In Syria, Conflict In Cyberspace Complements Ground War

Dec 31, 2013
Originally published on December 31, 2013 6:56 pm
Copyright 2018 NPR. To see more, visit


For Syrians who remain in their country, you might think that computer security would be a low priority, but with a civil war raging, so, too, is an electronic war between groups allied with President Bashar al-Assad and rebel forces. Anti-Assad groups use cyberspace to recruit fighters and coordinate with allies.

At the same time, the government is using computer malware to infiltrate and track them. Joining me to talk about this is Morgan Marquis-Boire, who is a security researcher at the University of Toronto and who's following the cyber conflict in Syria. Welcome to the program.


SIEGEL: And let's start with this malware. How does it work and what can Syrian government allied hackers hope to learn by installing it on rebel computers?

MARQUIS-BOIRE: The malware that is installed generally takes the form of a remote access toolkit so this allows a government attacker pretty much full access to a victim's computer. So in addition to allowing access to their files, it allows the recording of their online communications, their emails, their Skype conversations, their Facebook chats.

It also allows remote viewing of the user through their webcam or even a remote recording of ambient sounds that could be picked up by the computer's microphone.

SIEGEL: And what methods would they use, these pro-Assad hackers, use to get their malware to their target?

MARQUIS-BOIRE: Frequently, this has actually taken the form of what we would describe as social engineering, which is when you attempt to use some form of trickery in order to present yourself as a legitimate actor to someone in order to get them to trust you and therefore install software.

So for instance, we've seen fake documents which purported to be pertaining to the formation of a revolutionary high council for after the war. However, opening would actually install the type of implant software that I described to you earlier. There was a case of Aburan Galyun(ph) who, at the time, was the head of the Transnational Syrian Opposition, his Facebook page was compromised.

And so it appeared that he was giving advice to people to install the software. While people have become increasingly more knowledgeable of the risks posed by these types of attacks, the game has escalated and the attackers have become comparably trickier and more aggressive.

SIEGEL: Now, you've been describing government forces or pro-government forces hacking the Syrian rebels. Does the computer espionage also go the other way, that is to say, rebels hacking pro-government computers?

MARQUIS-BOIRE: Yeah, we definitely think things go both ways. Recently, we saw actions by the hacktivist group Anonymous, which involved the infiltration of at least 12 Syrian government websites. The hacktivist collective Telecomix discovered and publicized how the Syrian government's mass surveillance and censorship apparatus performed and they exposed this to the Wall Street Journal.

SIEGEL: Well, can you give examples of events that have happened on the ground that have been influenced by intelligence gained from hacking?

MARQUIS-BOIRE: Sure. We've had activists that have been physically targeted due to the compromise of the digital communications. A man named Timal Karim(ph) was captured by the Syrian regime and he was tortured during the course of this. All of his online communications were shown to him - more than 1,000 pages of printouts, data from his Skype chats and files that his torturers had downloaded remotely. I think a phrase that he most tellingly used was my computer was arrested before me.

SIEGEL: Mr. Marquis-Boire, thank you very much for talking with us today.

MARQUIS-BOIRE: Thank you very much for having me on the show.

SIEGEL: Morgan Marquis-Boire is a security researcher at the University of Toronto. He spoke to us from Berlin. Transcript provided by NPR, Copyright NPR.