Iraq conflict breeds cyber-war among rival factions By Mark Ward

Technology correspondent, BBC News Published duration 22 July 2014

image copyright AP image caption The conflicts in Iraq and Syria have a parallel cyber-element, research suggests

A cyber-civil war is being waged alongside the armed conflict in Iraq, research by security firms suggests.

As well as using social media to rally supporters and spread propaganda, some factions are employing hackers to gather intelligence.

Well-known attack programs have been re-purposed in a bid to to subvert routers and other systems inside Iraq.

More broadly, cyber-thieves are also using the conflict to help trick people into opening booby-trapped messages.

Local conflict

"The key parties are local groups within Iraq using malware for targeted intelligence on each other," said Andrew Komarov, chief executive of security firm Intel Crawler.

"It is very hard to confirm who is the author, as some of the malware is used from public sources," said Mr Komarov, "but it is very visible that it is used within Iraq, and not outside against foreign countries, which may explain the beginning of internal local cyber-war."

One malware program, called Njrat, was used in hundreds of incidents and had helped some groups create networks of machines they could control remotely.

Once machines were infected with Njrat, attackers immediately started stealing files or using a computer's camera or microphone to monitor what was going on around it.

These attacks differ from those seen when malware similar to Njrat is used in other countries, said Mr Komarov. Instead of simply spamming out messages seeking victims from whom attackers can steal money, the cyber-activists in Iraq seem to target particular cities, groups and even families.

"All the attacks are very selective and affected mostly local conflicting parties," said Mr Komarov.

In addition, he said, Intel Crawler had seen some civilians targeted but these might be relatives and friends of people more closely involved in the conflict in the region.

image copyright Isis image caption Isis has been an adept user of social media and computer technology

Attackers attempt to infect potential victims using social media, said Mr Komarov but they are also scanning the net within Iraq seeking routers that they can then subvert using their own tools. The majority of these attacks are concentrated on four Iraqi cities, Baghdad, Basra, Mosul and Erbil.

"The reasons for doing this are intelligence gathering against local protest, opposition parties, as well as their contacts in civil population, or government and vice versa," he said.

Intel Crawler gathered its information by monitoring activity on Iraqi cyberspace and via intelligence contacts in the region.

Cyber-security firm Kaspersky Labs said the conflicts in Iraq, Syria and other Middle Eastern nations had spawned a whole series of attacks that were hitting people across the region.

Senior security researcher Mohamad Amin Hasbini said many of the attacks had been "heated" by the continuing conflict, but it was not clear whether they were all politically motivated.

However, he said, there was evidence that attackers were exploiting interest in the conflict to trick people into opening booby-trapped attachments or visiting pages that exploit vulnerabilities in browsers.

Topics such as Shia Muslims, connections between Syrian President Assad and Isis, arrests of Isis militants, names of Hezbollah infiltrators and information about trouble spots in the region had all been used in files seeded with malware, said Mr Hasbini.

"Malware used in those attacks appears to have been distributed with the help of social media channels including Facebook, YouTube, political forums and via e-mail, Skype and Whatsapp messengers," he added.

Njrat as well as other malicious programs called Bitfrost and DarkComet had all been used to create these dangerous messages, he said.

"After successful infection, the hackers are capable of monitoring the device and can take full control, including key-logging, taking screenshots and activating the camera," he added.