The Other Iran-Israel War
27:29 Share

Savor every last drop of summer with Starbucks. From bold refreshers to rich cold brews, the sunniest season only gets better with a handcrafted ice beverage in your hand. Available for a limited time. Your summer favorites are ready at Starbucks. Test, test, check one, two. You know you need Unique New York. You know you need Unique New York. Does that sound all right? Ah, that's better. You can always tell something's missing when you get isolated results.

Like AI that's only right for one of your systems. Get AI that can work across your data and applications. Learn more at IBM.com. The AI built for business. IBM. About 10 days ago, reports began to trickle out of Iran that customers of one of the country's major banks, Bank Sapa, were having trouble. If you were a customer and went to use your bank card, for example, it might not have worked.

You would have had difficulty getting into your account. You would have had difficulty accessing funds. You would have had difficulty with most aspects of banking. That's Politico reporter Maggie Miller, who covers cybersecurity. It's hard to get exact information on what happened. Much of Iran is still in an internet blackout. But it became clear that Bank Sapa was the target of a cyberattack.

A pro-Israeli hacking group had impacted that particular bank, also went after a prominent Iranian cryptocurrency exchange in recent days. And as far as we know, it wasn't so much involving the funds itself. It was meant to really cause chaos and impact the day-to-day living of Iranians who use those companies. A pro-Israel hacking group called Predatory Sparrow claimed responsibility for the attack.

They've been very vocal and very active with showing that they are taking stances against the Iranian government through targeting the Iranian people and some of their day-to-day uses. So banking, for example, and with the intent of doing harm to the government through creating chaos and confusion and distrust and fear amongst the populace.

Since Israel bombed Iran two weeks ago, the headlines have rightly focused on the physical conflict. But there is another, quieter war unfolding. ♪

Both Iran and Israel, and the U.S. for that matter, are all three quite big cyber powers. And all three, in particular Iran, I would say, really do turn to the digital space to create chaos, create havoc in those that they stand against. And one reason that cybersecurity or cyber attacks, I should say, are seen as quite tempting for many nations, or at least hacktivists working on behalf of those nations, is

is that really the international community has never really created a consensus over what it really means to be at cyber war or when the amount of attacks gets to a point that it really should, you know, lead to war in the kinetic space. Today on the show, the cyber war between Israel, Iran, and, oh yeah, the U.S. too. I'm Lizzie O'Leary, and you're listening to What Next TBD, a show about technology, power, and how the future will be determined. Stick around. ♪

This podcast is brought to you by Progressive Insurance. Do you ever find yourself playing the budgeting game, shifting a little money here, a little there, just hoping it all works out? Well, with the Name Your Price tool from Progressive, you can be a better budgeter and potentially lower your insurance bill too. You tell Progressive what you want to pay for car insurance, and they'll help you find options within your budget.

If you're running a business, you know how important it is to stay connected to your customers and having a flexible and efficient phone system is essential to success.

Thank you.

That way, any teammate can pick right up where the last person left off, keeping response times faster than ever. Plus, with AI-powered call transcripts and summaries, you'll be able to automate follow-ups, ensuring you'll never miss a customer interaction again. So whether you're a one-person operation or have a large team that needs better collaboration tools, check out Open Phone.

See why over 50,000 businesses trust Open Phone to manage their businesses' calls and texts. Open Phone is offering TBD listeners 20% off your first six months at openphone.com slash TBD. That's O-P-E-N-P-H-O-N-E dot com slash TBD. And if you have existing numbers with another service, Open Phone will port them over at no extra charge. Open Phone. No missed calls. No missed customers. ♪

I want to kind of lay out the various technological capabilities of the different actors here.

So let's start with Israel, what Israel is capable of. I think of them, and I am not the expert that you are, as really some of the best cybersecurity operators. Do you think that's a fair characterization? Extremely fair. I would characterize the government of Israel and actually its private sector as among the best in the world in terms of cybersecurity and cyber capabilities. One reason for that is Tel Aviv is one of the main hubs for cybersecurity companies in the world.

And the IDF has really integrated cyber capabilities into its efforts. And, you know, we don't always know for certain, you know, what the Iranian government is tied to. The same with when the U.S. carries out operations. It often doesn't claim credibility for diplomatic reasons.

