Analysis: Cyber warfare is the new normal in the volatile Middle East



The shooting down of an Iranian drone after it entered into the Israeli airspace from Syria this month sparked off a debate whether a drone could be hacked using cyber technology and turned against its own operator, throwing light on the increasing importance of cyber warfare in the larger context of Middle East conflicts.

The incident led to a dangerous escalation in the volatile region with Israeli jets bombing a number of Iranian-backed targets in Syria, which resulted in the downing of an Israeli F-16 fighter by a Syrian anti-aircraft missile.

The Israeli military later claimed that the shot Iranian drone was modelled on the American RQ-170 ‘Sentinel’ stealth drone which was intercepted by Tehran in Dec. 2011 during a US reconnaissance mission, according to a CNN report.

The Israeli media wondered that if Iran has the technological ability to reverse-engineer a US drone, could it be beyond their capacity to hack into an Israeli drone and turn it against its own military?

“Israeli drones can also be hacked and already have been,” a report by The Jerusalem Post said, adding: “From 2011-14, [Palestinian armed group] Islamic Jihad master hacker Maagad Ben Juwad Oydeh hacked IDF drones while they flew over Gaza, as well as multiple parts of Ben-Gurion Airport’s network. The US and England also had previously hacked Israeli F-16s and drones for information.”

The report argued that while the Islamic Jihad hacker could only access information from the drone, but could not control the device, Iran with its greater technological prowess could perhaps turn an Israeli drone against its own.

“Could this same hacking technology be turned on Israel by an adversary just as the code from the US-Israeli attack virus Stuxnet [which targeted the Iranian nuclear programme] has been used for cyber-attacks on the US and Israel?” the report rhetorically asked.

Potential dark side of cyber risks

Cyber geopolitics will shape the relationship between Iran and its neighbors, say analysts.

“Since the 2010 Stuxnet operation that exposed Iran’s vulnerability to foreign interference via cyberspace, both Iran and the Middle East and North Africa’s most seasoned cyber actor, Israel, have built and consolidated their gains as full-fledged cyber powers,” said Kristina Kausch, senior resident fellow at the German Marshall Fund of the United States.

“Others in the region are trying to catch up. Among the immediate destabilizing effects is the impact Iranian cyber prowess could have on the Joint Comprehensive Plan of Action, the nuclear deal with Iran, and Tehran’s relations with global and regional powers,” she added.

Stressing on the “potential dark side” of cyber risks across the region, the Post concluded that drones and missiles may not be the only surprises that Israel may face in the next war.

However, the implication of cyber warfare is not confined only to military operations, but increasingly being seen in the political sphere as well.

“The political use of cyber tools is a powerful accelerator of geopolitical confrontation. The past few years have witnessed a cyber-awakening in the Middle East that has been overlooked for too long. Existing political tensions and conflicts in the region have gained an additional arena allowing for a much more rapid escalation,” said Kausch.

'Weaponized' Apple and Google apps?

On Thursday, multiple international news organizations cited a new report by the National Council of Resistance of Iran (NCRI), a political group that opposes the Iranian regime, claiming Tehran could be secretly spying on millions worldwide using military-developed apps on Apple and Google’s app stores.

The report claimed that the Islamic Revolutionary Guard Corps (IRGC) has created spyware-enabled apps for “cyber-surveillance and repression” that are available on the App Store, the Google Play Store and GitHub with the goal of 'monitoring and preventing' new political uprisings, London-based The Daily Mail reported.

The NCRI report specifically mentions the instant messenger app Mobogram, available on the App Store and the Google Play Store, as a 'weaponized' application developed and monitored by the Iranian regime.

“Cyber warfare has provided Middle Eastern states with espionage and offensive capabilities that were often otherwise unavailable to them in traditional, offline domains,” said Collin Anderson, US-based co-author of a recent Carnegie paper, “Iran’s Cyber Threat: Espionage, Sabotage, and Revenge.”

“The military and political strategies perfected in the region translated aptly into cyberspace. State and non-state actors that understood asymmetric warfare were the first to engage in cyber operations, namely Iran, [Palestinian group] Hamas, and Israel,” he elaborated.

Triggering political landslide in Qatar

Eventually, other players in the region have caught on, according to Anderson.

According to reports, the ongoing Gulf diplomatic crisis between Qatar and its closest regional allies was precipitated by a series of cyber-attacks attributed to the United Arab Emirates (UAE) and Saudi Arabia.

The UAE arranged for Qatari government social media and news sites to be hacked in late May in order to post fiery, but false quotes linked to Qatar’s emir, prompting a diplomatic crisis, the Washington Post reported, citing US intelligence officials. Saudi Arabia, the UAE, Egypt and Bahrain cut diplomatic and transport ties with Qatar on June 5.

