Iraq conflict breeds cyber-war among rival factions

Isis militants The conflicts in Iraq and Syria have a parallel cyber-element, research suggests

Related Stories

A cyber-civil war is being waged alongside the armed conflict in Iraq, research by security firms suggests.

As well as using social media to rally supporters and spread propaganda, some factions are employing hackers to gather intelligence.

Well-known attack programs have been re-purposed in a bid to to subvert routers and other systems inside Iraq.

More broadly, cyber-thieves are also using the conflict to help trick people into opening booby-trapped messages.

Local conflict

"The key parties are local groups within Iraq using malware for targeted intelligence on each other," said Andrew Komarov, chief executive of security firm Intel Crawler.

"It is very hard to confirm who is the author, as some of the malware is used from public sources," said Mr Komarov, "but it is very visible that it is used within Iraq, and not outside against foreign countries, which may explain the beginning of internal local cyber-war."

One malware program, called Njrat, was used in hundreds of incidents and had helped some groups create networks of machines they could control remotely.

Once machines were infected with Njrat, attackers immediately started stealing files or using a computer's camera or microphone to monitor what was going on around it.

These attacks differ from those seen when malware similar to Njrat is used in other countries, said Mr Komarov. Instead of simply spamming out messages seeking victims from whom attackers can steal money, the cyber-activists in Iraq seem to target particular cities, groups and even families.

"All the attacks are very selective and affected mostly local conflicting parties," said Mr Komarov.

In addition, he said, Intel Crawler had seen some civilians targeted but these might be relatives and friends of people more closely involved in the conflict in the region.

Still from Isis annual report Isis has been an adept user of social media and computer technology

Attackers attempt to infect potential victims using social media, said Mr Komarov but they are also scanning the net within Iraq seeking routers that they can then subvert using their own tools. The majority of these attacks are concentrated on four Iraqi cities, Baghdad, Basra, Mosul and Erbil.

"The reasons for doing this are intelligence gathering against local protest, opposition parties, as well as their contacts in civil population, or government and vice versa," he said.

Intel Crawler gathered its information by monitoring activity on Iraqi cyberspace and via intelligence contacts in the region.

Cyber-security firm Kaspersky Labs said the conflicts in Iraq, Syria and other Middle Eastern nations had spawned a whole series of attacks that were hitting people across the region.

Senior security researcher Mohamad Amin Hasbini said many of the attacks had been "heated" by the continuing conflict, but it was not clear whether they were all politically motivated.

However, he said, there was evidence that attackers were exploiting interest in the conflict to trick people into opening booby-trapped attachments or visiting pages that exploit vulnerabilities in browsers.

Topics such as Shia Muslims, connections between Syrian President Assad and Isis, arrests of Isis militants, names of Hezbollah infiltrators and information about trouble spots in the region had all been used in files seeded with malware, said Mr Hasbini.

"Malware used in those attacks appears to have been distributed with the help of social media channels including Facebook, YouTube, political forums and via e-mail, Skype and Whatsapp messengers," he added.

Njrat as well as other malicious programs called Bitfrost and DarkComet had all been used to create these dangerous messages, he said.

"After successful infection, the hackers are capable of monitoring the device and can take full control, including key-logging, taking screenshots and activating the camera," he added.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features & Analysis

  • An ant and a humanAnts v humans

    Do all the world's ants really weigh as much as all the humans?


  • Tattooed person using tabletRogue ink

    People who lost their jobs because of their tattoos


  • Indian coupleSuspicious spouses

    Is your sweetheart playing away? Call Delhi's wedding detective


  • Civilians who had been hiding inside during gun battles manage to flee  from the Westgate Mall in Nairobi, Kenya Saturday, 21 September 2013Westgate's questions

    One year on, Kenyans await answers about the mall attack


BBC Future

(USAF)

Secrets of the aircraft boneyards

The vast storage sites for surplus planes Read more...

Programmes

  • StudentsClick Watch

    Could a new social network help tailor lessons to students’ needs and spot when they fall behind?

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.