THE CYBER-WAR IN THE MIDDLE EAST: ISRAEL, IRAN AND OTHERS
There is a war being fought in the Middle East which is seldom spoken about. It is a silent, sneaky war, but an important one because it endangers the security of many States and organizations. It is the Cyber-war, a non-conventional kind of war that is fought online. It is an offensive war, when it is used to penetrate the servers of the opponent and a defensive war when it is used to prevent one’s own servers from being hacked. This war’s importance is given by the fact that the internet has become global; a highway where everything moves and where everything can be intercepted, manipulated or damaged. One just needs to know the right technique. The cyber-warfare is not fought solely in the Middle East but across the globe (cyber crime, the criminal aspect of the internet, has risen by 30% in the past year). However, in the Middle East, where wars are ongoing and terrorism and instability are endemic, the importance of cyber-warfare is increased. Suffice to say that last January, when the consumption of electrical energy was essential to keep the Israeli population warm during a wave of low temperatures, a cyber attack against the country’s electrical company forced the caused the country to shiver for two entire days. A virus had managed to block the company’s computers, thus causing a halt to the company’s activity as well. In April last year a Palestinian hacker violated the Israeli servers, breaching the systems of the Prime Minister, Defense and Education ministries, the domestic intelligence service Shin bet, the Tel Aviv police and the local stock market. Two days later the Israelis retaliated by attacking the Palestinian office of vital statistics, where the information concerning 4 million individuals is kept. The data pertaining to roughly 700 Palestinian public employees, ministers and journalists were then uploaded to the web.
If we look further back, there is the cyber-war fought by Israel against the Iranian nuclear program by means of the “Stuxnet” malware and the “Flame” spyware.
The cyber-war is not aimed solely at penetrating servers and databases, but also at dis-informing, recruiting and spreading propaganda. This is why many countries have built their own, internal, structures to fight the threat and to exploit its offensive potential.
Israel
Isrealis were the first to foresee the potential threat posed by the cyber-sector when they created – over a decade ago – a structure called “Directorate C4i” (Command, Control, Communications and Computers). The Directorate operated within the army’s General Staff. In September 2014 Netanyahu announced the constitution of a new agency, the “National Authority for Cyber Defense” whose defensive role was that of protecting the State’s structures from cyber-attacks. This agency presides and coordinates all operative aspects of the cyber-war. The agency should operate in full efficiency within three year’s time. It falls under the jurisdiction of the Prime Minister’s office and coordinates its activity with the National Cyber Office (which exists from 2012), also in the hands of the Prime Minister. The offensive activity is developed by the army, in part by the Directorate of Military Intelligence, where the famous 8200 unit operates, and in part by the Military Signal Corps. The former is in charge of clandestine operations and is in close operative contact with the Shin Bet and the Mossad (which, in turn, have their own cyber-facilities). It is thought to be the more qualified of the two. The latter operates almost exclusively in the interest of the army; its activity is comprised of communications, encryption and decryption (in substance, it is the more ‘defensive’ branch). But the Israeli army also has a Brigade for Cyber Defense which answers directly to the army’s Chief of Staff. This structure forms its own Corp and is headed by an army General. The Brigade has its own structures and operative rooms. The structure’s inauguration has recently been the object of a military drill. All foreign operations planned by the army see a representative of the cyber-branch sitting around the strategy table. The tendency, as far as Israel is concerned, is that of unifying the offensive and defensive activity and, within the former, to do away with the dualism between military intelligence and Signal Corps. There are, however, other civil agencies that dedicate themselves to the sector within the Israeli State: – the aforementioned National Cyber Office, which expresses the guidelines for the development of cyber technologies (offensive/defensive), monitors the technological development in the industrial sector and encourages the cooperation between the various agencies (private/public). The National Cyber Office is also a consultant of the Prime Minister on all levels, including the legislative one. Within the agency there operates an ‘early warning’ room to spot cyber-threats. – the Authority for National Information Security, whose duty is to regulate and give advice to infrastructures that are vulnerable to cyber-attacks. – the various departments within the Police and the Shin Bet.
The plethora of agencies and structures give away the importance that Israel assigns to this kind of warfare, however, since it is a ‘young’, constantly evolving sector, there are still some unsolved problems, such as the lack of integration between the various structures. Nevertheless, at least with regards to the cyber-security sector, Israel is considered today one of the most advanced countries in the world.
