The Syrian president is photographed, sharp-suited and chinless, cradling a young cancer patient. On 21 March his fashionably gaunt wife is pictured embracing a tearful mother whose child has gone missing. More than 1,000 people “like” the shot. Bashar al-Assad’s Instagram account is one of the more surreal examples of how social networking sites are being used by all sides in the Syrian conflict, in this instance to send out the message that “the Assads are doing just fine”.

There is nothing inherently liberal or democratic about the internet, and in Syria it has become just another battleground. The weapons wielded by both sides to manipulate their message, spy on the enemy and sabotage its plans are becoming increasingly sophisticated, and dangerous.

It was popular in early 2011 to describe the Arab spring uprisings as Twitter revolutions. Social networking sites did help facilitate demonstrations in North Africa, by allowing citizens to organise protests or spread information on human rights abuses, but tech often failed activists, too. At times, the governments of Egypt, Libya and Syria simply shut down internet access or phone signals nationwide. Meanwhile, western firms, such as the American company Blue Coat, provided dictators with the ability to censor websites and monitor online activity, so that a critical tweet, blog or comment could land the author in jail.

This prompted democracy activists to fight back. In August 2011, five months after the start of the conflict in their country, Syrians trying to get online confronted a strange blank screen bearing the following warning: “This is a deliberate, temporary internet breakdown. Please read carefully and spread the following message. Your internet activity is being monitored.” Users could click through for advice on how to use the internet safely, such as by going through Tor – a service that routes activity via a complex network of computers, making it very hard to track an individual’s web footprint or discover his physical location. Tor was originally developed by the US navy but is now available to anyone with a strong interest in covering tracks online: from democracy activists to al-Qaeda affiliates, fraudsters and drug dealers. The same is true of the “dark web”, the part of the internet that is not indexed by search engines. (I had wanted to speak to the western tech charities working in Syria to help activists use these tools, but for security reasons they did not want to be mentioned by name or to discuss details of their work.)

The message that confronted Syrians in August 2011, however, was not the work of an established NGO. It was organised by Telecomix, a loose collective of “hacktivists” that was founded in Sweden in 2006 but now has volunteers worldwide. Their methods range from the hi-tech – it was Telecomix hacking that exposed how the Syrian government was using Blue Coat surveillance equipment – to the inventive use of low-tech: Telecomix volunteers taught Syrian citizens how to make walkie-talkies using household objects such as clock radios. During internet blackouts in Egypt and Syria, Telecomix collected phone numbers of offices, cafés and university departments and faxed them information on how to access a dial-up internet connection it had set up using a server in Europe.

On the other side of the battle is the Syrian Electronic Army, a network of pro-Assad hackers. Some of its stunts have been immature: one of its first successes was posting a rumour on E! Online that Justin Bieber had come out as gay. But researchers at the tech firm Hewlett Packard believe the SEA is among the top ten most sophisticated hacking circles in the world. Its pranks can have huge real-world implications, too: when it hacked into Associated Press’s Twitter account last April to post a fake tweet announcing that there had been two explosions at the White House, the Dow Jones fell 150 points.

Perhaps even more worrying for anti-government activists has been the SEA’s development of malware (malicious software) targeted at Assad’s opponents. One SEA campaign sent out links for a fake security service called AntiHacker. When people clicked on the link, they inadvertently installed a remote-access tool that allowed the SEA to record keystrokes, steal passwords and capture webcam activity. Pro-government hackers have also sent out malware disguised as files documenting human rights abuses by the military, or as news links posted on Facebook accounts of prominent anti-government activists. Online, it is hard for Syrians to know whom to trust.

Even Telecomix appears to be retreating from its work in Syria. I emailed Peter Fein, a Telecomix hacker and informal spokesman for the group, though he’s now taking a break and “putting his life back together”. He wrote that Telecomix was cutting back on its activity this year, as “comms support is both more difficult and less important as things move from protests to civil war”. In 2013, the group helped evacuate some of its local contacts and their families from Syria, because things were getting “nasty”. Telecomix Syria’s Twitter feed now seems mainly focused on charting the rise and fall of internet connectivity in various parts of the country. For all the sophisticated hacking battles taking place, older methods are sometimes more reliable.