But Iran is highly sophisticated. And, you know, I point to the operation, which, again, both the U.S. and Israel have never taken 100 percent accountability. But in 2009, there was a very famous attack on the Natanz nuclear facility, one of the ones hit by the U.S. strikes recently, that involved the U.S. and Israel creating a very advanced malware called Stuxnet and using it to

to set back the nuclear operations at that facility by months, even years, and actually leaving, my understanding, a lot of Iranian officials at the time quite puzzled because their equipment just started breaking. And, you know, that was kind of a very good and probably the most famous operation

example of some of Israel's capabilities along with the U.S. So, yes, Israel is a very highly sophisticated actor, uses cyber capabilities often. Iran, at the same time, never underestimate. You know, Iran is listed often as, you know, for the U.S., I would say one of the big four adversaries in the physical space. It also is in the cyber threat space. Tell me about that.

Yeah. So Iran very often sees, you know, cyber attacks as not only a way to, you know, cause chaos, but also to send a message. So just following the October 7th, 2023 attacks by Hamas on Israel, Hamas, of course, is an organization tied to the Iranian state.

There were a series of cyber attacks on U.S. water facilities at the end of 2023 that were not actually really designed to stop water flow or really impact, but it was messaging. So in this case, the pro-Iranian hackers involved targeted Israeli-made equipment in these water facilities that

hijacked it and put on the display screen an anti-Israel message. And kind of we're sending a message that, hey, we're in all of these rural Pennsylvania water facilities. And yes, all we did this time was send a message. But actually, the extent that we gained access, we could have done far worse. So often it's for messaging.

It also often involves a level of disinformation, a lot of social media manipulation. For example, there was a report that came out from a cybersecurity group in Israel called Checkpoint where they found evidence of...

phishing emails and messages being sent by a very specific Iranian government hacking group targeting Israelis, trying to get them to click on links to get access to certain accounts for surveillance reasons. The Israeli government this week also warned Israelis to disable their home surveillance cameras because those were becoming a target for surveillance by Iranian hackers. Yes. So while I would classify, to wrap this in a bow,

Israel as being potentially more sophisticated, Iran in some ways has a wider apparatus and really no fear of throwing everything at the wall to see what sticks. I think one of the things that's so interesting when I listen to you talk about this is how much this is about a flexing of muscle. Sometimes it is about true...

disruption, Stuxnet being an example, or the Hezbollah pager attacks where, you know, Israel was able to remotely trigger bombs in pagers belonging to Hezbollah members. But sometimes it's

It really feels more subtle than that. Like, it's sort of a psychological thing. Oh, 100%. And, you know, to go back to the top of this interview, talking about the attacks on the banks in Iran, as I said, you know, there could be a lot more chaos caused by those sorts of attacks. You know, you start draining funds.

That's something actually we typically see North Korea do because they're trying to get funding for the regime. But really what was designed with those types of attacks is disrupting the average person's day, making them resentful that their government cannot protect them from those sorts of attacks and just causing fear that, you know, they're being outnumbered by an adversary.

or outmaneuvered, I should say, by an adversary. And really, sometimes it really is about the messaging. And, you know, I think that's actually the vast majority of cyber attacks is more about messaging or more about financial gain than about actual disruption. I want to tease out a little bit the difference between state actors, state-sponsored actors, actors who are sympathetic to a state, like...

There seem to be many layers here, both of deniability, but then also like who's actually doing what? Like how much does it matter what the state does and what a group of hacktivists who are aligned with the state's goals do?

That is a good question, and I can answer that for days, but I'll try to boil that down. It really depends on the country you're talking about. So if you're speaking about the U.S., for example, the U.S. has very highly sophisticated cyber capabilities to bring to bear, but the government almost

almost entirely keeps those under wraps. And if it does carry out cyber attacks on other nations, almost never claims credit for it, again, as a diplomatic reason. Obviously, if a direct government directive from the top is seen against another country, you could say that is an act of war.

So what's very interesting, though, is that in certain countries, not the U.S., but in countries such as Iran, such as Russia, cybercriminal groups that are not getting direct, you know, directives from the top or even government officials, but are perhaps sympathetic to that government or regime, you know, they decide they want to carry out mostly lower level attacks. And those governments say,

great, you know, I'm not going to do anything to stop this because it's accomplishing my goals of messing with this enemy. However, it's not a government group. So the other nation has less, I guess, internationally sanctioned options to respond. So it is kind of a complex environment. Of course, in some cases, for example, China, most of those groups that, you know, maybe in Russia might be cyber criminal groups are all

almost entirely actually affiliated with the Chinese government in reality. So it often really does depend on the country you're talking about. After the break, even NATO can't quite figure out when cyber war becomes war war. This episode is brought to you by Discover.

It's smart to always have a few financial goals. And here's a really smart one you can set. Earning cash back on what you buy every day. With Discover, you can. Get this. Discover automatically matches all the cash back you've earned at the end of your first year. Seriously. All of it. Discover trusts you to make smart decisions. After all, you listen to this show. See terms at discover.com slash credit card.

This episode is brought to you by Agency. While single agents can handle specific tasks, the real power comes when specialized agents collaborate to solve complex problems. But there's a fundamental gap. There is no standardized infrastructure for these agents to discover, communicate with, and work alongside each other.

That's where Agency comes in. The Agency is an open-source collective building the Internet of Agents, a global collaboration layer where AI agents can work together.

It will connect systems across vendors and frameworks, solving the biggest problems of discovery, interoperability, and scalability for enterprises. With contributors like Cisco, Crew AI, Langchain, and MongoDB, Agency is breaking down silos and building the future of interoperable AI. Shape the future of enterprise innovation. Visit agency.org to explore use cases now.

That's A-G-N-T-C-Y dot O-R-G.

Whether you're gearing up for back-to-back meetings or tackling an endless to-do list, your morning sets the tone for it all. That's why I should start with the perfect cup of coffee. Enter Trade. I started by taking Trade's quiz, which consists of a few questions that help determine your coffee recommendations. I love how simple Trade makes it to discover new roasters and coffees to try. The descriptions make it exciting to figure out which bag suits you, and it makes it easy to try something new without feeling overwhelmed by all the options available.

Trade's experts have taste-tested thousands of coffees to curate over 450 amazing roasts. If that first bag isn't quite right, Trade will replace it for free until they nail it. Plus, you're supporting local roasters. It's a win-win. Right now, Trade is exclusively offering What Next TBD listeners 50% off your one-month trial at drinktrade.com slash TBD.

That's drinktrade.com slash TBD for 50% off your one month trial. drinktrade.com slash TBD. What do we know? And I recognize this is a delicate question about whether the U.S. and Russia are participating in any of the cyber attacks that are going on around the Israel-Iran conflict right now.

When it comes to Russia, there hasn't been too much in terms of evidence that Russian cyber criminal groups and certainly the Russian government have directly weighed in so far in terms of attacks against an uptick, I should say, in attacks against Israel or the U.S. in direct conflict.

reaction to the war between Israel and Iran. I should note that there has been an uptick in attacks or attempts by Russia since the war in Ukraine began in 2022. However, the U.S. almost 100 percent is indeed supporting Israel in this. And I can say that because following the strikes of this past weekend by the U.S. on Iran, the chairman of the Joint Chiefs of Staff, General Kane, said at the

the nation's cyber-offensive wing. General Kane said that they were directly involved in supporting the mission. Did not offer details. Nobody is offering details. However, the fact that they were mentioned among a few other Pentagon operations is very telling.

Also, there has been a long history. They wouldn't mention that if they didn't want you to know. Exactly. You hear Cyber Command dropped in and your ears perk up a little bit because I would say it's probably up there almost with the CIA in terms of secretive operations. That being said, you know, as the U.S. and Israel have one of the tightest cooperative partnerships on cybersecurity, I mentioned Stuxnet, you know, going back to all the way to 2009, almost certainly before then.

I know, for example, after the October 7th, 2023 attacks, the U.S. Cybersecurity and Infrastructure Security Agency, which is under the Department of Homeland Security and is sort of the counterpart to U.S. Cyber Command, it's the nation's cyber defense agency. So they helped to prepare critical groups. They directly offered assistance to Israel.

directly following the October 7th attacks to help Israel step up their defenses, to help monitor, to help provide resources. Given how closely the U.S. and Israel have always cooperated on cyber threats and also physical threats, it would be extremely surprising to me if we weren't quite embedded with them. It feels like there is a delicate balance here, though, and I'm really trying to understand this. I hope you can help me here, where

Cyber attacks are a threat. They are a display of psychological muscle. But then they can also do real damage. And I wonder if there is a point at which different countries, including the U.S., hold back or if there is kind of a line that is crossed where it's like, oh, you took out our X or Y reactor defense, what have you, and that is a real move of war.

Oh, absolutely. It's been an active discussion by the international community for many years. And in some ways, they've taken steps. So, of course, this week we had the NATO summit meeting in The Hague. And, you know, Article 5 a couple years ago, NATO's cornerstone pillar, which ensures that if one member of NATO is attacked, the others come to its aid, that article was expanded a couple years ago to include a cyber attack.

Now, it is quite nebulous language in terms of what cyber attack would trigger that. But in my conversations with experts over the years on this topic, it really has come down to, are people killed? Are people dead? And that could happen if you have, for example, widespread coordinated attacks on hospitals.

knocking them out of the ability to give patient care. There have actually been around the world, especially during COVID, deaths attributed to mostly cybercriminal ransomware attacks on hospitals that were under stress during a pandemic and people weren't able to get the support they needed at the time and unfortunately lost their lives. Attacks on the NHS in England.

