Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:01,435 --> 00:00:04,303
of thousands
dead, millions displaced.
2
00:00:04,338 --> 00:00:07,172
The Syrian secret police
got a lot better
3
00:00:07,208 --> 00:00:09,341
at monitoring social media.
4
00:00:09,376 --> 00:00:12,477
The war is being fought both on the battlefield and online.
5
00:00:12,513 --> 00:00:13,979
If you compromise them,
6
00:00:14,014 --> 00:00:17,015
Assad could come and have them
arrested and then killed.
7
00:00:17,051 --> 00:00:19,151
Hackers connected to the Syrian Regime
8
00:00:19,186 --> 00:00:20,919
are targeting the opposition.
9
00:00:20,955 --> 00:00:23,455
ISIS is almost
adopting everything
10
00:00:23,490 --> 00:00:25,757
that was successful in Syria.
11
00:00:25,793 --> 00:00:29,328
Sometimes, the consequences are lethal.
12
00:00:29,363 --> 00:00:30,796
Was he a skilled hacker?
13
00:00:35,903 --> 00:00:38,537
Is Syria the model for how future wars will be fought?
14
00:00:39,940 --> 00:00:49,948
♪
15
00:00:58,192 --> 00:01:00,325
As a national security reporter for VICE,
16
00:01:00,361 --> 00:01:03,161
I followed the Syrian War since the beginning.
17
00:01:03,197 --> 00:01:05,330
In 2011, a popular democracy movement
18
00:01:05,366 --> 00:01:07,366
blew up across the Middle East.
19
00:01:07,401 --> 00:01:09,534
It was fueled in part by social media,
20
00:01:09,570 --> 00:01:11,837
became known as the Arab Spring.
21
00:01:11,872 --> 00:01:13,639
Yet Syria was different.
22
00:01:13,674 --> 00:01:15,207
It stayed quiet.
23
00:01:15,242 --> 00:01:17,576
Run by a dictator named Bashar al-Assad,
24
00:01:17,611 --> 00:01:20,245
citizens were terrorized by secret police,
25
00:01:20,281 --> 00:01:22,347
mass surveillance, torture,
26
00:01:22,383 --> 00:01:25,250
and barely had any access to the internet.
27
00:01:25,286 --> 00:01:27,586
Amidst protests in nearby countries,
28
00:01:27,621 --> 00:01:30,055
the Assad Regime made the mistake of restoring access
29
00:01:30,090 --> 00:01:32,157
to Facebook and YouTube.
30
00:01:32,192 --> 00:01:35,727
Almost overnight, protests exploded across the country.
31
00:01:35,763 --> 00:01:38,163
I needed to talk to someone who was on the streets
32
00:01:38,198 --> 00:01:40,432
when protests first went down.
33
00:01:40,467 --> 00:01:43,702
Three weeks after I got there
the street protests began,
34
00:01:43,737 --> 00:01:47,339
and that quickly overshadowed
everything else we were doing.
35
00:01:47,374 --> 00:01:50,842
Robert Ford was the last US ambassador to serve in Syria.
36
00:01:50,878 --> 00:01:52,177
So when he did
open up the internet,
37
00:01:52,212 --> 00:01:54,579
it couldn't have just been
for benevolent reasons.
38
00:01:54,615 --> 00:01:56,948
There must've been also a
surveillance aspect to it.
39
00:01:56,984 --> 00:02:01,153
When the revolution in Syria
started, initially I don't think
40
00:02:01,188 --> 00:02:06,558
the regular foot police
and secret police goons
41
00:02:06,593 --> 00:02:09,628
really understood
what social media was.
42
00:02:09,663 --> 00:02:14,032
I met once with a
protestor, and he was detained.
43
00:02:14,068 --> 00:02:16,101
This was in the
suburbs of Damascus.
44
00:02:16,136 --> 00:02:18,870
When he was taken to the
secret police station,
45
00:02:18,906 --> 00:02:20,405
they went through his
backpack in front of him.
46
00:02:20,441 --> 00:02:22,541
And they were taking
everything out, and they said,
47
00:02:22,576 --> 00:02:25,077
"Where is the Facebook?
Where is the Facebook?"
48
00:02:25,112 --> 00:02:27,145
As if it was like
a book with pages.
49
00:02:27,181 --> 00:02:29,815
So that was early on.
50
00:02:29,850 --> 00:02:34,486
As time went on, the Syrian
secret police got a lot better
51
00:02:34,521 --> 00:02:38,557
at monitoring people's computers
and monitoring social media.
52
00:02:39,760 --> 00:02:42,561
Protests continued, but Assad wouldn't cede his power.
53
00:02:42,596 --> 00:02:45,831
Instead, he sent soldiers to try and quell the uprising.
54
00:02:45,866 --> 00:02:49,835
The world watched the bloody crackdown play out on YouTube.
55
00:02:49,870 --> 00:02:52,504
Dlshad Othman was uploading videos to YouTube and Facebook
56
00:02:52,539 --> 00:02:54,439
during the early days of the revolution.
57
00:02:54,475 --> 00:02:56,241
It made him a target of the government,
58
00:02:56,276 --> 00:02:57,909
and he had to flee the country.
59
00:02:57,945 --> 00:03:00,979
For his safety, we chose an anonymous location to talk.
60
00:03:01,014 --> 00:03:04,249
Video content was the
most important content
61
00:03:04,284 --> 00:03:05,650
coming out from Syria.
62
00:03:05,686 --> 00:03:07,853
We've lost a lot of our
friends while they were filming.
63
00:03:07,888 --> 00:03:09,588
Snipers targeting
people with cameras?
64
00:03:09,623 --> 00:03:11,022
Absolutely.
65
00:03:11,058 --> 00:03:13,425
Snipers targeting people,
or checkpoint will stop you
66
00:03:13,460 --> 00:03:15,594
and check what's in your phones.
67
00:03:15,629 --> 00:03:18,597
But was the regime able to
crack into Facebook, or at least
68
00:03:18,632 --> 00:03:21,500
hack into it in some way and
get some of that information
69
00:03:21,535 --> 00:03:23,502
that would help them
crack down on protestors?
70
00:03:23,537 --> 00:03:25,504
Yes, they were able to
get a lot of accounts.
71
00:03:25,539 --> 00:03:26,938
They were able to hack into
72
00:03:26,974 --> 00:03:28,840
a lot of Syrian opposition
leaders at that time.
73
00:03:28,876 --> 00:03:31,843
And going back to May 2011,
74
00:03:31,879 --> 00:03:35,947
that was the first time when the
Syrian government implemented
75
00:03:35,983 --> 00:03:38,116
man-in-the-middle attack
76
00:03:38,152 --> 00:03:41,052
against the SSL
certificate of Facebook.
77
00:03:41,088 --> 00:03:43,455
And explain to me what a
man-in-the-middle attack is.
78
00:03:43,490 --> 00:03:46,191
The term "man-in-the-middle
attack" came because
79
00:03:46,226 --> 00:03:49,027
there is someone in the middle
who's trying to attack you.
80
00:03:49,062 --> 00:03:52,130
What the Syrian government
did at that time is
81
00:03:52,166 --> 00:03:55,634
they pushed to the users
a fake SSL certificate.
82
00:03:55,669 --> 00:03:58,970
Now, SSL is actually like
an envelope and a key.
83
00:03:59,006 --> 00:04:01,206
Key is with Facebook.
84
00:04:01,241 --> 00:04:04,676
Facebook is sending you an
envelope to put your data in,
85
00:04:04,711 --> 00:04:07,913
lock it, and then
send it back to Facebook.
86
00:04:07,948 --> 00:04:09,648
But the Syrian
internet providers,
87
00:04:09,683 --> 00:04:12,317
they received the envelope
from Facebook, they replaced it
88
00:04:12,352 --> 00:04:14,486
with another one that
they have the key for it.
89
00:04:14,521 --> 00:04:15,654
Their own envelope.
90
00:04:15,689 --> 00:04:16,988
Send it to the Syrian users.
91
00:04:17,024 --> 00:04:19,024
Users, they put their
credentials, username,
92
00:04:19,059 --> 00:04:21,860
and passwords and messaging
and post and etc. stuff.
93
00:04:21,895 --> 00:04:23,261
They send it back.
