Syrian Government Hackers Are Catfishing Rebels For Information

Loose gifs sink resistance

Syrian refugee center on the Turkish border

Syrian refugee center on the Turkish border

Henry Ridgwell, Voice of America news, via Wikimedia Commons

Military secrets are only as secure the loneliest private. A report by online network security firm FireEye details that in the ongoing Syrian civil war, online forces loyal to Syria’s brutal Assad dictatorship have obtained information from rebel groups through such simple means as a friendly chat and a picture of a smiling face. Cyberwar, done on the scale of catfishing.

Soliciting secrets from soldiers is as old as war itself, and while the technology involved has changed, the basic mechanism remains largely unchanged. From The New York Times:

“You’ve got a conflict with a lot of young, male fighters who keep their contacts and their operations on phones in their back pockets,” said one senior American intelligence official who spoke on the condition of anonymity to discuss espionage matters. “And it’s clear Assad’s forces have the capability to drain all that out.”

Using a fake pro-Rebel website, complete with a match-making service, hackers working for the Syrian government allegedly reach out to rebel fighters using female avatars. In conversation logs obtained and published by FireEye, the hackers open by asking their targets if they Skype on a computer or a mobile device. While odd, it's an innocuous opening, but it immediately tells the hackers what kind of malware to send. The malware will often come wrapped in a picture, the file type changed to mask that the file itself is executing a virus.

For the hacked rebels, consequences of such cyber compromise may already be felt. The FireEye report describes a scenario in which ten rebel groups plotted out an attack against entrenched government forces in the southern part of Syria. Despite planning, the attack never materialized. FireEye found the plans on servers used by hackers working for Assad, and such a complete set of battle orders in the hands of their enemy suggests either the rebels called it off because they felt compromised or Assad reinforced his defensive positions.

If this sounds a lot like espionage, that's because it largely is. The sneaky business of scouting, spying, and misleading enemies is apart of the accepted canon of war, and we can expect these tactics from cyber war in the immediate future. Cyber attacks that cause tangible physical damage are extremely rare, but cyber attacks that steal information are fairly common. Some day, these attacks may rise to the threat of war on their own, but that is likely not today. Instead, expect cyber operations to be as common as spycraft and logistics are. Beneath the technical details, these cyber attacks are timeless in design.