False air raid sirens in Israel triggered by pro-Iranian hackers

Air raid sirens sounded in the Israeli cities of Jerusalem and Eilat on Sunday evening and it appears that they were triggered by a hacker attack, possibly conducted by Iranian hackers.

The sirens, which warn the population about rocket attacks, blared for nearly an hour, according to local media reports.

An investigation conducted by the Israeli military found that the alarms were likely triggered by a hacker attack that appears to have targeted municipal public address systems rather than the military’s systems.

While it has yet to be confirmed, the main suspect is Iran, whose hackers often target Israeli organizations and systems.

Ilan Barda, co-founder and CEO of industrial cybersecurity firm Radiflow, said:

Whether this siren attack by Iran was a false flag or accidental triggering remains to be seen but the lack of municipal cybersecurity is clear. If this was meant to cause disruption to civilian life, it would make more sense to conduct this incident during a religious holiday or time of large gatherings to shatter any sense of security.

It is possible that the sirens were triggered while hackers were still exploring for vulnerabilities within the municipality’s security system or that it was a false flag, being used as a distraction as another not yet published cyber attack was carried out. An example of this was the 2017 Iranian cyber attack on Saudi Arabia’s Aramco, where a breach was discovered, only to have thousands of computer systems compromised later, causing a devastating meltdown or explosion. Going after a municipality would bring a city or region to a halt, impacting supply chains, food deliveries, and more- putting a city under siege.

This cyber security incident comes roughly two years after hackers targeted several water and wastewater facilities across Israel. Those attacks were linked to Iran and experts noted at the time that the attackers appeared to have knowledge of industrial control system (ICS) hacking.

The rocket siren incident comes just months after Iran claimed to have foiled what it described as massive hacker attacks aimed at public services owned by the government and private entities.

More recently, an exiled Iranian opposition group claimed that it had taken control of many websites run by Tehran's municipality and thousands of the city’s surveillance cameras.

The other day, one of the largest banks in the United States based in Michigan, Flagstar Bank reported 1.5 million customers of a data breach where hackers accessed personal data during a winter cyberattack.