Sunday 27 March 2016

Iran’s cyber crimes

If engineers at a dam in New York hadn’t disconnected water gates from its electronic control center for maintenance work, a major disaster would have happened. On that day, hackers said to be belonging to the Iranian Revolutionary Guard managed to hack the dam’s electronic control center in order to unlock its gates and drown the area.
A court — which heard this case and other cyber attacks targeting financial institutions — revealed dangerous plots to attack vital installations in the country.
Unfortunately, only the direct perpetrators were made accused in these cases and no charges were framed against the Iranian regime, which should have been held responsible for those attacks. Threatening action against regimes involved in cyber attacks, whether Iranian or any other, builds deterrence against similar attacks in the future.
However, this wasn’t the only case of its kind. Other parts of the world have also come under similar attacks. The most dangerous was a similar group hacking the system of Saudi Aramco, which produces and exports the biggest quantity of oil in the world. Hackers tried to gain control of around 35,000 computers, which run the system. However the company quickly suspended most of its operations and regained control over the systems.
Cyber attacks are regarded as aggression by one country against another although it has not been categorized as such by international organizations such as the United Nations — though many agree that it is tantamount to dangerous crimes. 
American authorities have considered major cyber attacks as terrorist operations and the US federal grand jury accused the seven Iranian hackers of terrorism, the maximum charge which can be made against them.
However, only the perpetrators stand charged and not those standing behind them. The hackers’ cells usually work within a system linked to the Iranian security institution and it has several activities aimed at targeting vital institutions, like those related to oil, power, water and aviation, and even nuclear facilities, in countries, such as the US, which Iran considers hostile.
Targeting civil facilities to sabotage them and harm civilians are acts of terrorism, prohibited internationally even in times of war. One of the cell members, Hamid Firoozi, attained information about water levels and managed to open the gates. If they were not manually deactivated the area overlooking the dam could have been drowned. If the US prosecution had considered those inside Iran responsible for these cyber attacks, and not just the seven individuals, a mechanism would have evolved to fight cyber terrorism.
No information has been revealed about the Aramco incident, which took place in 2012. The damage was limited because the hackers targeted the company’s administrative system and not the computers tied to oil production. Their aim was to hit Saudi Arabia’s oil production and sabotage the company’s facilities. The bigger aim was to hamper the Saudi economy.
Two years ago, a report was released on organized cyber attacks being carried out by groups linked to the Iranian Revolutionary Guard. These attacks targeted facilities in 16 countries, including American military zones. All these are terrorist activities planned by countries and not by independent terror cells or gangs. They should be categorized as per international law and their activities should be declared prohibited.

No comments: