Information Warfare: Iran Goes Phishing For Syrian Rebels


July 23, 2012: The Syrian government may be on its last legs but they have fought the rebels in a number of ways that have not received much publicity. For example, it was recently discovered that someone was targeting pro-rebel websites and individuals outside of Syria. The attack came in the form of phony email addressed to a specific individual and made to appear it was from another rebel sympathizer or activist that the recipient knew. There was a file attached which, when opened, secretly installed monitoring software. Thus the infected computer could be secretly monitored by the Syrian government and files, email, and even all keyboard activity quietly copied.

This is known in the trade as "spear fishing" (or "phishing"), which is a Cyber War technique that sends official looking email to specific individuals, with an attachment which, if opened, secretly installs a program that sends files from the email recipient's PC to the spear fisher's computer. In the past few years an increasing number of military, government, and contractor personnel have received these official looking emails, with a PDF document attached and asking for prompt attention. Despite being widely known, spear phishing still works and intelligence gathering organizations use it more and more.  The spear phishing campaign against Syrian rebels was discovered and it appears that damage was limited (or perhaps not).

China has been particularly active in using this against pro-reform Chinese living outside of China. Other police states have also been found using these techniques. Another favorite Information War tactic is to shut down opposition web sites. This is usually done using a DDOS (distributed denial of service) attack. These are carried out by first using a computer virus (often delivered as an email attachment or via a game or an infected website), that installs a secret Trojan horse type program, that allows someone else to take over that computer remotely and turn it into a "zombie" for spamming, stealing, monitoring, or DDOS attacks to shut down another site. There are millions of zombie PCs out there and these can be rented, either for spamming or launching DDOS attacks. Anyone with about $100,000 in cash could carry out attacks. You can equip a web site to resist, or even brush off, a DDOS attack and some of those attacked were prepared. But others were not. Websites supporting the overthrow of dictators are increasingly being shut down, sometimes for weeks, by DDOS attacks or zombies that disable the site internally.

Syria was not known to have an extensive Cyber War capability, they apparently had Iranian Cyber War experts helping out. Criminal (as in Internet based crime) gangs are often preferred because these guys are up-to-date on all the latest techniques. All you usually have to do in return is offer the gangs a safe haven. The gangs have to refrain from major operations against the country they are in but most of the targets are in the West (that's where most of the money is). Of course, no one will admit to this sort of thing. But criminal gangs working for the secret police is an ancient practice in these two countries, something that goes back centuries. None of the major Internet crime gangs are in Syria, which leaves Iran, or even Russia or China, as the supplier of Cyber War weapons and technology to Syria.




Help Keep Us From Drying Up

We need your help! Our subscription base has slowly been dwindling.

Each month we count on your contributions. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage.
Subscribe   Contribute   Close