How Yemen's civil war went cyber
The conflict tearing Yemen apart is a human catastrophe and a geopolitical mess. It's also providing a look at how today's shooting wars spill over into digital conflict, even in the poorer corners of the world, as two presentations at Wednesday's CyberwarCon in Washington, D.C., elucidated.
The backdrop: Houthi rebels, backed by Iran, currently control the capital city of Sanaa — and with it the main internet service in the country, YemenNet. President Abed Rabbo Mansour Hadi's government, backed by the Saudis, control much of the rest of the country, save for a few territories controlled by al-Qaeda in the Arabian Peninsula. The Hadi government launched its own internet service in its territory, AdenNet.
By gaining control of YemenNet, the Houthis gained control of the “.ye” domain — the Yemeni equivalent of “.com.” At the conference, threat intelligence firm Recorded Future noted that the Houthis used that control to take over national websites and declare themselves the official government.
- It had already been reported that the Houthis disrupted access to social media networks and to any website showing troop positions. They also cut as much as 80% of the incoming submarine cables providing internet to disrupt international communications.
- New from Recorded Future's findings: It appears that the Houthis have installed cryptocurrency mining operations on the internet infrastructure in order to fund the regime.
The Hadi government built its AdenNet using Huawei routers. The Chinese telecommunications firm’s presence reflects China’s practice of using infrastructure assistance to secure valuable alliances (the Belt and Road initiative). Yemen is currently a war zone, but some day it will return to being a nation that controls important shipping lanes.
- Accepting China's infrastructure aid comes at a cost. Huawei is believed by most Western countries to sabotage its own equipment to facilitate Chinese spying.
The influence campaign: The Houthi government is also running social media influence campaigns to pressure the West and Saudi Arabia to stop bombing Yemen, Johns Hopkins student Dan O’Keefe reported at CyberwarCon.
- The campaigns use a "Twitter board" — essentially a massive collection of prewritten tweets focusing on a topic of the day.
- Citizens, including those directed to the boards from government websites, select tweets and post them rapid-fire to try to make issues trend.
- The campaigns suggest a maximum posting rate so the accounts don't get flagged as bots.
Though many big players are involved in bringing weapons to the region — with Saudi Arabia and Iran, both liberal users of surveillance technology, among them — it doesn't appear that there is a proxy war of surveillance tech underway in Yemen, yet.
- Recorded Future notes that the level of devastation in the conflict reduces surveillance's payoff: The humanitarian crisis limits the amount of tech being used in Yemen and makes guns a more "useful" export.