Last week the Saudi-owned Al Arabiya news channel surrendered its UK broadcasting license held with regulator Ofcom after Qatar complained of the channel’s involvement in the alleged hacking of the state-run Qatar News Agency and subsequently broadcasting fabricated and false statements attributed to the Qatari emir.

Months later, pro-Qatar hackers retaliated by hacking Doha’s critics and regional adversaries including the UAE’s ambassador to Washington, Yousef al Otaiba, whose leaked emails hinted at covert attempts to influence the US foreign policy

“It did not take long to witness the repercussions of the democratization of hacking. The manipulation of the QNA prompted a cycle of retaliation that started with the weaponized leaks of emails sent and received by the Emirati ambassador to the US, and quickly transcended cyberspace into economic and political subversion,” Anderson said.

“The Qatar crisis in June 2017 provided a glimpse of how the pursuit of expansive geopolitical ambitions by means of targeted cyber-attacks could generate conflict and trigger political landslides in no time at all,” Kausch said.

“Combining considerable disruptive potential and quick deployment at low political and economic cost, cyber-attacks work nicely for actors who pursue an expansive geopolitical strategy with limited resources and seek to wreak havoc cheaply, quickly, globally, and with high impact,” she added.

Dark Caracal: Hacking from Lebanon

Last month, reports emerged suggesting Lebanon’s intelligence service may have turned the smartphones of thousands of targeted individuals into cyber-spying machines in one of the first known examples of large-scale state hacking of phones rather than computers.

The hacking campaign dubbed the “Dark Caracal”, believed to have originated from Lebanon's General Directorate of General Security (GDGS), targeted mainly Android phone users in at least 21 countries since 2012, according to a report by mobile security firm Lookout and digital rights group Electronic Frontier Foundation (EFF).

Targets included military personnel, journalists, activists, financial institutions and manufacturing companies and some of the stolen data included documents, call records, texts, contact information and photos.

“Five years ago, Lebanon was beholden to shady European companies that charged hundreds of thousands of dollars for hacking tools. Now, these same security services are using inexpensive spyware developed for criminals in order to put more people under surveillance at less cost,” said Anderson.

The Dark Caracal campaign “demonstrated that an actor with limited cyber security acumen had the ability to intercept personal and sensitive data from individuals in 21 countries, including government officials and military personnel,” said Mohammed Najem, executive director of SMEX, a Lebanese nongovernmental organization that seeks to advance self-regulating information societies in the Middle East and North Africa.

“As states such as Lebanon build mass surveillance infrastructure under the pretense of defending national security, few are implementing cyber security strategies that protect their own servers and networks and their citizens’ personal data," Najem stated.

More than ever, because of the looming threat of cyber warfare, countries in the region must enact cyber security legislation, regulations, and policies that not only protect the integrity of their telecommunications, banking, and energy infrastructure, but also the digital rights of their citizens,” he elaborated.

Taking spycraft to new levels

Analysts concede that hacking has become an important new piece in the political puzzle that is Middle East.

“This ranges from its use in times of war – cyber warfare – to malicious activity during peacetime and the gray zone in between the two. High profile cyber-attacks, such as the Stuxnet malware that targeted the Natanz nuclear facility in Iran in 2010 and the Saudi Aramco cyber incident in 2017, highlighted that hacking had reached the highest echelons of international security,” said Tim Maurer co-director of and fellow in the cyber policy initiative at the Carnegie Endowment for International Peace and author of “Cyber Mercenaries: The State, Hackers, and Power”.

Stressing that cyber technologies have taken spycraft to new levels, Maurer said: “In the blink of an eye an unprecedented amount of data can now be stolen that provide insight into the inner workings of governments and companies alike.”

“Sometimes this information can be leaked to the public, and often it is used for political purposes. Importantly, this activity isn’t limited to politics abroad but extends to politics at home, as well. Dissidents, nongovernmental organizations, and opposition parties are as much of a target as other governments’ systems, and in some countries even more so,” he added.

Najem emphasized that accessing, controlling, and manipulating information online now defines a permanent and expanding international battlefront. “Countries in the Middle East have hacked each other, deployed malware as a tool of war, and interfered in each other’s communications networks. Unlike conventional battlefields, cyber warfare has the potential to alter the balance of power between countries with asymmetrical military capabilities,” he explained.

Saying that experts often lament how much more costly it is to defend networks than attack them, Anderson said: “This difference is multiplied for the Middle East, where countries will continue to invest in offensive capabilities that might provide a deterrent, rather than focus on the hard work of defense.”

“Cyber capabilities have now become a necessity, so that if a state cannot defend against rivals, it nevertheless has to be able to hit back. Cyber warfare is the new normal in the Middle East,” he concluded.