Iran Iranians, whom have experienced the danger of cyber-warfare against their own nuclear program, also have a series of structures, both civil and military, dedicated to the development of strategies to face the threat. In 2010 Iran created the “Commando for Cyber Defense” (a military agency whose duty is to defend the State’s structures from cyber-attacks), which operates under the supervision of the “Organization for passive civil Defense” (a civil structure with military head – active since 2003) which, in turn, lies under the jurisdiction of the army’s Chief of Staff. All of these agencies are formed to answer to specific threats by operating though a “permanent commission” comprised of both military and government representatives. The hierarchy is military (until March 2011 they were administered by the President). These structures were created after Israeli/US hackers managed to block/damage the Iranian nuclear program with malicious software. In March 2012 Iran founded the “Supreme Council of Cyber Space” (Shoray Aali Fazaye Majazi), which expresses the directives in this specific sector to the various government agencies. The Council is headed by General Abul Hassan Firouzabadi, who acts as its secretary, and is comprised of the heads of the judicial system, of the Parliament, the head of the State television, the Commander of the Revolutionary Guards, the head of Police and various government ministers (Intelligence, Culture, Interior, Information, etc.) The duty of this agency is mostly that of control and censure, as we saw during the latest Parliamentary elections. Within the Supreme Council there is a commission that examines broadcasts and news from the mass media. The commission is comprised of representatives from the intelligence agencies, from the Interior ministry, ministry of Culture and Cyber Police, a special branch of the Police which fights cyber-crime and, of course, the opposition to the regime. Half of Iran’s population owns a smartphone, there are over 1500 websites and the use of social media, networks and messages is widely spread. In the past, such instruments were used in protests and demonstrations. Among the initiatives considered by the regime aimed at limiting the “negative” use of the internet there was that of creating a ‘closed’ web and a ‘national’ search engine. In July 2009 Iran created yet another structure, the “Commission for the identification of non-authorized internet websites”. This commission is headed by Khamenei, sided by the country’s highest institutional figures. The offensive activity is administered by intelligence and military structures, especially within the Command of the Revolutionary Guards, where there exists a cyber-unit. The numbers of its members are not known, but their specialty is: the unit is comprised of hackers who carry out their offensive activity abroad. The technical capabilities of this unit are regarded – by friends and foes alike – very highly. There are allegedly two cyber Commands in Tehran where operative activity is carried out. The paramilitary Corp of the Basiji (part of the Iranian army) also has its own structure, but it is considered to be professionally inadequate. It is nonetheless also supervised by the pasdaran. Due to the military campaign in Syria it is currently difficult for Iran to focus on cyber-attacks against other enemies, but in the future cyber-warfare will surely be an option against Iran’s historic enemies such as Saudi Arabia. The building blocks are already in place. In August 2012 (during Ramadan) a ‘spam’ e-mail managed to shut down over 35.000 computers belonging to the oil company ARAMCO. The attack was carried out by the self-proclaimed commando “sharp sword of Justice”, which was found to be operating out of Iran. The experiment was then successfully replicated in the following years against companies in Kuwait, Qatar and United Arab Emirates. In June 2015, at the start of Saudi Arabia’s military engagement in Yemen, another group called the “Yemen Cyber Army” managed to make public about half a million documents stolen from the Saudi foreign ministry’s servers. All of this happened despite the promise by US president Obama to assist the Gulf Cooperation Council in keeping their cyber-security up to date. That Iran is – just like Israel – particularly active in cyber-warfare is confirmed by the fact that over 50 agencies/companies in 16 countries were attacked from Tehran in the years going from 2012 to 2014 as a part of cyber-operation “Cleaver”.
The Hezbollah
Lebanon’s Hezbollah, who are directly assisted by Iran, have built a center for electronic warfare in the outskirts of Beirut, in the Shiite neighborhood of Dahya. The center is run by Wafiq Safa, a relative of the movement’s leader Hassan Nasrallah. The structure is mainly dedicated to offensive actions against Israel. Hackers and other experts are trained by Iranians in cyber-warfare. In the Summer of 2014, during the Israeli operations in Gaza, there were a number of hacking attempts against Israel originating in Lebanon, from a company/group called “Volatile Cedar”. It must be noted that in December 2013 the head of Hezbollah’s cyber activity, Hassan Laqees, was killed in Beirut, probably by members of the Mossad.
The Islamic Palestinian Jihad and Hamas
The Islamic Palestinian Jihad operating in Gaza is accredited with the capability for cyber attacks. The organization has managed to hack the Israeli telephone system and send messages to the population. Again, it seems that the training of the Palestinian hackers was carried out at the hands of the Lebanese Hezbollah thus, by virtue of the transitive rule, by the Iranians. Hamas, which also benefits from the same source of training, also has its own cyber guerrillas, both offensive and defensive. In 2014 their unit managed to hack the Shin Bet servers, thus unveiling the identity of Palestinian spies operating in Gaza. It is striking that such high hacking efficiency is not attained by the National Palestinian Authority and its agencies.
Syria
The Syrian army has its own structure called “Syrian Electronic Army”, to which sources attribute an attack against various journalistic structures (Reuters, Washington Post) and against the official website of the US Army.
ISIS
Al Baghdadi’s group allegedly carried out a cyber attack against the website of the Syrian Observatory for Human Rights in July 2015. The hackers named themselves “Cyber Army of the Caliph”. In January 2015, Caliph hackers hijacked the USCENTCOM’s Youtube and Twitter accounts.
From July 2015, in order to oppose the ISIS propaganda, recruitment and their transmission of operative directives over the internet, the European Union created a specialized unit that monitors internet traffic and the social networks. Suffice to say that there are over 40-50 thousand accounts operated by figures with ties to Islamic terrorism which dish out roughly 100.000 tweets on a daily basis.
Hamzi Abu Haija
The potential of the cyber war The goals of cyber-warfare are diverse: they range from espionage (by penetrating the servers of adversaries or by monitoring the various social networks) to dis-information, propaganda, psychological warfare, recruitment of sources, blocking of critical infrastructures, up to the identification of individuals for their apprehension or elimination. The case of Hamzi Abu Haija, an important member of Hamas’ Izzidin al Qassem brigade, falls in the latter category. Hamzi was killed in an Israeli raid on March 22, 2014. His location was found while he was busy chatting on facebook in the refugee camp of Jenin. By using cyber techniques, Israel also managed to monitor the negotiations on the Iranian nuclear program through a hole in the computers of a Moscow hotel where the delegations were staying. Cyber attacks can block the activities of hospitals (with dire consequences in terms of victims), hinder the supply of energy or water, crash a city’s network (even freeze traffic lights), interfere with electronic missile systems. Block a country’s telecommunications (radio, telephone, TV) and their army’s system of command and control, interfere and paralyze radars, blind the control towers of an airport with its airplane traffic… this list could carry on forever. In the near future, because of its offensive potential, this non-conventional kind of warfare will develop greatly in the Middle East and the main players, in virtue of their specific capabilities, will be Israel and Iran.