94
00:04:23,297 --> 00:04:25,330
Syrian internet
providers opened it,
95
00:04:25,365 --> 00:04:27,732
got a copy of data, then
send it back to Facebook.
96
00:04:29,203 --> 00:04:30,669
Assad was now using the internet
97
00:04:30,704 --> 00:04:32,904
to expose entire networks of activists.
98
00:04:32,940 --> 00:04:35,707
Once identified, they were often arrested then tortured,
99
00:04:35,742 --> 00:04:37,776
sometimes to death.
100
00:04:37,811 --> 00:04:39,578
The international media exploded with headlines
101
00:04:39,613 --> 00:04:42,180
detailing police crackdowns and tales of torture,
102
00:04:42,216 --> 00:04:44,916
creating a public relations nightmare for Assad.
103
00:04:44,952 --> 00:04:47,452
Soldiers defected from Assad's forces.
104
00:04:47,488 --> 00:04:50,088
Some formed the Free Syrian Army, and the country
105
00:04:50,123 --> 00:04:53,859
descended into a war between rebels and the regime.
106
00:04:53,894 --> 00:04:56,127
But Assad still had his supporters,
107
00:04:56,163 --> 00:04:58,530
some of whom were hackers.
108
00:04:58,565 --> 00:05:01,266
They decided to form a cyber militia.
109
00:05:01,301 --> 00:05:03,401
They called it the Syrian Electronic Army.
110
00:05:03,437 --> 00:05:05,904
Brian Merchant is a reporter at Motherboard,
111
00:05:05,939 --> 00:05:08,139
who investigated the origins of the group.
112
00:05:08,175 --> 00:05:10,642
We met up at VICE's head offices in Brooklyn.
113
00:05:10,677 --> 00:05:12,477
BRIAN: The Syrian
Electronic Army
114
00:05:12,513 --> 00:05:14,880
is an activist hacker group.
115
00:05:14,915 --> 00:05:16,648
They're pro-Bashar al-Assad.
116
00:05:16,683 --> 00:05:19,551
They want to reveal
the media as frauds,
117
00:05:19,586 --> 00:05:22,888
they wanna reveal the Free
Syrian Army as terrorists.
118
00:05:22,923 --> 00:05:25,590
And to do so, they
basically institute
119
00:05:25,626 --> 00:05:28,059
a series of
high-profile attacks.
120
00:05:28,095 --> 00:05:29,561
So are they just propagandists?
121
00:05:29,596 --> 00:05:31,429
Ultimately that's
what their role is,
122
00:05:31,465 --> 00:05:32,898
yeah, is propagandists.
123
00:05:32,933 --> 00:05:34,900
There were mostly website defacements,
124
00:05:34,935 --> 00:05:37,235
but sometimes they had real-world consequences.
125
00:05:37,271 --> 00:05:40,572
The SEA hacked the Twitteraccount of the Associated Press
126
00:05:40,607 --> 00:05:43,308
and tweeted that the White House had been attacked.
127
00:05:43,343 --> 00:05:44,743
It caused the US Stock Market to dive
128
00:05:44,778 --> 00:05:46,945
until it was exposed to be a fake tweet.
129
00:05:48,148 --> 00:05:49,447
At the top of the militia hierarchy
130
00:05:49,483 --> 00:05:51,816
was a hacker known as Th3Pr0.
131
00:05:51,852 --> 00:05:54,686
Brian received a tip allegedly exposing Th3Pr0's identity.
132
00:05:54,721 --> 00:05:56,421
He contacted him.
133
00:05:56,456 --> 00:05:59,024
I'd been asking him, you know,
like we have this information
134
00:05:59,059 --> 00:06:02,661
about you, and we basically
can peg you as the leader.
135
00:06:02,696 --> 00:06:05,830
And he got really
flustered and angry,
136
00:06:05,866 --> 00:06:07,999
and he denied it in
a series of emails,
137
00:06:08,035 --> 00:06:11,102
and he said, "If you reveal
me, then you will be hacked.
138
00:06:11,138 --> 00:06:12,671
We will hack VICE."
139
00:06:12,706 --> 00:06:14,773
Brian published his exposé.
