Pro-Assad hackers in civil war–torn Syria are targeting military opponents using increasingly sophisticated malware and social engineering attacks, a new report from the Electronic Frontier Foundation and Citizen Lab revealed.
Internet-based attacks by supporters of Syrian president Bashar al-Assad were observed as early as 2011. According to the report’s findings, the hackers used a combination of social media manipulation, malware, and remote-access devices in order to trick opposition fighters into giving them access to their computers. With this access they can surveil and manipulate the opposition forces.
The attacks detailed in the report used YouTube, Dropbox, email, and Facebook as social engineering tools to spread malicious software.
Here is one telling example: In an email-based attack, the hackers sent out a message with the subject line “Serious video – It shows the malice of al-Assad’s military.” Appearing to have been sent from militant opposition group, this particular email contained a link accompanied by the message “Leaked and very, very, very serious footage. See what happened to a civilian and what the civilian said.” At the other end of the link was graphic video of man “having his throat cut and bleeding to death,” as the EFF described it.
The video, however, turned out to be a decoy. As the user watched it, an executable file installed malware on their computer that allows pro-Assad hackers spy on them by to logging their keystrokes and take screenshots of their computers.
The EFF traced the malware from this and similar emails back to a Mexican company apparently hacked by the attackers.
In another similar attack, Syrian opposition received a message claiming to know the location of pro-Assad troops:
“Very important. For dissemination. [Information about] the military locations which civilians must avoid for their safety. The locations are also where the Islamic Army leadership decided to intensify its attacks with all kinds of weapons because the troops and leaders of al-Assad’s army gather there. [Information about] the important military barricades in the roads used for the [military] supply and where explosions targeting Shabiha barricades might take place. All places are illustrated using photos from Google Earth.”
The report does not specify whether the opposition forces in Syria are using the same tactics. Nevertheless, it gives insight into the increasingly powerful tactics of cyber warfare in Syria, and how those tactics exploit the decentralized, global, anonymous nature of the Internet. Even in this brief summary of the report, notice how major American technology companies like Facebook, YouTube, and even Google play an important (yet unknowing) role in the attacks.
“We urge Syrians to be wary of opening email attachments containing documents or PDFs and to be especially careful when clicking on links in pro-opposition Facebook groups and YouTube pages,” the report concludes.
Photo by Freedom House/Flickr