Cyber War and Cyber Peace
eBook - ePub

Cyber War and Cyber Peace

Digital Conflict in the Middle East

  1. 224 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Cyber War and Cyber Peace

Digital Conflict in the Middle East

About this book

The Middle East is the region in which the first act of cyber warfare took place. Since then, cyber warfare has escalated and has completely altered the course of the MENA region's geopolitics. With a foreword by top national security and cyber expert, Richard A. Clarke, this is the first anthology to specifically investigate the history and state of cyber warfare in the Middle East. It gathers an array of technical practitioners, social science scholars, and legal experts to provide a panoramic overview and cross-sectional analysis covering four main areas: privacy and civil society; the types of cyber conflict; information and influence operations; and methods of countering extremism online. The book highlights the real threat of hacktivism and informational warfare between state actors and the specific issues affecting the MENA region. These include digital authoritarianism and malware attacks in the Middle East, analysis of how ISIS and the Syrian electronic army use the internet, and the impact of disinformation and cybercrime in the Gulf. The book captures the flashpoints and developments in cyber conflict in the past 10 years and offers a snapshot of the region's still-early cyber history. It also clarifies how cyber warfare may develop in the near- to medium-term future and provides ideas of how its greatest risks can be avoided.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Cyber War and Cyber Peace by Eliza Campbell, Michael Sexton, Eliza Campbell,Michael Sexton in PDF and/or ePUB format, as well as other popular books in Technology & Engineering & Military & Maritime History. We have over one million books available in our catalogue for you to explore.

1 conduct of code

A Historical overview of Cyberspace in MENA

Paul Kurtz And Aaron Ach
The MENA region’s geopolitics have been hacked, private lives have been reprogrammed, and public opinions have been infiltrated. Activity in the cyber domain bears responsibility for the changing approaches leaders take to governing their populations and to their geostrategies over the last decade. From early experimentation with internet censorship, to crippling wiperware attacks, to disinformation1 further polluting news and social media environments, cyberspace has presented opportunities for states to consolidate authority domestically and shift the regional balance of power. Cyberspace may be the only human-made battleground, but is hardly a borderless domain. Even this constructed realm is not exempt from domestic fractures, governance challenges, and security dilemmas, some of which have persisted in the region for generations.
Over the two-decade-long history of cyberspace in the MENA region, it has been a domain in and through which power is projected. As such, who projects power, against whom, and from what geography are all key considerations. In this chapter and throughout the book, we endeavor to shed light on how the complexities of sponsor-operator-target relationships have fostered sclerotic patterns of engagement in a domain where law often lacks implementation power or does not even exist in the first place. The cast of characters party to any cyber incident are compelled to act, react, or not act according to incentive structures that transcend cyberspace. Like other war-fighting domains, the attributability of a cyber incident to an aggressor (a matter of information completeness) and the geopolitical context in which it occurs generally govern whether and how the aggressed chooses to respond.
The Middle East Institute’s Cyber Program, and the contributors to Cyber War and Cyber Peace: Digital Conflict in the Middle East, outline four focus areas of the region’s cyber activity: (1) privacy and civil society, (2) cyber conflict, (3) information and influence operations, and (4) countering extremism online.2 The emergence of each focus area of the region’s cyber landscape has been asynchronous, making a chronological narration of the domain’s evolution less productive than an overview of the groups that are most active in the region’s cyberspace and their incentives for being so. In its potential to be used overtly or covertly, cyberspace affords flexibility to states in the region, non-state actors, and state actors beyond the MENA region to pursue their geopolitical, ideological, and financial agendas.
The Middle East is the region in which the first act of cyber war took place, but even that attack, commonly referred to as Stuxnet, inadvertently touched off more than just state-on-state cyber conflict. Unlike weapons of other war-fighting domains, tools of interstate cyber conflict may be repurposed by their creators or even recycled by a different actor into whose possession they fall, giving capabilities a cumulative relationship to one another.
Just as MENA nations have used capabilities domestically to control their socio-political landscapes, some of those same governments have deployed like tools against adversary states for geopolitical gain. For non-state actors native to or operating in the region, cyberspace has become an environment conducive to criminal activity, a digital arms trade, and the propagation of false information and extreme ideologies. For their part, global powers continue to treat MENA cyberspace as a proxy battleground in attempts to strategically shape norms of engagement in the domain. Native populations, some of which have only recently come online, are seen as unfortunate but distant casualties.
The ways cyberspace is being leveraged in the region testify to the flexibility it offers motivated and capable actors. Proliferating knowledge and diminishing costs to deploy both overt and covert cyber tools result in an ever-diversifying set of active parties. The domain has thus become attractive to both well-resourced groups, who may benefit from the relative difficulty of attribution and lagging laws, and less-resourced groups, who may find cyberspace allows them to punch above their weight. Cyberspace is what parties capable of acting therein want it to be, with both its creative and destructive potential tethered to its artificiality. As this collection highlights, studies of cyberspace are intersectional, as the domain agglomerates phenomena of social organization, including national security, global economies, law, civil society activities, and technological advancement, with an incomparable ease and immediacy.3

