Was Iran behind siren cyberattacks in Jerusalem, Eilat?

A diplomatic source said the hacker identity is uncertain, but suspicions have been raised that the cyberattack was carried out by Iran.

 Rocket siren system in Israel (photo credit: Wikimedia Commons)
Rocket siren system in Israel
(photo credit: Wikimedia Commons)

False rocket warning sirens that were activated in Jerusalem and Eilat on Sunday evening were likely caused by a cyberattack, the Israel National Cyber Directorate (INCD) confirmed on Monday morning.

By Monday, there was rampant speculation that Iran was the perpetrator of the hack, with a slew of cyber experts opining as such in interviews about the possibility of Iranian involvement.

However, a diplomatic source said there was still uncertainty whether the Islamic Republic was the source of the attack.

The diplomatic source also downplayed the significance of the attack, saying, “There is constant cyber activity against Israel. In terms of Israel working on increasing its cyber resilience, it is not in a bad place. Part of the [state’s] multi-year plan is to build a cyber iron dome in cooperation with other nations. The headlines exaggerated about the sirens yesterday.”

On Sunday evening, rocket sirens sounded for almost an hour in Eilat and across several Jerusalem neighborhoods including Talpiot, Katamon and Beit Hakerem.

Was it really a cyberattack?

The IDF initially said there was a system malfunction by the IDF, although the actual cause was unknown.

The INCD said the attack was directed against the municipal siren systems rather than through the IDF Home Front Command alert system, which is usually viewed as more secure.

The relevant authorities were instructed to take preventative measures against the threat.

Speaking to Army Radio on Monday morning, former IDF deputy chief of staff MK Yair Golan (Meretz) responded to the report, saying that Israel was preparing itself for Iranian attempts to harm the country through cyberwarfare.

“The Home Front Command’s alarm system was not breached, the municipal siren system was, but it is very worrying and disturbing,” Golan said. “If there is a breach point there, it should be closed immediately.”

The idea that someone else besides Iran would be behind the hack is hard to explain. There was no ransomware or monetary extortion element to the attack, which mostly disqualifies criminals.

Few nation states with powerful cyber programs besides Iran are in conflict with Israel. Even if, for example, Russia decided to retaliate against Jerusalem for its support for Ukraine, playing with sirens would seem to be beneath it.

In contrast, infiltrating a non-essential and less protected system that could get significant media attention, like the sirens, would fit into prior Iranian cyberattacks.

Illustrative photo of a cyberattack.  (credit: Wikimedia Commons)Illustrative photo of a cyberattack. (credit: Wikimedia Commons)

Cyberattacks on Iran

Last week, Iran claimed that it had uncovered a cyberattack on the municipality of Tehran. The attack impacted traffic cameras and other electronic services, but an Iranian official said it did not compromise any critical data.

Most cyberattacks on Iran have been laid at Israel’s doorstep, though there are some Iranian dissidents and human rights activists who have also hacked the Islamic Republic.

If Iran was behind Sunday night’s cyberattack, it would be another move in a long and cyclical cyberwarfare game between the countries that has escalated since spring 2020.

Omree Wechsler, a senior researcher at the Blavatnik Interdisciplinary Cyber Research Center, commented on “the story of Iranian cyberattack that may be behind false rocket warning sirens in Jerusalem. Specifically, the hacks targeted public address systems in Jerusalem and Eilat. As a clear Israeli symbol, it shows that this is an opportunistic attack and not a sophisticated and well-planned attack launched years ago. The hackers attacked where they found loopholes.”

"The hackers attacked where they found loopholes."

Omree Wechsler, senior researcher, Blavatnik Interdisciplinary Cyber Research Center

Wechsler added, “As many cyberattacks in the world are focused on financial or espionage targets, the Iranian activity against Israel is in accordance with the pattern of causing damage or creating panic. Such attacks are common and are part of a daily routine that includes thousands of attempts to hack into any system or server whose damage would cause media coverage.”

Lahav Harkov and Jerusalem Post Staff contributed to this report.