Skip to main content

Turkish blackout sparks fears of cyber attack on the West

Iran is now believed to be responsible for the blackout that, on 31 March, plunged over 40 million people into darkness in Turkey for over 12 hours, paralysing the country's principal cities.

Intelligence experts are speculating that the attack was a reprisal for support from Turkey to Saudi Arabia in a dispute against the Iran-backed Houthis in Yemen. It could also be related to Turkey’s recent moves to topple Syrian dictator Bashar Assad - a strong ally of Iran.

Iran-based hacker group Parastoo is already understood to have been actively recruiting hackers with the skills needed to break into the kind of control systems which run power grids and other utilities.

Significant escalation in the cyber arms race

The power outage in Turkey represents a significant escalation in the cyber arms race as foreign powers gear up to launch major utilities strikes on cities such as London and New York.

Turkey's cyber breach is already providing evidence that Iran now possesses a far more sophisticated cyber warfare capability than it did over two years ago when it is reported to have been responsible for the Saudi Aramco hack, which wiped roughly 2,000 computers and disrupted production for over five days.

Iran is, however, far from being alone in having access to the kind of cyber capability needed to plunge cities in the UK and the US into the dark ages. Russia and China, for example, have far more advanced cyber capabilities than Iran.

China literally has regiments of cyber hackers as part of its war machine and Russia is a global centre for sophisticated cyber attacks. Disturbingly, Russia has also reduced its nuclear strike warning time from 24 hours to four minutes.

Attack on West's infrastructure may be imminent

The threat of cyber warfare has now reached a level where the US now fears an attack on the West's infrastructure may be imminent. US intelligence officials also believe Iran was behind denial of service attacks on major US commercial banks in 2011.

According to General Keith Alexander, the former chief of the National Security Agency: "The greatest risk is a catastrophic attack on the energy infrastructure. We are not prepared for that."

He added that the "Doomsday" scenario for the West would be a sophisticated cyber attack on the electric grid, power stations and refineries. It is anticipated that this could be accompanied by a paralysing blow to the major banks' financial IT systems, raising the spectre of cities drained of power and money left facing the prospect of a physical attack.

This week, a group of hackers affiliated with Isis threatened to carry out a cyber attack, named "Message to America" against a number of targets early next week. The hackers promise something "surprising" that "will frighten America".

While many corporate executives on both sides of the Atlantic are aware of their country's fears of a cyber attack on their national infrastructure, few realise that they are sitting in the direct firing line of any cyber attack.

It is therefore, crucial that companies in countries such as the US and The UK tighten their cyber defences in anticipation of worsening attacks from countries such as Iran in the coming months and years. This means relying less on merely strengthening the corporate firewall but also taking stock of what malware or spyware may already be sitting on the system and which parts of the company's operations may already have been compromised.

The hacking methods used by state entities such as China, Russia and Iran are now highly sophisticated. Instead of attacking the utilities provider directly, cyber hackers are more likely to try and breach the IT system through a third party. This could be a client company of the utility or a contractor; it is almost impossible to anticipate which organisation's soft under belly will be the most vulnerable entry point.

State entities now targeting corporate websites

State entities are now targeting corporate websites to establish bridgeheads in economies they wish to disrupt.

In the US, federal investigators suspect that state-sponsored hackers from China may be responsible for the theft of 80 million social security records from insurance giant Anthem. This would endorse a confidential alert the FBI circulated last week warning that Chinese hackers were targeting personally identifiable information from U.S. commercial and government networks.

The Anthem attack is thought to be part of a pattern of attacks by foreign powers trying to hack into the personal lives and computers of a select group of defence contractors and government employees.

State-sponsored hacks are well-funded and themselves are often conducted on two simultaneous fronts. Sometimes teams of professional mercenary hackers are hired to distract a target organisation's IT staff from the main attack. This is technique that is becoming common and which can be extremely hard to defend against.

This was the case in a recent cyber breach which cost a Middle Eastern company the theft of 100,000 terabytes of data. Although the perpetrators have not yet been identified, the cyber breach was achieved by two separate assaults: one from the Ukraine and the other from Israel.

Cyber warfare now an integral part of military strategy

And while some governments are still prepared to see this type of attack as something that occurs only in cyberspace, there is mounting evidence that cyber warfare now forms an integral part of many foreign powers' overall military strategies.

The is, for example, a growing view in Washington that a diplomatic deal with Iran to limit its nuclear capability could have the unintended effect of accelerating the country's cyber warfare efforts. Defence experts in the US argue that Tehran might use resources released by relief from economic sanctions to grow its already rapidly expanding cyber program.

Iran's cyber program is widely regarded as the fifth most advanced in the world. Only last year, Ayatollah Khamenei urged university students in the country to see themselves as "cyber agents".

Iran is known to be investing heavily already in its cyber warfare capability, stockpiling precisely the kind of malware and IT expertise need to wage cyber warfare against the West. It is widely expected that Iran's initial targets will be economic.

Stuart Poole-Robb is the chief executive of business intelligence and cyber security adviser, the KCS Group.