US cyber-attack on Iran shrouded in digital ‘fog of war’

A claim by US officials that a retaliatory cyber-attack ordered by the White House crippled Iranian missile launching systems will remain almost impossible to substantiate, experts say.

Citing unnamed sources, US media reported last week that the attack launched by the US Cyber Command disabled computers of the Iranian Revolutionary Guard unit responsible for shooting down an American surveillance drone over the Strait of Hormuz on 20 June.

However, Tehran denied the reports, saying “no successful attack has been carried out” by the US against the Islamic republic.

Julien Nocetti, of the French Institute of International Relations, said all sides “bluff” in such cases.

“You must not reveal your play,” he told AFP. “It’s an extremely subtle game of cat and mouse…It is not surprising the Iranians claim (the cyber-attack) failed and we have no way of verifying the statements of either side,” he added.

When it comes to cyber conflict, the “fog of war,” as military theorist Carl von Clausewitz calls it, is as thick as ever.

There are no fighting fronts or observers, and evidence and clues can be easily manipulated when the confrontation plays out within computer servers.

The fact that US officials chose, or were instructed, to quickly leak news about the alleged cyber-attack, points to a desire by President Donald Trump’s administration to prove it did not stand idly by, even after calling off a military strike against Tehran, experts said.

According to Nicolas Arpagian, a cyber-security expert, the reality of the attack and its exact objectives and effectiveness will remain a mystery.

“In this case, Iranian military targets were chosen. If they had been civilian targets, it would have been different,” he told AFP.

“If power plants were targeted, then power would have been cut off. If it were a water company, then people would have lined up to get bottles of water.”

Arpagian said only the Iranians would know the scope of the damage from a cyber-attack, while destruction from missiles would easily be measured.

“Digital weapons allow President Trump to show the world, and especially his supporters, that he is responding (to Iran),” he said.

But the fact that the targets are military means only the Iranians could tell if they have suffered any damage, which they will of course not do.”

On Monday, Iran’s telecommunications minister Mohammad Javad Azari Jahromi acknowledged Tehran has “been facing cyber terrorism, such as Stuxnet and unilateralism, such as sanctions,” but said “no successful attack has been carried out by them, although they are making a lot of effort.”

The Stuxnet virus, discovered in 2010, is believed to have been engineered by Israel and the US to damage nuclear facilities in Iran. Iran at the time accused the US and Israel of using the virus to target its centrifuges used for uranium enrichment.

Loic Guezo, of the French Information Security Club, said such cyber-attacks show that the US “has the resources and technical capabilities to neutralise an enemy’s system.”

“It is the establishment of a balance of power, the equivalent in wars of the future of a parade in (Russia’s) Red Square with hundreds of nuclear warheads,” he told AFP.

Tensions between Iran and the US have been high since Trump in 2018 unilaterally withdrew from a landmark 2015 nuclear deal signed between Tehran and world powers.

The accord sought to curb Iran’s nuclear ambitions in exchange for sanctions relief. But they spiked in recent weeks after Washington accused Tehran of being behind a series of attacks on tankers in sensitive Gulf waters. Iran has denied any involvement.

For Nocetti, the cyber-attack is not only a message for the Iranians but for other countries as well.

“It is a message for the rest of the world, Moscow and Beijing will be watching closely,” he said.