When Iran’s top civil defence official said his country was preparing for major cyber-attacks from Saudi Arabia, perhaps even he did not think it would take such a short time for his warnings to become reality.
In mid-May, Gen Gholamreza Jalali, the head of Iran’s Civil Defence Organisation, said he saw the mainly Sunni kingdom as his chief threat in the coming year.
Within days of Gen Jalali’s remarks, Iranian and Saudi hackers were attacking websites in each other’s countries in what Iranian media called “all-out cyberwar”.
On 25 May, a self-proclaimed hacker from Saudi Arabia calling himself “Da3s” apparently attacked the websites of Iran’s Statistical Centre and Registration Office, defacing the homepages with a photo of former Iraqi leader Saddam Hussein, who fought an eight-year war with Iran in the 1980s.
Many Iranian media sources thought the hacker had misspelled his name and that the attack was the work of the Sunni jihadist group Islamic State – widely known in the Middle East by its Arabic acronym, “Daesh”.
The Saudi hacker said on Twitter – where he identified himself as Salman al-Harbi – that he was not a member of the militant group, and that Da3s was the correct spelling of his nickname.
Since the Stuxnet computer worm hit Iran’s nuclear facilities in 2010, the country has invested heavily in cyber capabilities and set up a team of trained hackers known as the Iranian Cyber-Army.
Saudi Arabia has also stepped up its investment in cybersecurity in the past year in efforts spearheaded by its National Centre for Cyber-Security.
A day after Da3s’s attacks, a group calling itself “Iran Security Team” retaliated by targeting Saudi Arabia’s General Authority for Statistics and King Abdulaziz University, defacing their websites with a jeering message of its own.
Another team of Iranian hackers, calling themselves “Digital Boys Underground Team”, hacked the Saudi Commerce Ministry’s website.
Over the next few days, a series of apparently tit-for-tat attacks saw more websites targeted, almost all of which were defaced or rendered inaccessible by attacks.
Iran’s police and cyber-police force, its judiciary, national postal service and culture ministry were all targeted.
There is no evidence that official organisations in either state have been directly involved in the attacks. Iran’s cyber-police chief, Gen Kamal Hadinafar, said the hackers’ IP addresses had been traced back to Saudi Arabia but he did not accuse the Saudi authorities.
As the attacks continued, the messages left by hackers became increasingly political and hostile.
Tension between the two countries rose further when Saudi Arabia executed a prominent Shia cleric and opposition figure in January.
Protesters in Tehran ransacked and set alight the Saudi embassy. Riyadh responded by severing all diplomatic ties with Iran.
With relations at an all-time low, Tehran announced a few days ago that it would bar its citizens from attending this year’s Hajj (pilgrimage to Mecca) after negotiations over safety broke down.
Last year, more than 400 Iranian pilgrims had died in a stampede, leading to a war of words between Iranian and Saudi officials.
After hacking the website of Iran’s foreign ministry, a hacker group calling itself “Team Bad Dream” branded the Iranian government the “mother of terrorism” and demanded an end to the “killing of children in Iraq, Yemen and Syria”.
The group tweeted that a “cyberwar” between Iranian and Saudi hackers had begun.
In his latest attacks, Da3s pointed to the Yemen conflict and castigated the Iranian authorities for boycotting the Hajj.
“Why is Iran forbidding Muslims from attending this year’s Hajj? Relations between states are unrelated to freedom of religion!”
Iranian hackers hit back by highlighting the long-standing dispute over the naming of the Gulf.
Some Arab states refer to the body of water as the Arabian Gulf, but many Iranians see the name Persian Gulf as a source of national pride and object to any other form of words, including “the Gulf”.