Ankara and Istanbul, along with most of Turkey’s main cities, were hit by devastating power outages Tuesday, March 31, a scary foretaste of the power of cyber warfare to wreak mass havoc when wielded by a hostile government or malicious groups of terrorists.
DEBKA Weekly’s intelligence sources and cyber experts were able to uncover the source of the attack and its methods. Their findings are reported here exclusively.
A piece of code acting as a ticking bomb, fitted with a monitored delayed action device, subject to remote control by malware, was planted deep inside the computers controlling the Turkish electricity grid – almost certainly by Iran’s cyber warfare unit.
Half of Turkey was thrown into chaos. Its neighbors were also affected by the shutdown of Turkey’s blacked out airports and traffic, which also cut off the lighting, heating, computers, traffic lights, medical facilities and elevators in 44 out of Turkey’s 81 provinces.
A population of more than 80 million, half of Turkey, was for twelve hours plunged back into the Stone Age.
Turkey’s unforgivable sin: Impugning Iran’s national honour
This was a demonstration of how far the Islamic Republic of Iran next door was prepared to go when it believed its national honor had been impugned by none other than Turkish President Tayyip Erdogan.
On March 26, he defended the Saudi intervention in Yemen by accusing Iran of trying to dominate the Middle East. He said that its actions had begun to annoy Ankara as well as Saudi Arabia and the Gulf emirates.
Erdogan posed a rhetorical question: “Can this be allowed [Iran’s meddling in other countries]? This is really intolerable and Iran must see this.”
The Turkish ruler had committed the unforgivable sin of querying Iran’s pretensions to regional dominance, and further advancing his own counter-claim.
Monday, March 30, Iran summoned Turkey’s top diplomat in Tehran, its charge d’affaires, to respond to “the Islamic Republic’s objections and regret for the president’s inappropriate and unusual comments.” The Iranian foreign ministry’s spokeswoman, Marzieh Afkham stressed: “We demand a clear and convincing response.” When no response came from Ankara, Tehran’s cyber experts were sent into action to punish Turkey with the plague of darkness.
DEBKA Weekly’s cyber experts attribute this digital offensive to the information technology specialists employed by Iran’s secret cyber army. One of its units is known as the Ashiyane Digital Security Team. It is totally committed ideologically to the regime.
Their technical prowess has been demonstrated in the past by repeated intrusions of Western government and intelligence networks by breaking through their defense measures.
Iran may have planted similar digital “bombs” in Western infrastructure too
Ironically, Iran’s clandestine cyber army is under the jurisdiction of the office of President Hassan Rouhani, the Iranian leader singled out in the West as a moderate with whom it is possible to do business.
Iran’s cyber offensive against Turkey exposed two new facts:
Firstly, that its cyber warriors stand ready for swift responses. After downing Turkey’s power network, they may have already planted fresh pieces of code in other critical systems, such as civil aviation, finance, water, transportation, health or security – all waiting for an electronic signal to go into deadly action.
Iran must also be presumed to have similarly invaded infrastructure in key Western countries, including the United States, planting pieces of code that stand idle until triggered by remote signals.
As in most Western countries, the Turkish national electrical grid has two sections: production and transmission. Power stations are distributed across the country, most of them near seaports for access to the regular shipments of coal and oil and usually operated automatically.
A simultaneous strike on the command and control systems of a large number of power stations is virtually impossible.
Iran’s cyber attack targeted the transmission control room
But the transmission system feeding current to the power stations, which supply the nation’s infrastructure, government, industry and homes, is by contrast much more vulnerable.
One central control room distributes and gauges consumption, its screens displaying at all times a comprehensive view of all sections and sub-sections of the grid.
This hub was the target of the Iranian cyber attack Tuesday.
Secondly, Tehran clearly commands the vast resources needed to shut down a central electricity control room on foreign soil, together with the necessary capabilities, skills, experience, multi-disciplinary technological expertise and advance intelligence for the act of cyber aggression committed against Turkey.
The Iranians must have counted on an insider for assistance. After hackers attacked the computers, Iranian electrical engineers familiar with the target took control of the mechanisms for switching the current off then on again.
They also had the experience. Under a longstanding economic treaty between Turkey and Iran, the Iranian electricity grid supplies power to some Turkey’s eastern provinces near their common border – hence Iranian engineers’ familiarity with the Turkish network and easy access to its operations.