China and Russia" [1]
"Israel among the U.S.âs most threatening cyber-adversaries and as a âhostileâ foreign intelligence service." [2]
"Israelâs snooping upset White House because information was used to lobby Congress to try to sink a deal" [3]
[1] https://www.timesofisrael.com/new-nsa-document-highlights-is...
[2] https://theintercept.com/2015/03/25/netanyahus-spying-denial...
[3] https://www.wsj.com/articles/israel-spied-on-iran-talks-1427...
Eh it kind of makes sense. Of course theyâre going to do their best to spy on America when so much depends on how Americans and their government feel about Israel.
US is divided internally on how to go forward with the JCPOA. Assuming it was Israel, I don't think the government could muster up enough support to punish a long-time ally for something like this .
I suspect most of the US intelligence community is happy with the attack if it successfully destroyed some of Iran's nuclear capability.
It actually increases the likelihood that they will rejoin the JCPOA under the original limits.
at this point iâm not sure anything can destroy us/israel relations, we still have a strong relationship with saudi arabia despite their clearly hostile acts
Keep in mind that "cyber attack" can be a cover for other types of attack.
It creates this convenient image of "hackers press a button and things blow up" to divert attention away from the reality.
I wouldn't be so quick in believing it being a cyber attack.
It can also be a cover for no attack.
The blackout happened when a previously unused part of the site was being brought online it couldâve been simply a normal fault.
Calling it a cyber attack may be beneficial for both parties, the administrators of the site get to save face, and the Israelis would happily take credit unofficially because they know that it would cause a longer delay because now the Iranians will be scrubbing their networks.
If theyâll also be replacing some equipment such as PLCs it opens the site to future attacks if any entity has the ability to compromise the supply chain.
Keep in mind it's also considered an act of war, not the first such attack on Iran and their scientists.
Wouldn't both the perpetrator and the victim have to be in on that deception? Why would both parties go along with that?
That's not quite what happened. First, Iran blamed it on cyberattack, then Israeli media took credit for it, because why the hell would they not? It's also not even confirmed, just assumed:
> Israeli public broadcaster Kan said that it could be assumed that the incident was an Israeli cyber operation, citing the discovery in 2010 of the Stuxnet computer virus
>That's not quite what happened.
I wasn't saying one way or another what happened. But a physical military attack by Israel would be much more frowned on by the international community than a cyberattack. In that situation, what motivation is there for Iran to conceal that to the benefit of Israel?
It makes one seem mighty, and it makes the other not seem as incompetent. If the attack was 'unprecedented', or 'unexpected' or 'sophisticated' then the people responsible from the victim's team are absolved of their failures and mistakes while the other side gets to look good and mighty.
But doesn't the "we weren't expecting it" excuse work much better for a physical attack? You always have to be vigilant of a cyberattack. It is neither "unprecedented" or "unexpected". Meanwhile the victim usually receives very little blame after a sneak military attack. "Israel launched an unprovoked military attack against a non-military target" seems like it would play better both domestically and internationally than what basically amounts to "they outsmarted us".
I see in the comments here that most of the talk has devolved to israel/palestinian conflicts or Israel/Iran conflicts, mostly with a lot of bad energy.
I am Israeli and last winter I spent 3 months living in Istabul doing coke/drinking/clubbing with a bunch of Iranian guys who left Tehran to make money and find opportunities in Istanbul. Turkey is one of the few countries they can go to easily. They all knew I was Israeli and they never cared, I met several groups of Iranians in my time spent there and they all had several things in common. They loved to party, they didn't care about Israel at all, and wanted to escape the theocratic clerics that enforced all the rules on them.
There is very much a huge portion of young Iranians that have big secret parties and participate in music and things the government does not allow. And I dont think the current regime can keep this up forever. Sometimes I get angry at social media, because everywhere I travel to now compared to 15 years ago seems like it is becoming the same, like all the cultures are just melting together into some kind of Instagram/narcissist thing, but in this case, in Iran and Saudi Arabia, I believe it is pulling the young into some kind of societal/cultural reform. Because everyone really just wants to have a good time.
I think the title is misleading. I do not see anything in the article confirming it was a cyber attack. Only media organizations claiming that it could be.
I agree. Maybe a prefix of âclaimedâ or âallegedâ or âassumedâ would help.
These are the strongest claims I found backing it in the article:
âIsraeli media suggest the incident was a result of an Israeli cyber attack.â
âA nuclear facility in Iran was hit by a "terrorist act" a day after it unveiled new advanced uranium centrifuges, a top nuclear official says.â
âLater state TV read out a statement by AEOI head Ali Akbar Salehi, in which he described the incident as "sabotage" and "nuclear terrorism".â
âRon Ben-Yishai, a defence analyst at the Ynet news website, said that with Iran progressing towards nuclear weapons capability it was "reasonable to assume that the problem... might not have been caused by an accident, but by deliberate sabotage intended to slow the nuclear race accelerated by the negotiations with the US on removing sanctions".â
And background given that 1) a cyber attack, stuxnet, has happened here in the past and 2) recent actions by Iran incentives an action like this occurring again.
How hard is it to enrich uranium, really? It was done previously with 1940s technology. No computers required really.
Pretty hard. But the enrichment isnât even the hardest part, just tedious. Iran has had the knowledge and equipment for several years. But it takes time to produce enough material to be useful, and they keep getting sabotaged. Not just the equipment, but top leaders and scientists get killed from time to time.
Keep in mind that the Manhattan Project employed over 100,000 people and cost a couple billion dollars, which would be tens of billions of dollars after inflation. Iran has been under sanctions of varying strictness for a few decades. That amount of people and money isnât trivial to them like it is to the USA in 1940, which was a rising superpower.
But that was with the technology available in 1940. I would imagine that this has become vastly simpler and cheaper since then.
What used to take rooms full of people with slide rules or state-of-the-art supercomputers can now be calculated on a Raspberry Pi in seconds. ABEC 9 ball bearings are disposable consumer goods that you can order by the 20-pack for $10. CNC machines went from non-existent to affordable by hobbyist groups.
Likewise, knowledge that used to be a state secret is now available in high school text books.
I can't imagine a Manhattan Project requiring anywhere near that amount of people and resources nowadays.
And the Manhattan Project only managed to enrich enough uranium for one bomb.
I'm pretty certain they made way more than one, but even if not - that was a really inefficient design. Only a few percent of the input material actually achieved fission.
But they had no trouble making two bombs to drop on japan?
The Manhattan Project also used 10% of the US electricity capacity
Get a daily email with the the top stories from Hacker News. No spam, unsubscribe at any time.