MENA State Actors

In the years following the United States’ declaration of war with Afghanistan (2001) and its invasion of Iraq (2003), there was concern among U.S. security partners that such an alliance would make them more appealing targets for terror campaigns by proximate extremist factions. The United Arab Emirates (UAE) quickly came to appreciate that the most crippling terrorist attack would be on its critical infrastructure. To architect a homeland security strategy that emphasized critical infrastructure protection (CIP) — of seaports, airports, and nuclear and petrochemical energy projects — from a physical or cyber terrorist attack, the UAE turned outward.4 Emirati defense and intelligence consulted current U.S. government and former national security officials, including co-author Paul Kurtz, as well as officials from the U.K., Germany, Italy, Australia, and Singapore. Abu Dhabi concluded it was imperative that the country have an organization with the capability and authority to surveil suspected terrorists. In the years between Kurtz’s first defensive contracts with Abu Dhabi and the creation of the National Electronic Security Agency’s (NESA) intelligence division in 2008, an irreversible linkage was fostered between defensive measures and the development of offensive capabilities that the UAE used to surveil non-terrorist persons of interest, including human rights activists, according to popular reports.5
While Abu Dhabi has drawn considerable attention from the international community for the genesis of its cyber capabilities, it is worth noting that its regional peers were in the process of undertaking similar efforts for some time prior to this (as were the U.S. and its intelligence partners). Initiatives to develop mass surveillance mechanisms were already underway around the same time elsewhere. A 2006 decree6 by Qatar’s telecommunications regulatory body (ictQatar) indicates the government’s intent to possess surveillance capability years before that capability’s development was made public in 2009.7 Even more sophisticated tools were being developed and deployed contemporaneously in Iran. In 2005, Iranian internet service providers began using an unlicensed “Smart Filter” package,8 a tool developed for defensive purposes by a European company, allowing the government to block content. By 2008, the Telecommunications Company of Iran had the means and capacity to conduct deep packet inspection (DPI) for every client on its network, a capability it would expand in 2010 with the help of China’s ZTE Corporation to include mobile and internet communications monitoring, blocking, and user-specific web page alteration.9
Iran, Qatar, and the UAE were among the first to make electronic surveillance capabilities part and parcel of their national security strategies, pulling the levers of state ownership or support of telecommunications and internet service providers in a way that is common in the Gulf. More quietly, however, governments in the Maghreb were exploiting surveillance technologies for similar purposes. Tunisia, for example, purchased multiple ready-made surveillance toolkits from American and European security companies.10 Tunisian President Zine el-Abidine Ben Ali, however, was far from the only dictator in the region to seek help from hack-for-hire outfits in an effort to quell the civil unrest on his doorstep, as detailed later in this and other chapters. Turning to non-state actors to develop and operate intrusion tools provided states a thin but real veil of deniability, a strategy also used to erode the certainty with which actions can be attributed to particular actors during interstate cyber conflict.
If in 2011 social media shed a light on the extent of civil unrest across the region, the cyber resources intelligence and law enforcement apparatuses had ready to deploy against the opposition evinced the high level of priority they had assigned to acquiring these capabilities in the years leading up to the Arab Spring. As uprisings across the region presented an opportunity for repressed peoples to raise their collective voices, many states reflexively pursued “digital authoritarianism,” a trend Mohammed Soliman explores in Chapter 8, to not only silence dissidents after they organized but also to undermine movement formation in the first place. In a recent panel for a conference produced by MEI,11 Dr. Sahar Khamis reflected on her change in attitude about the Arab Spring: Strides toward democratization have grown smaller with time since the uprisings, and it has become clear that the digital transformation has been more about how authorities exert control over their citizens than how their citizens resist that authority. (Dr. Khamis examines the role of digital authoritarianism in the regional COVID-19 pandemic response in Chapter 9.)
Surveillance platforms deployed “lawfully” in a domestic context and espionage tools deployed covertly abroad are two sides of the same coin. Acts of cyber espionage, as one of the most common modes of interstate cyber conflict, often lay the groundwork for future cyber or kinetic attacks. Espionage operations therefore entail longer lifecycles in order to obtain the desired information. One such campaign was Dark Caracal, a six-year operation discovered in 2018 as being run from within Lebanon’s General Directorate of General Security (GDGS), which targeted the communications of journalists, military officers, defense contractors, financial institutions, and government officials in over 20 countries.12 Iran, in its obsession with monitoring dissidents, is known to have conducted multiple campaigns against domestic individuals, business targets, and members of the global Iranian diaspora lasting up to 10 years.13 Alex Kobray and Evan Kohlmann compare approaches to state-sponsored hacking activity in Chapter 5.
The more knowledge an actor can glean about a target’s environment from an espionage operation the more likely an attack will be to proceed as planned when it comes time to disrupt or destroy. Government-backed espionage efforts are thus less threatening as standalone operations than they are as the first step in the larger “kill chain” of a more damaging cyberattack.14 One of the first instances in which cyberspace was used to “prepare the battlefield” came in 20...

Table of contents

  1. Cover
  2. Half-Title
  3. Series
  4. Title
  5. Contents
  6. Contributors
  7. Foreword
  8. 1 Conduct of Code: A Historical Overview of Cyberspace in MENA
  9. 2 Cyber Insurance as Cyber Diplomacy
  10. 3 Industrial Cyberattacks in the Middle East and International Consequences
  11. 4 Influence Operations in the Middle East and the Prohibition on Intervention
  12. 5 State-sanctioned Hacktivism: The Syrian Electronic Army
  13. 6 Disinformation in the Gulf
  14. 7 Operation Glowing Symphony: The Missing Piece in the US Online Counter-ISIS Campaign
  15. 8 The Rise of Digital Author­itarianism in the Middle East
  16. 9 A Battle of Two Pandemics: Coronavirus and Digital Authoritarianism in the Arab World
  17. Conclusion: Toward a Safer Regional Cyberspace
  18. Index
  19. Copyright