IntelCrawler reports a significant increase in malicious cyber-attacks taking place during the civil war in Iraq, saying it has intensified noticeably in the past two months. With more than half of cases in Baghdad, almost a quarter in Erbil and additional occurrences in Basra and Mosul, IntelCrawler believe that DNS services communicating with infected machines may have been used in targeted cyber-espionage campaigns along with other forms of malware.
The report says ‘Iraqi-based actors involved in various illegal activities in cyberspace acting as mercenaries seems to have significantly increased' and that ‘most appear united with Egypt, Libyan, Lebanese, Iranian, Syrian and various distributed Islamic groups performing targeted attacks because of religious and political movements supported by state parties'.
The most prominent opponents to the government in Iraq are the Islamic State of Iraq and al-Sham (ISIS) groups present in the north, currently using social media for propaganda purposes. ‘The increased activity correlates with other geopolitical conflicts where state-sponsored activities in cyberspace try to affect outcomes on the ground' says the IntelCrawler report.
Secure Sockets (SOCKS) and FTP/HTP BackConnect RATS are being used and placed within file system browsers, ‘masked under Google Chrome and publicly available software', meaning contaminated servers are monitored and their data is able to be intercepted and manipulated by the cyber-attackers.
Talking to SCMagazineUK.com, Bob Tarzey analyst and director at Quocirca explained how such actions are a way of ‘undermining the government's ability to communicate within itself and its defence forces.' He says ‘malware is used to try and undermine the functionality of somebody's systems...to clog the government's networks or hamper government communications.'
How effective are cyber attacks compared to physical military activity? Tarzey says you ‘don't just storm cities through cyber attacks alone. Because cyber is such an important element of communications, it can be used. But not just as a pure cyber attack – it's supplementary.'
NATO Cooperative Cyber Defence Centre of Excellence spokesperson Kristiina Pennar, told SC that cyber attacks on a country with a lot of IT dependency will have a bigger impact and so opponents are more likely to attack the infrastructure in this way.
This development sees an armed rebellion using both military force and cyber attacks as part of a coordinated approach – much as Russia did in Crimea earlier this year, signalling that such a strategy is no longer the preserve of the nation-state. Pennar suggests that; ‘Future conflicts will definitely have cyber components in them but the physical violence will not disappear.'