Yes, a very good example. And another one would be one that really just disrupted lives in every way for long periods of time. You know, I personally can't imagine that if, for example, the Russian government was directly tied to a cyber attack that took out the grid for the city of New York, of New York City, I should say, for any amount of time that we would not respond in some way. And

The U.S. has responded in certain lower ways that, you know, I always find it fascinating when some of the details of cyber command activities do trickle out. The one I always give as an example. So, of course, in 2016, there was widespread Russian involvement in trying to sway U.S. elections.

Two years later, during the U.S. midterm elections in November of 2018, interestingly enough, the power for the section of the neighborhood in Russia where the Internet Research Agency, which is the Russian government's main, I guess you could say, troll farm behind most of their disinformation operations is,

They lost power for the entirety, about eight hours of the time that the U.S. citizens were voting. And it really made it very difficult for them to carry out operations. And while at the time Cyber Command said nothing on it, denied being involved, a couple months later, President Trump in his first term actually confirmed that it was the U.S. It was U.S. Cyber Command behind that. And I think that was a really interesting operation because as far as we know, nobody was killed. Nobody was harmed. It was isolated.

is obviously extremely targeted to that building. But, you know, there is a reason the U.S. didn't immediately take attribution because they're directly interfering with a government-sanctioned operation in Russia. So it's really interesting. But that is a line in the sand, and I think it's going to be one of those issues

situations, I hate to say it, that we'll know it when we see it, if we ever do, of what really does constitute an act of war. And then I think the international community will really have to fully take a stand and stop debating what that means if we see an attack that devastating. While you and I are talking at this moment, we're in this tenuous ceasefire. In a moment like this, do cyber attacks continue? Or do they stop too when outright military action stops?

Well, that's the question I've been trying to answer. And so far, at least in terms of the reports that I'm getting and conversations that I'm having from especially industry, that's really the ones that are focused on this. The answer is no. Cyber attacks are still ongoing. Threats are still ongoing. And of course, since the strikes over the weekend by the U.S. and Iran, at least probing by pro-Iranian or Iranian government agents

hackers on U.S. networks has, by one industry report that I reported on a few days ago, 800 times gone up against the U.S. So there is certainly a lot of activity in the digital space. And again, you know, as we've said, a lot of this could be very low-level threats, more messaging, more data collection, surveillance.

But because there isn't really a line in the sand on this, you know, it's one of those hybrid threats that can go on and not necessarily break the ceasefire like bombing can. There is also the complicated question of what America itself is doing to its own cyber capabilities.

Much of the work of the DOGE staff has involved centralizing data from across government agencies, creating a large data lake that might hold Americans' information from the IRS, the Social Security Administration, and the Department of Homeland Security. I asked Maggie if centralizing data like that was a cybersecurity risk.

1,000 percent yes. Anytime you have that much of a treasure trove, you could say, of data, that's going to be a major focus of cyber criminals that are trying to steal that data, sell it on the dark web of foreign governments trying to steal data on certain Americans. It really puts a target on that trove of data. And that's been, I mean, there's

many, many concerns associated with creating this sort of database in terms of surveillance. But also it's been pointed out by members of Congress, by people in the cybersecurity community, that unless, you know, you're putting your absolute best on that, that unless you're really focused on securing that database,

I'd be surprised if at some point we don't see a breach. I would also note that, you know, since you mentioned Doge, there's, you know, been huge changes to the federal government in Washington in terms of the size of the federal government. The Trump administration's cuts have targeted America's cybersecurity professionals.

One of the agencies that's been really gutted has been Cybersecurity and Infrastructure Security Agency under DHS. They've had one-third of their workers laid off. They've had to stop most of their state outreach to help states secure critical infrastructure. They also were involved in securing elections. All that work has been halted.

And they currently are without senior leadership. You know, it's not an easy workforce to replenish if there's ever an effort to reverse course. Maggie Miller, thank you so much for coming on. Thanks so much for having me. Maggie Miller covers cybersecurity for Politico. And that is it for our show today. What Next TBD is produced by Patrick Fort and Shana Roth. Our show is edited by Evan Campbell. TBD is part of the larger What Next family.

If you want to check out more Slate podcasts, listen to this week's episode of The Discourse, which is our special Slate Plus only episode from the What Next TBD team. This week, we're talking about what the President of the United States and Will Arnett have in common. Yeah, they are both starting their own mobile phone carriers. We'll also be back on Sunday with an episode about why the FTC is putting political restrictions on an ad merger. One hint, it involves Elon Musk.

All right. I am Lizzie O'Leary. Thank you so much for listening.