4 December 2017

How Cyber Gray-Ops Became the New Norm in the Middle East


LEVI MAXEY AND BENNETT SEFTEL 
Cyber-enabled information operations in the Gulf, such as the one that seemingly spurred the ongoing feud between Qatar and its neighbors, represent the gray line between open conflict and backchannel disagreements that have proven difficult to respond to, according to experts who spoke at an event Wednesday co-hosted by The Cipher Brief and the Qatar-America Institute. Influence operations are an age-old tactic, but coupled with digital technology, they can uniquely lend privileged access to key communities, plausible deniability and a global audience. 

The crisis began to unfold on June 4 when Saudi Arabia, Egypt, Bahrain and the United Arab Emirates abruptly severed diplomatic ties with Qatar, citing Doha’s alleged support for Iran and the Muslim Brotherhood, as well as for U.S. designated terrorist groups such as Hamas, Hezbollah, al Qaeda, and ISIS, and subsequently implemented an air, land and sea blockade. 

On June 23, Qatar received a list of 13 onerous demands that it must meet to normalize relations with the four Arab nations. Qatar responded with counter provisions, and since then Kuwait has taken a proactive role in serving as a mediator between Qatar and its neighbors. 

But while the public-facing diplomatic fallout began in early June, a subtle cyber-enabled information operation may have intentionally ignited the tensions days earlier. 

On May 24, a video with falsified captions was posted on the website and Twitter account of Qatar’s state news agency, QNA, which purported to show Qatar’s Emir Sheikh Tamim bin Hamad Al Thani saying that militant groups Hamas and Hezbollah are resistance movements rather than terrorist organizations, that U.S. President Donald Trump’s time in power would not last long, and that Qatar’s relationship with Iran was firm. The Qatari government quickly issued a statement that its news station had been hacked, but the falsified video was used by the four Arab states as part of the justification for their actions. 

Based on information provided to the Qatar-America Institute by the Qatari government, the hackers began their reconnaissance of the QNA networks on April 19. At 12:03 am on May 24, the falsified video was posted on the QNA site followed by quick coverage from media of other Golf Cooperation Council (GCC) countries. As QNA released a statement asserting the video was the result of hack, Saudi Arabia and the UAE began blocking Qatari news sources within their countries. 

According to U.S. intelligence officials that spoke to the Washington Post, senior UAE government officials discussed the operational plans and implementation of the hack prior to the incident. 

Sowing discord is a central component of Russia’s information operations – such as those that took place in the leadup to the 2016 U.S. presidential elections – of which cyber capabilities play a prominent role. Isolating Qatar – which is home to over 10,000 U.S. troops at al-Udaid airbase, a primary staging ground for the campaign against ISIS – from other U.S. allies in the Gulf hinders Washington’s ability to engage militarily in Syria and Iraq where the U.S. finds itself in contention with Russian interests – namely the longevity of the Assad regime. 

According to CNN, an FBI team was sent to Doha to assist in investigating an alleged hack of QNA. Investigators at the time said they believed that Russian hackers were behind the breach. Qatar’s Interior Ministry was working alongside the FBI and the UK’s National Crime Agency on the ongoing investigation and said it will “reveal the findings of the investigation when completed.” The Kremlin’s spokesman Dmitry Peskov previously dismissed the allegations, saying “It is so far away form the reality. Fake is a fake.” 

Although it remains unclear who was behind the cyber attack, Russia may have played a critical role as it aims to further assert itself in the region and simultaneously support its ally Iran. That, combined with the withdrawal of the U.S. presence in the region, may have led in the current fallout. 

“What Putin has tried to do is exploit division in our own society. They have used their intelligence collection to understand where the fault lines are and hack into our systems and weaponize that intelligence to try to drive people in different directions in our own country. But they have also done that in Europe and I would argue in the Middle East. One of things we witnessed in Syria was a level of competition and disagreement between Qatar and Saudi Arabia over which groups to support. The Russians would have sought an opportunity to drive a wedge between those Sunni nations in the interest of supporting their ally Iran.”

