Iran's president says cyberattack meant to create 'disorder'
People fill their cars at a gas station in Tehran, Iran Wednesday, Oct. 27, 2021. Iran's President Ebrahim Raisi said Wednesday that a cyberattack which paralyzed every gas station in the Islamic Republic was designed to get "people angry by creating disorder and disruption." Long lines snaked around the pumps a day after the incident began as some stations began selling fuel again although at higher, unsubsidized prices. (AP Photo/Vahid Salemi)
Jon Gambrell And Nasser Karimi, The Associated Press
Published Wednesday, October 27, 2021 2:16PM EDT
DUBAI, United Arab Emirates (AP) -- Iran's president said Wednesday that a cyberattack which paralyzed every gas station in the Islamic Republic was designed to get "people angry by creating disorder and disruption," as long lines still snaked around the pumps a day after the incident began.
Ebrahim Raisi's remarks stopped short of assigning blame for the attack, which rendered useless the government-issued electronic cards that many Iranians use to buy subsidized fuel at the pump.
However, they suggested that he and others in the theocracy believe anti-Iranian forces carried out an assault likely designed to inflame the country as the second anniversary of a deadly crackdown on nationwide protests over gasoline prices approaches.
"There should be serious readiness in the field of cyberwar and related bodies should not allow the enemy to follow their ominous aims to make problem in trend of people's life," Raisi said. State television later aired footage of the president visiting a gas station in central Tehran.
The attack Tuesday also bore similarities to another months earlier that seemed to directly challenge Iran's Supreme Leader Ayatollah Ali Khamenei as the country's economy buckles under American sanctions.
On Wednesday morning, the state-run IRNA news agency quoted another official who claimed 80% of Iran's gas stations had begun selling fuel again. Associated Press journalists saw long lines at multiple gas stations in Tehran. One station had a line of 90 cars waiting for fuel. Those buying ended up having to pay at higher, unsubsidized prices.
The semiofficial ISNA news agency, which first called the incident a cyberattack, said it saw those trying to buy fuel with a government-issued card through the machines instead receiving a message reading "cyberattack 64411."
While ISNA didn't acknowledge the number's significance, that number is associated with a hotline run through Khamenei's office that handles questions about Islamic law. ISNA later removed its reports, claiming that it too had been hacked. Such claims of hacking can come quickly when Iranian outlets publish news that angers the theocracy.
Farsi-language satellite channels abroad published videos apparently shot by drivers in Isfahan, a major Iranian city, showing electronic billboards there reading: "Khamenei! Where is our gas?" Another said: "Free gas in Jamaran gas station," a reference to the home of the late Supreme Leader Ayatollah Ruhollah Khomeini.
The use of the number "64411" mirrored the attack in July targeting Iran's railroad system that also saw the number displayed. Israeli cybersecurity firm Check Point later attributed the train attack to a group of hackers that called themselves Indra, after the Hindu god of war.
Indra previously targeted firms in Syria, where President Bashar Assad has held onto power through Iran's intervention in his country's grinding war.
Abolhassan Firouzabadi, the secretary of the Supreme Council of Cyberspace, linked the attack to the Iran's rail system assault in July in comments reported by IRNA. He also said it affected all of Iran's 4,300 gas stations nationwide.
"There is a possibility that the attack, like a previous one on railway system, has been conducted from abroad," Firouzabadi said.
However, a former deputy telecommunications minister, Amir Nazemy, earlier wrote on Twitter that the "infrastructure of system of gas stations is an exclusive network and this sort of communications were not on the internet." That raises questions on whether someone inside of Iran with access to the system launched the cyberattack or otherwise facilitated it.
A previously unheard-of group claimed responsibility for the cyberattack hours afterward late Tuesday, in a message on the messaging app Telegram. It did not provide any evidence that it carried out the assault.
Juan Andres Guerrero-Saade, a researcher at cybersecurity firm SentinelOne, said the attack appeared extensively planned. He said that suggests a foreign intelligence agency -- not an activist hacking group -- could be responsible.
"It's super brazen," Guerrero-Saade said.
Cheap gasoline is practically considered a birthright in Iran, home to the world's fourth-largest crude oil reserves despite decades of economic woes.
Subsidies allow Iranian motorists to buy regular gasoline at 15,000 rials per liter. That's 5 cents a liter, or about 20 cents a gallon. After a monthly 60-liter quota, it costs 30,000 rials a liter. That's 10 cents a liter or 41 cents a gallon. Regular gasoline costs 89 cents a liter or $3.38 a gallon on average in the U.S., according to AAA.
In 2019, Iran faced days of mass protests across some 100 cities and towns over rising gasoline prices. Security forces arrested thousands and Amnesty International said it believes 304 people were killed in a government crackdown. Tuesday's cyberattack came in the same month in the Persian calendar as the gasoline protests in 2019.
The attack also came on the birthday of the late Shah Mohammad Reza Pahlavi who, stricken with cancer, fled the country in 1979 just before the Islamic Revolution.
Iran has faced a series of cyberattacks, including one that leaked video of abuses at its notorious Evin prison in August.
The country disconnected much of its government infrastructure from the internet after the Stuxnet computer virus -- widely believed to be a joint U.S.-Israeli creation -- disrupted thousands of Iranian centrifuges in the country's nuclear sites in the late 2000s.
Iran, long sanctioned by the West, faces difficulties in getting up-to-date hardware and software, often relying on Chinese-manufactured electronics or older systems no longer being patched by manufacturers. That would make it easier for a potential hacker to target. Pirated versions of Windows and other software are common across Iran.