Yemen Cyber Army promises more attacks, but are they a front for Iran?

Earlier this week, the pro-Shia Muslim group calling itself the 'Yemen Cyber Army' (YCA) said it would increase its online attacks against Saudi Arabia, according to a report in Al Araby.

Commentators have suggested that the group, supporting pro-Iranian Houthi Shia factions against Saudi-supported Sunnis in a military conflict in the country, may be a front for Iran. This contention is strengthened by suspicions that the same organisation is responsible for recently providing 61,000 Saudi Arabian foreign ministry documents to WikiLeaks, the first tranche of 500,000 promised by Julian Assange, as it is suggested that nation-state capabilities would have been needed to access this information.  Accessing and sharing these documents is punishable by 20 years in prison in Saudi Arabia.

WikiLeaks did not confirm the source of the documents, but referred in its press release to an earlier Saudi Arabian government statement that it had suffered a breach of its government ministries' computer networks in a hack claimed by the ‘Yemen Cyber Army', as reported by SC.

Although figures appearing in YCA images wear Yemeni jambiya daggers in their waistbands, this is simply considered unsubtle subterfuge as the infrastructure in Yemen is considered too poor to support sophisticated attacks. Individuals who associate themselves with the Yemen Cyber Army have claimed that they are in Yemen, though they have refused to speak Arabic or answer details about their location (Iranians speak Farsi). 

Boaz Dolev, the head of the Israel-based cyber-security firm ClearSky, has been reported by Buzzfeed as identifying malware believed used in the hacks against the Saudi foreign ministry, as being almost certainly made by the Iranian government.  He commented: “Anyone who thinks a group of hackers from Yemen managed to hack into Saudi Arabia is delusional, or doesn't understand anything about the world of hacking today.” Citing a report by his company, Dolev said, “ClearSky has identified a piece of malware that has been deployed against more than 550 targets — nearly half of them in Saudi Arabia, another 14 percent in Israel and 11 percent in Yemen.  We estimate that this access is used for espionage or other nation-state interests, and not for monetary gain or hacktivism,”

YCA's proclamation of “cyber-war” on Saudi Arabia last Sunday was accompanied by a list of 23 websites of Saudi companies and banks targeted; those websites were checked by al-Araby al-Jadeed on Tuesday with reporter Abubakr al-Shamahi saying they were “alive and well,” though some were reported briefly down on Monday.