140
00:06:14,808 --> 00:06:18,343
Th3Pr0 made good on his word, and VICE was hacked.
141
00:06:18,378 --> 00:06:20,612
I decided to track down Th3Pr0.
142
00:06:20,647 --> 00:06:22,447
He agreed to chat online.
143
00:06:22,482 --> 00:06:24,616
I asked him if the army of hackers
144
00:06:24,651 --> 00:06:26,184
viewed themselves as soldiers.
145
00:06:26,219 --> 00:06:29,120
He said "internet soldier" was the preferred term.
146
00:06:29,156 --> 00:06:31,656
The real soldiers were on the battlefield.
147
00:06:31,692 --> 00:06:33,391
I wanted to know if the SEA
148
00:06:33,427 --> 00:06:36,161
was under the official control of Assad.
149
00:06:36,196 --> 00:06:37,796
Th3Pr0 was adamant that they weren't affiliated
150
00:06:37,831 --> 00:06:40,298
with the government regime, but that they did use
151
00:06:40,334 --> 00:06:43,134
back channels to deliver important intelligence.
152
00:06:43,170 --> 00:06:45,136
Those channels proved to be potentially dangerous
153
00:06:45,172 --> 00:06:47,639
for opposition protestors.
154
00:06:47,674 --> 00:06:49,908
They were capable of
collecting a lot of information,
155
00:06:49,943 --> 00:06:51,810
hacking a lot of people.
156
00:06:51,845 --> 00:06:55,046
They published
around 11,000 accounts.
157
00:06:55,082 --> 00:06:56,648
They were compromised
in different ways.
158
00:06:56,683 --> 00:06:58,650
And then passing this
along to the regime?
159
00:06:58,685 --> 00:06:59,851
Absolutely.
160
00:06:59,886 --> 00:07:02,487
We've seen a lot of
organizing between them
161
00:07:02,522 --> 00:07:05,056
and the Syrian government,
exchanging information between
162
00:07:05,092 --> 00:07:07,892
each other or exchanging
targets between each other.
163
00:07:07,928 --> 00:07:09,861
Months after speaking with him,
164
00:07:09,896 --> 00:07:13,565
Th3Pr0, or Ahmed Al Agha as Brian identified,
165
00:07:13,600 --> 00:07:17,602
was indicted for hacking-related charges by the US government.
166
00:07:17,638 --> 00:07:19,537
The Syrian Electronic Army
167
00:07:19,573 --> 00:07:22,574
gained the attention of the world through PR-savvy hacks,
168
00:07:22,609 --> 00:07:25,210
but they weren't Assad's only hacker allies.
169
00:07:28,248 --> 00:07:30,882
BEN: In Syria, what began as a popular democracy movement
170
00:07:30,917 --> 00:07:34,319
rapidly escalated into a civil war.
171
00:07:34,354 --> 00:07:36,054
Assad had responded on the battlefield
172
00:07:36,089 --> 00:07:38,690
with an aggressive campaign of barrel bombs.
173
00:07:38,725 --> 00:07:41,493
Online, the Syrian internet was now infected with malware.
174
00:07:43,697 --> 00:07:45,664
Eva Galperin is a hacker.
175
00:07:45,699 --> 00:07:47,799
She started tracking cyber militias shortly after
176
00:07:47,834 --> 00:07:50,735
the street protests turned into a bloody conflict.
177
00:07:50,771 --> 00:07:53,171
It wasn't long before herresearch revealed the dangerous
178
00:07:53,206 --> 00:07:55,507
new militia known as the Syrian Malware Team.
179
00:07:55,542 --> 00:07:57,175
They were using the internet to gather intelligence
180
00:07:57,210 --> 00:07:58,977
on opposition forces.
181
00:07:59,012 --> 00:08:02,047
To begin with, there isn't just
sort of one Syrian Malware Team.
182
00:08:02,082 --> 00:08:03,748
We were able to track
183
00:08:03,784 --> 00:08:06,818
at least two distinct
actors in this space.
184
00:08:06,853 --> 00:08:11,823
These two malware groups
were targeting members of the
185
00:08:11,858 --> 00:08:16,695
Syrian opposition, so anybody
who was opposed to Assad.
