Half of Turkey—44 of 81 provinces, 40 million people including those living in Istanbul and Ankara, suffered a massive power outage that lasted a solid twelve hours. It happened on Tuesday, March 31st.
It happened because Iran wanted it to happen. The blackout in Turkey was caused by a cyber hack that originated in Iran.
This cyber attack was payback, a taste of what Iran has to offer. Everything went down. Computers, airports, air traffic, traffic lights, hospitals, lights, elevators, refrigeration, water and sewage, everything simply stopped. In an instant, Turkey was transported back to the stone ages.
Attacks like this one are caused by malware inserted into computers via an email or a thumb drive that is attached to a computer that is somehow connected to the electric grid. The invading codes respond to commands and are activated by a message—often something as simple as an email. And it doesn’t even have to be an opened email. The program can be automatic or it can be controlled by an operator, it all depends on the type of hack. That’s how sophisticated these attacks can be.
There is a reluctance to announce a cyber hack. Bloomberg Business, on April 1st, cautiously wrote about the attack on Turkey, “while the source of the problem is still unknown, recent revelations that a 2008 oil pipeline explosion in Turkey was orchestrated via computer… demonstrates the increasing ability to penetrate systems.” Those who know, know.
Iran wanted an apology for what they termed Prime Minister Erdogan’s “inappropriate and unusual response.” Turkey did not apologize. So Iran turned out the lights in Turkey.
Iran’s cyber army has propelled itself into one of the world’s best. They have become very good at their craft and have probably inserted malware into the electric grids of many, many, other countries—probably even the United States. Over the past twelve months we know that Iran has successfully and repeatedly broken into the defensive systems networks of several Western nations. These reports come from Debka, Israel National News, Breitbart and even the Pakistan Defense Forum.
As far back as September 27, 2013 The Wall Street Journal reported on an Iranian hack against US naval computers. And this week the American Enterprise Institute and the Norse Corporation (a cyber security company) released a study entitled “The Growing Cyber Threat from Iran.”
USA Today, on December 2, 2014, described a highly sophisticated coordinated hack that had just taken place and explained that Iran attacked 50 targets in 16 countries. Cylance a cyber security firm headquartered in Californian called a different Iranian hack Operation Cleaver—named because the word “cleaver” was repeated over and over again in the code. And an Iranian hacker team responsible for other attacks has been nicknamed “Cutting Kitty.” The kitten reference is an allusion to the Persian cat. These events were all reported, albeit only lightly covered, in papers across the US.
There is a timeline that can help us understand why Iran decided to hack Turkey and why it happened when it did. It all began with Yemen and Saudi Arabia’s coalition and bombing in Yemen. The Saudis were out there confronting the Iranian-supported Houthi.
On March 26th Turkish President Erdogan defended the Saudi bombings. “Can this be allowed?” asked Erdogan. “This is intolerable and Iran must see this.” He was referring to Iran’s proxy involvement and sponsorship of the Houthi, the rebel tribe that is intent upon taking over Yemen.
Little did the Turkish leader realize how great a sin he committed by challenging Iran publicly. Four days later, on Monday, March 30th the Turkish charge d’affaires to Teheran was summoned. The Iranian foreign ministry spoke forcefully and forthrightly. They said: “We demand a clear and convincing response.” Iran wanted an apology for what they termed Erdogan’s “inappropriate and unusual response.”
Turkey did not apologize.
So Iran turned out the lights in Turkey. It was an almost perfect timeline.
The Iranian team working on this and similar cyber attacks is called the Ashiyane Digital Security Team. Ashiyane means “nest” in Farsi. This team has such a reputation among hackers that there are websites dedicated to their exploits and their hacks. The team chose not to attack Turkey’s well guarded electric power system – instead, they hit the distribution network. That was deliberate. In that way Iran was able to shut down and then reopen the power sources when they decided that the Turks had learned their lesson.
It is safe to assume that Iran has already infiltrated the electric grids and other vital targets across Europe where cyber security is often very lax. Like in Turkey, they probably have not insinuated their malware into the various main reactors but instead have found the weakest of cyber links which is the distribution side of the electric grid.
This attack on Turkey is the first time that Iran shut down a country through a cyber attack. This kind of an attack can bring the enemy to its knees very quickly. It was the first attack of its kind, I doubt it will be the only attack.