2 US defense officials say Israel hacked Iran’s gas system last month — NYT

Israel carried out a cyber attack against Iran’s nationwide fuel system last month, two United States defense officials told the New York Times in a report published Saturday.

Days later, Iran-affiliated hackers breached an Israeli LGBTQ dating site and released details of its users in a cyber attack that roiled Israel.

The exchange points to a new trend of targeting civilians in the shadow war between Israel and Iran. The two attacks appear to be the first that caused widespread harm to civilians, auguring an escalation in the cyber conflict as softer targets are drawn into the line of fire.

The hack of Iran’s gas distribution system began on October 26, shutting down civilian gas pumps and broadcasting digital messages blaming Iran’s supreme leader, Ayatollah Ali Khamenei.

The cyber attack brought all of the country’s 4,300 fuel distribution stations to a halt, resulting in traffic jams, long lines at gas stations and other transportation problems.

Technicians were able to fix some pumps within days, but the stations could only sell expensive, unsubsidized fuel. The distribution system did not fully recover until nearly two weeks later.

The attack took place close to the two-year anniversary of mass protests against the government over fuel prices and appeared designed to sow chaos and stoke anti-government sentiment.

At least one Iranian official at the time blamed Israel and the US for the attack.

An official in Iran’s Oil Ministry and an oil dealer told The New York Times that the attackers had also taken over Iran’s fuel storage tanks, and may have accessed data on international oil sales — secret information that could reveal Iranian breaches of international sanctions.

The Oil Ministry’s servers are not connected to the internet, raising suspicions in Iran that Israel have had help from insiders, the report said. Israel has reportedly used Iranians to carry out espionage activities in Iran in the past.

Four days after the attack on Iran’s gas system, hackers broke into the Israeli LGBTQ dating site Atraf and accessed files at a network of medical clinics, obtaining personal information on 1.5 million Israelis.

The Black Shadow hacking group released what it said was the full database of personal user information from the Atraf website, an LGBTQ dating service and nightlife index.

The hacking group uploaded the file to the Telegram messaging application after its demands for a ransom were not paid.

The data leak caused concern among those users of the Atraf site who have not publicly disclosed their sexual orientation or gender identification.

Yoram Hacohen, head of the Israel Internet Association, called the attack “one of the most serious attacks on privacy that Israel has ever seen. Israeli citizens are experiencing cyber terrorism.”

Later the same day, Black Shadow released what it said was the full database of personal information from Israel’s Machon Mor medical institute, including medical records of some 290,000 patients.

The directory reportedly includes information on patients’ blood tests, treatments, appointments for gynecologists, CT scans, ultrasounds, colonoscopies, vaccinations for flights abroad, and more.

Three Israeli officials said the Black Shadow group was part of the Iranian government, or working for it.

Black Shadow also stole a vast trove of information from Israeli insurance company Shirbit last year and then sold it on the dark web when the firm refused to pay a ransom.

Neither Iran nor Israel has claimed responsibility for the attacks.

US officials have also warned that Iran has tried to hack into hospital systems and other infrastructure in the US, The New York Times said. The countries and other world powers are set to resume negotiations over the nuclear deal in Vienna this week.

The yearslong shadow war between Iran and Israel has taken place on land, in the air and at sea. It entered the cyber realm years ago, most famously in 2010 when the Stuxnet virus — believed to have been engineered by Israel and the US — infected Iran’s nuclear program, causing a series of breakdowns in centrifuges used to enrich uranium.

Iran disconnected much of its infrastructure from the internet after the Stuxnet virus.

Israeli officials accused Iran of attempting to hack Israel’s water system last year.

Earlier this month, Iran released the name, photograph, phone number and home address of an Israeli cyber security expert who specializes in Iranian hacking efforts, in what appeared to be a new tactic for Iran.

The release of the information, or doxing, served as a tacit threat to both the cyber security specialist himself and to other Israelis who perform similar work.