Cyber-War In Syria: How Assad Hacked the Rebellion

REUTERS/Kacper Pempel/Files
REUTERS/Kacper Pempel/Files

Cyber-war is everywhere, most assuredly including the conflicts where physical bullets and bombs are flying. The struggle to topple the Assad regime in Syria, for example, has been “marked by a very active, if only sporadically visible, cyberbattle that has engulfed all sides,” according to a weekend article at the New York Times.

Even the most brutal war machines are flanked by skirmish lines of hackers, poaching valuable intelligence, and messing with the enemy’s command-and-control systems. Given how much cyber-warfare is boiling through the digital haze above Syria’s bloody battlegrounds, we can only wonder what a clash between top-shelf computer powers would be like.

The NYT opens up with a lively anecdote about a young Syrian rebel fighter falling for the oldest trick in the book: hackers from the Assad regime pretended to be an attractive lady flirting with him on Skype. One of the methods used to gain the rebel’s confidence was pretending that the imaginary flirt from Lebanon had the same birthday, information gleaned by merely reading the rebel fighter’s Skype profile.  They persuaded him to download a photograph of feminine pulchritude laced with powerful malware. Having thus gained access to the would-be Lothario’s computer, the regime proceeded to download a sizable quantity of tactical information, plus personal data about rebel fighters.

This was among a number of cyber-war engagements pieced together by a computer security firm called FireEye, which dissected some captive malware and followed the electronic footprints back to servers filled with stolen data. An unnamed US intelligence official told the Times that Syrian rebels evidently are not using good defensive techniques to protect their data: “You’ve got a conflict with a lot of young, male fighters who keep their contacts and their operations on phones in their back pockets. And it’s clear Assad’s forces have the capability to drain all that out.”

Hopefully the more savage, anti-Western elements of the Syrian rebellion are making such mistakes as well, and American intelligence operatives are taking comparable advantage. It would be a shame if ISIS and al-Qaeda forces are much better at covering their data than the “moderate” rebels. FireEye was unable to establish exactly where the pro-Assad hackers are headquartered, or how much their stolen intelligence has affected battlefield operations, although at least one major rebel operation appears to have canceled because they (correctly) suspected the Syrian government had stolen vital tactical plans from compromised computers.

Electronic espionage has been perpetrated against the Assad regime as well.  Unfortunately, it would appear that one of the biggest American surveillance coups against Assad was burned by Edward Snowden; his trove of leaked NSA documents includes details on a system of “beacon implants” slipped into Syrian severs that allowed U.S. intelligence to monitor Internet communications and cell phone traffic from Syria.

Further unfortunate news: the potent “Syrian Electronic Army,” a hacker group suspected to be covert operatives for the Iranian government, is at least as interested in hacking American targets (including the New York Times!) as they are in raiding Bashar Assad’s computers. The Syrian Electronic Army’s attack on the New York Times website in 2013, along with phony messages about a White House bombing sent over the hacked Twitter feed of the Associated Press, were widely seen as both tests of electronic-warfare capabilities, and a taste of the mayhem American Internet users might expect if their government took strong action to topple the Assad regime.

U.S. intelligence countered by developing a battle plan for an all-out attack on Syria’s electronic infrastructure, which could have crippled its air forces and compromised its electrical grid. President Obama decided not to proceed with this attack, perhaps out of concerns that it might lead to a cyber-war escalation with both Syria and its patrons in Russia and Iran. It’s also difficult to guess what the humanitarian fallout from such a cyber-attack might be – things are already horrible for civilians caught in the crossfire without taking down Syria’s power grid and communications networks – or how it might tip the balance of power and hand Damascus to ISIS and al-Qaeda.

It’s clear that the biggest cyber-war players have something approaching Weapon of Mass Destruction capabilities – they could unleash attacks that would severely damage both civilian and military infrastructure. The situation also resembles nuclear detente in that all of the hacking superpowers are reluctant to pull the trigger on such weapons – the chain-reaction effect on the world’s economy would be horrific.  Nobody on Earth would have a pleasant week, month, or year after the day America, Russia, China, and various proxies blew each other’s infrastructure to pieces with doomsday hacks and viral attacks. Any such high-level exchange of digital fire could swiftly make the Internet so toxic that delicate business interests around the globe would collapse. Also, the most powerful cyber weapons are one-shot affairs – as soon as any of the top players tips their hand by executing a massive attack, defenses against their techniques would quickly be developed.

For the moment, such detente keeps high-level cyber warfare in the shadows, limiting them to probing attacks, warning shots, defensive refinements, and careful surveillance… while the hot front-line actions in the cyber war are confined to capers like the Assad regime running honey traps on hot-blooded young rebels to gain access to their personal computers.  The effectiveness of even the simplest forms of cyber warfare lead to uneasy speculation about what a smackdown between the top dogs would be like.