Electronic Weapons: Syria Shows The Way

Archives

January 13, 2014: Despite three years of violence and chaos in Syria, the Internet continues to function, especially in major urban areas. The government tried shutting down the Internet, but quickly discovered that its own supporters were as dependent on the Internet as the opposition was. So although the government uses the Internet for spying on the rebels, the rebels in turn have become pretty good at evading the government snooping and using the Internet to get information in and out of the country and to provide a useful communications link for themselves. Other useful electronic tools, especially for the rebels, are smart phones and tablet computers. Android devices are the most useful because these are cheaper and easier to create special software for.

For example rebels have been seen using tablet and smart phone software to find targets for and aim their mortars and rockets. The rebels have also used web based mapping and satellite photo services to plan their operations. The rebels have a large network of sympathetic programmers and Internet specialists outside Syria who can create new Android software, or quickly find existing stuff that the rebels need. These Internet helpers have also provided the rebels with software and techniques to evade the Syrian attempts to spy via the Internet or block rebel access to the Internet. 

The government tried shutting down Internet access within Syria several times early in 2013. In several instances the Internet in Syria went dead for nearly 24 hours. The government claimed that it was a technical problem or a deliberate act at the handful of links to the outside world that carry all Internet traffic into and out of Syria. In any event that sort of thing stopped and it has been battle damage since then that has cut off more and more areas of the country from the Internet.

Meanwhile Syrian government supporters have been most frequently represented internationally by a group of Syrian hackers, calling themselves the Syrian Electronic Army (SEA). The SEA has been unable to do much damage to Israel, long the main foreign foe of the Assad government. Israel has one of the largest and most successful collection of Internet security firms on the planet and the SEA has found more success at hacking high-profile media sites everywhere but in Israel.

The SEA has been especially effective using spear fishing (attaching hacking software disguised as documents the recipient is urged to look at right away) to hack into media sites. Despite most media companies having in place software and personnel rules to block spear fishing attacks there are so many email accounts to attack and you only have to get one victim to respond for the SEA to get in (using the login data from the compromised account). The automated defenses are supposed to block the actions of the hacker software that is triggered when the victim clicks on the email attachment, but hackers keep finding exploitable vulnerabilities to these defenses and this creates an opening, as least until that vulnerability is recognized and patched.

The SEA has enough cash and expertise to know where in the hacker underground the latest and most effective malware attachments can be found and purchased. With that, it’s just a matter of modifying the malware package, buying the email lists (of media company employees) and the services of an illegal network of hacked PCs (a botnet) to transmit your spear fishing emails.

The SEA has another big advantage; Russia. This is one of the few (and most enthusiastic) foreign allies Syria has. Russia is where some of the most skilled hackers in the world operate from, and they do this by not attacking Russian targets and doing whatever the Russian government asks them to do. Apparently Russia told the Internet thugs they shelter to do what they can for the SEA and that has made the SEA far more effective than it would be if it just relied on its Syrian and Iranian members.

The Russians have also been helpful in increasing Internet defenses for the Syrian government. A lot of pro-rebel hackers and foreign intelligence agencies have been trying to use the Internet to spy on the Assad government.