November 19, 2021
A cyberattack crippled gasoline stations all across Iran October 26, leaving angry motorists stranded in long lines.
The government initially said the shutdown was the result of a glitch in the system and denied there had been a cyberattack for a few hours.
Cellphone photos showed people trying to get gasoline pumps to work being greeted by a display on the pump that said: “Cyberattack 64411.” That telephone number connects to the part of the office of the Supreme Leader that accepts questions about Islamic law.
As a result of the cyber-attack, the pumps did not recognize the plastic cards that allow drivers in Iran to obtain 60 liters (16 US gallons) of regular gasoline a month at a subsidized price of 15,000 rials per liter (20.6 cents a US gallon or less than 7 percent the current price in the United States). However, pumps were generally reported working to provide “unsubsidized” gasoline, which customers can buy in unlimited amounts for 30,000 rials a liter (41 cents a gallon). (It costs Iran about $1.30 a gallon to pump the crude, refine it into gasoline and distribute it to gasoline stations, so at 41 cents a gallon, gasoline is still heavily subsidized in Iran.)
No group has so far claimed responsibility for the disruption, but multiple opposition groups appear to be resorting to such hacks in an apparent effort to embarrass the regime. The same day the pumps went down, some of the electronic signs the government uses along highways to post messages had notices reading, “Khamenehi, where’s our fuel?”
This latest cyberattack bore similarities to one in July on the Iranian railway system. That attack also posted the Khamenehi telephone number while canceling train departures. The Israeli cybersecurity firm Check Point later attributed the train attack to a group of hackers that call themselves Indra, after the Hindu god of war. Check Point said it has tracked that group to Iran.
Drivers were exasperated—especially those who were very low on fuel and couldn’t drive from station-to-station. But doing that didn’t work either. “I have been waiting a couple of hours for the gas stations to reopen so that I can fill up,” said a motorcyclist who gave his name only as Farzin. “There is no fuel wherever I go.”
The Iranian Students News Agency (ISNA) was the first to report the incident as a cyberattack. ISNA soon removed that report, claiming that it, too, had been hacked. Such claims of hacking can come quickly when Iranian outlets publish news that angers the regime. Eventually, the Supreme National Security Council announced that the problem was indeed a cyberattack.
Rumors circulated that the closure of the fuel pumps was associated with a purported plan to boost the price of gasoline, but the government quickly shot that down. Others speculated that the cyberattack on gasoline supplies was timed to coincide with the anniversary of the 2019 overnight tripling of gasoline prices. But that was on November 15, 2019, not October 26. October 26 does, however, have significance in Iran. It is the birthdate of Mohammad Reza Shah Pahlavi, who would have been 102 this year.
The pumps shut down at about 11 a.m., October 26. Oil Minister Javad Oji finally announced that all pumps were working as of November 4, a full 10 days after the hack. It appeared the fuel company could not solve the problem centrally, and every gasoline station had to reboot its pumps individually.
Officials initially said they would solve the problem and return to normal within hours. But on Friday, three days after the pumps went down, Fatemeh Kahi, a spokesman for the fuel distribution company, said only 34 percent of the stations were able to sell subsidized fuel while another 55 percent were selling unsubsidized fuel. That left 11 percent apparently closed down completely, though he did not explain about that 11 percent.
The attack did no obvious economic or physical damage. It was primarily an annoyance. The purpose, however, was unclear. Some speculated the perpetrators hoped to make Iranians mad at the regime because it could not prevent the attack from being carried out. Regime officials soon started saying that the goal of the hackers was to foment an uprising. The officials then reasoned that since there was no uprising, the attack on the gas stations had failed and the regime had prevailed.
The Oil Ministry has said the fuel system is not linked in any way to the Internet. This has prompted much speculation that the link to the pumps was therefore cut by someone on the inside of the fuel distribution company.