The ongoing dispute between Qatar and the four Arab nations comes against the backdrop of a Middle East and North Africa region flush with conflict and instability. At the heart of these dynamics is the intensifying competition between Saudi Arabia and Iran who have channeled their influence to vie for regional hegemony.

Norman Roule, former National Intelligence Manager for Iran, ODNI


“The Middle East is going through an unprecedented period of reconsolidation and redefinition of national authorities and regional roles. Saudi Arabia is going through a period where it is redefining its position in the region. The Iranians are doing the same thing throughout the areas where they have engaged Shia militancy… You now have the prospect of the Shia arc coming to fruition as King Abdullah of Jordan predicted seven years ago.” 

The Gulf Cooperation Council, of which Saudi Arabia, Bahrain, the United Arab Emirates, and Qatar are all members, has been viewed as an important body of resistance to Iran’s growing regional influence. Fracturing the GCC’s cohesion would represent a significant boon to Iranian interests. 

The ongoing civil war in Yemen represents a critical pressure point between Saudi Arabia and Iran, who has been accused of supporting the Houthi rebellion. Saudi Arabia’s Crown Prince Mohammad bin Salman, the architect of Saudi’s campaign in Yemen, assembled a coalition of GCC members to support his effort, including Qatar. In light of the Gulf crisis, Qatari soldiers are no longer fighting alongside other GCC member countries in Yemen. 

Saudi Arabia and Iran are also clashing in Syria. While Tehran backs Syrian President Bashar al-Assad’s forces as well as its Lebanese proxy group Hezbollah, which his fought on his behalf, the Kingdom has supported opposition groups who seek to oust Assad from power. 

The sudden resignation of Saad Hariri as Lebanon’s prime minister during his trip to Riyadh earlier this month could earmark the country as the next proxy battleground between Saudi Arabia and Iran. 

Ultimately, Iran may stand to benefit the most from the Gulf crisis. Qatar’s close ties to Iran were cited as a key reason why the blockading countries severed diplomatic ties to Doha. The blockade has pushed Qatar to form stronger political and economic ties with Iran and Turkey. 

Robert Richer, former Associate Deputy Director for Operations, CIA

“If I could capture what is going on in the Middle East, it’s a pressure cooker with no lid on it. Our administrations in the past have at least had some guiding influence and some interest in controlling or influencing situations. Over the course of the last couple of years, primarily the last year, countries are going in their own directions without really thinking about the ramifications of those directions.”

While it remains uncertain who is responsible for the cyber attacks against Qatari media – it goes to show that such capabilities can be leveraged to manipulate opinions and sow doubt and distrust among populations and neighboring nation-states. The cognitive element of cyber intrusions – how sensitive information is stolen, manipulated, and published to pry already existing divisions – can have tangible diplomatic effects that ripple throughout the international community. 

A model of deterring such gray zone activity is difficult to come by and an appropriate escalation ladder is interpreted differently among adversaries. However, traditional diplomatic tradecraft could still hold sway against such activities that don’t place themselves into simple response frameworks. 

Leslie Ireland, former Assistant Secretary of the Treasury for Intelligence and Analysis

“There is a lot of discussion about not responding to the distributed denial of service campaign that the Iranians are credited with conducting against U.S. financial institutions. But if you were to talk to those institutions that were largely hit they will tell you that the campaign seemed to abate after the Joint Comprehensive Plan of Action [Iranian nuclear deal] began. There appeared to be at least some deterrent value in having something that the Iranians really wanted and really needed to be successful. There isn’t always a reaction and it does not necessarily have to be tit for tat – cyber for cyber. Maybe there is something else in the relationship that can be leveraged to curb that activity.”

Levi Maxey is a cyber and technology analyst at The Cipher Brief. Follow him on Twitter @lemax13.

No comments: