I. Battlespace

Their eyeballs felt it first. A wall of 104-degree air hit the cyber-security analysts as they descended from the jets that had fetched them, on a few hours’ notice, from Europe and the United States. They were in Dhahran, in eastern Saudi Arabia, a small, isolated city that is the headquarters of the world’s largest oil company, Saudi aramco. The group included representatives of Oracle, IBM, CrowdStrike, Red Hat, McAfee, Microsoft, and several smaller private firms—a SWAT dream team for the virtual realm. They came to investigate a computer-network attack that had occurred on August 15, 2012, on the eve of a Muslim holy day called Lailat al Qadr, “the Night of Power.” Technically the attack was crude, but its geopolitical implications would soon become alarming.

The data on three-quarters of the machines on the main computer network of Saudi aramco had been destroyed. Hackers who identified themselves as Islamic and called themselves the Cutting Sword of Justice executed a full wipe of the hard drives of 30,000 aramco personal computers. For good measure, as a kind of calling card, the hackers lit up the screen of each machine they wiped with a single image, of an American flag on fire.

A few technical details of the attack eventually emerged into the press. Aboard the U.S.S. Intrepid, in New York Harbor, Defense Secretary Leon Panetta told a group of C.E.O.’s that the aramco hack was “probably the most destructive attack that the private sector has seen to date.” Technical experts conceded the attack’s effectiveness but scorned its primitive technique. “It wrote over memory five, six times,” one hacker told me. “O.K., it works, but it’s not sophisticated.” Even so, many current and former government officials took account of the brute force on display and shuddered to think what might have happened if the target had been different: the Port of Los Angeles, say, or the Social Security Administration, or O’Hare International Airport. Holy shit, one former national-security official recalls thinking—pick any network you want, and they could do this to it. Just wipe it clean.

In the immediate aftermath of the attack, as forensic analysts began work in Dhahran, U.S. officials half a world away gathered in the White House Situation Room, where heads of agencies speculated about who had attacked aramco and why, and what the attackers might do next. Cutting Sword claimed that it acted in revenge for the Saudi government’s support of “crimes and atrocities” in countries such as Bahrain and Syria. But officials gathered at the White House could not help wondering if the attack was payback from Iran, using America’s Saudi ally as a proxy, for the ongoing program of cyber-warfare waged by the U.S. and Israel, and probably other Western governments, against the Iranian nuclear program.

When the history of cyber-warfare comes to be written, its first sentence may go something like this: “Israel gave the United States an ultimatum.” For a number of years, intelligence reports intermittently indicated that Iran was getting closer to building a nuclear bomb, which the Israeli leadership views as an existential threat. In 2004, Israel gave Washington a wish list of weapons and other capabilities it wanted to acquire. The list—for various kinds of hardware but also for items such as aerial transmission codes, so that Israeli jets could overfly Iraq without having to worry about being shot down by U.S. warplanes—left little doubt that Israel was planning a military attack to stop Iran’s nuclear progress. President George W. Bush regarded such action as unacceptable, while acknowledging that diplomacy and economic sanctions had failed to change Iran’s mind.