The Syrian Question

By Miranda Sumey

As the Obama administration weighs the possibility of limited airstrikes in Syria, American companies are bracing for a wave of retaliatory cyber attacks from President Bashar Assad’s supporters. Hackers loyal to the Assad regime from Syria and Iran could potentially target banks and financial institutions, power grids, and other critical infrastructure should the U.S. intervene in the Syrian civil war. In fact, the Syrian Electronic Army (SEA), a hacking group faithful to Bashar Assad, has already launched a denial-of-service (DOS) against the New York Times’ website last month by hijacking its Domain Name Server, redirecting legitimate web traffic to an SEA server and rendering the site inaccessible for several hours.[1] In a perhaps more high-profile strike, the SEA was responsible for hacking the Associated Press Twitter account this past April, posting fictitious tweets about an explosion at the White House – with the effect of sending the Dow Jones spiraling downward.[2]

While the Syrian hackers so far have perpetrated mostly acts of online vandalism, their tactics could quickly get more sophisticated – especially if they seek external help. Though Syria alone may not yet have the capability to produce large-scale, sustained, and crippling attacks, there is a reasonable chance they could partner with more experienced Iranian hackers to become much more than just a simple nuisance to American businesses. Cyber attacks are rapidly becoming the weapon of choice for countries who could not take on the U.S. militarily: they may not directly result in American casualties, but could have severe effects on the economy or critical infrastructure.  The type of attacks most feared by those in the cyber security field are of the variety of those launched against Saudi Arabian state-owned oil company Aramco about a year ago. A virus called Shamoon, widely attributed to Iranian hackers, wiped the data held by more than 30,000 computers, virtually destroying Aramco’s critical information.[3] Digital sabotage of this scale in the U.S. could bring business activity to a screeching halt. Because of repercussions of this magnitude in the cyber world, the U.S. can no longer launch missiles into a country like Syria without fear of reprisal. 

The big question is this: if cyber attacks are such a game-changer, touted for leveling the proverbial playing field between the haves- and have-nots when it comes to military might, where are the Syrian rebel hackers? For a long while now, the SEA has been hammering Syrian rebel forces in the digital world. By hacking critical communications services used by the Free Syria Army, the SEA has been able to collect intelligence on dissident actions. Nevertheless, it hasn’t always been that way. In 2012, the Syrian rebels garnered massive support in their online efforts. International hacker groups such as Anonymous backed rebel efforts, even claiming to have accessed Assad’s own email account. Anonymous renewed their pledge to support rebel hackers again last November, as Assad threatened to cut off internet access across the country.[4] The U.S., too, has long been providing the Syrian rebels with support on the digital front, albeit more passively, by providing dissident leaders with free training in encrypting files and message traffic, circumventing government firewalls, and securing mobile phones.[5] Although the U.S. has not directly launched an offensive cyber attack against Syria, U.S. Department of State grants have attempted to assist the rebels in beefing up their cyber defense.[6] For example, the New America Foundation provided a grant to the rebels that would give them an “Internet in a suitcase,” which could guarantee access to the Web in the event that the Assad regime shuts down internet access. New smart phone apps present Syrian rebels with a panic button that will wipe all contacts and data in the event that the security forces find them or display a false screen when the wrong security code is entered. These defensive measures, however, pale in comparison to the SEA and its pro-regime counterparts’ more offensive tactics. 

Support for Syrian rebel hackers has waned as the war rages on. Unreliable electricity and Internet access have crippled the hackers’ capabilities; simultaneously, rebels are being killed or captured at a rate that drains their ability to continue a cyber war with Assad’s supporters. International hacking “partners” have backed off as the war worsens in the physical world, perhaps feeling that the rebels are too far gone or have bigger problems to pursue. Meanwhile, pro-regime hackers enjoy at least tacit support from the Syrian government, giving them an edge even if they are not state-sponsored. The SEA is winning on the digital front; they’re the big kids on the block. Having triumphed over the Syrian rebels online, they and their partners have vowed that the U.S. is next if it chooses to interfere. 

For those screaming that cyber war is the war of the future: Syria may just be the turning point.  


References:

[1] Andrea Peterson, “The U.S. isn’t bombing Syria yet. But it is providing tech support to the rebels.” The Washington Post, September 3, 2013, available at http://www.washingtonpost.com/blogs/the-switch/wp/2013/09/03/the-u-s-isnt-bombing-syria-yet-but-it-is-providing-tech-support-to-the-rebels/.

[2] Matt Buchanan, “Syria’s Other Army: How the Hackers Wage War,” The New Yorker, August 29, 2013, available at http://www.newyorker.com/online/blogs/elements/2013/08/syrian-electronic-army-hackers-new-york-times-tactics.html.

[3] Shane Harris, “How Did Syria's Hacker Army Suddenly Get So Good?” Foreign Policy, September 3, 2013, available at http://killerapps.foreignpolicy.com/posts/2013/09/03/how_did_syrias_hacker_army_suddenly_get_so_good.

[4] Jeb Boone, “Lacking international support, Syria's rebel hackers are losing the cyber war,” GlobalPost The Grid, March 22, 2013, available at http://www.globalpost.com/dispatches/globalpost-blogs/the-grid/syria-rebel-hackers-syrian-electronic-army-anonymous-support.

[5] Jay Newton-Small, “Hillary’s Little Startup: How the U.S. Is Using Technology to Aid Syria’s Rebels,” Time World, June 13, 2012, available at http://world.time.com/2012/06/13/hillarys-little-startup-how-the-u-s-is-using-technology-to-aid-syrias-rebels.

[6] id.