186
00:08:16,730 --> 00:08:20,398
And mostly these were people who
were located inside of Syria.
187
00:08:20,434 --> 00:08:23,401
Sometimes in territory
that Assad still controlled,
188
00:08:23,437 --> 00:08:26,204
sometimes in territory that
Assad no longer controlled,
189
00:08:26,239 --> 00:08:28,606
and sometimes members
of the Syrian diaspora,
190
00:08:28,642 --> 00:08:31,710
which became sort of more
influential and more powerful
191
00:08:31,745 --> 00:08:35,213
as the conflict has raged on,
and more people have left.
192
00:08:35,248 --> 00:08:36,781
And the tools they were
using were very different.
193
00:08:36,817 --> 00:08:38,249
Yes.
194
00:08:38,285 --> 00:08:43,121
The malware teams that
we were tracking were using
195
00:08:43,156 --> 00:08:48,093
remote access tools like Xtreme
RAT, DarkComet, Blackshades.
196
00:08:48,128 --> 00:08:50,195
And something like a RAT,
how does it work exactly?
197
00:08:50,230 --> 00:08:54,733
So a remote access tool is
a tool that once an attacker
198
00:08:54,768 --> 00:08:56,634
gets you to install
it on your machine,
199
00:08:56,670 --> 00:08:59,938
allows them to do anything that
you can do on your computer.
200
00:08:59,973 --> 00:09:01,873
So they can log all
of your keystrokes,
201
00:09:01,908 --> 00:09:05,376
they can take screenshots, they
can see through your webcam,
202
00:09:05,412 --> 00:09:07,545
they can listen
through your microphone.
203
00:09:07,581 --> 00:09:09,748
Anything that you're capable
of doing, they can do,
204
00:09:09,783 --> 00:09:12,317
and then they can
exfiltrate that data back...
205
00:09:12,352 --> 00:09:13,885
back to themselves.
206
00:09:13,920 --> 00:09:17,555
And these remote access tools
are very cheap or free,
207
00:09:17,591 --> 00:09:21,392
but they can still get you full
control of somebody's computer
208
00:09:21,428 --> 00:09:24,429
if you can get somebody to
install them on their computer.
209
00:09:24,464 --> 00:09:27,232
In 2012, Assad's forces used DarkComet
210
00:09:27,267 --> 00:09:29,734
to monitor opposition groups in Aleppo.
211
00:09:29,770 --> 00:09:32,070
They hid the malware in a PDF that claimed to hold
212
00:09:32,105 --> 00:09:34,105
instructions on how to help the city,
213
00:09:34,141 --> 00:09:36,341
which was under siege by the regime.
214
00:09:36,376 --> 00:09:38,143
As soon as the target downloaded the PDF,
215
00:09:38,178 --> 00:09:39,978
the malware was installed,
216
00:09:40,013 --> 00:09:42,747
and Assad's opponents were under surveillance.
217
00:09:42,783 --> 00:09:46,618
These were people that were
still in Syrian territory,
218
00:09:46,653 --> 00:09:48,953
and territory
controlled by Assad.
219
00:09:48,989 --> 00:09:51,022
And so if you compromise them,
220
00:09:51,057 --> 00:09:55,527
things got very, very dangerous
for them because Assad could
221
00:09:55,562 --> 00:09:59,531
come and have them, you know,
arrested and then killed.
222
00:09:59,566 --> 00:10:01,432
The cyberspace in Syria now
223
00:10:01,468 --> 00:10:05,303
is ridiculously,
ridiculously dirty.
224
00:10:05,338 --> 00:10:07,338
Full of malware,
full of phishing,
225
00:10:07,374 --> 00:10:09,474
full of a lot of cyber attacks
226
00:10:09,509 --> 00:10:13,178
that it truly made it an
unsafe space for any user.
227
00:10:13,213 --> 00:10:14,679
Different factions
looking for intelligence
228
00:10:14,714 --> 00:10:16,481
they can feed to their groups.
229
00:10:16,516 --> 00:10:17,816
They don't care if it's malware.
230
00:10:17,851 --> 00:10:19,884
If it's gonna open a
back door in your machine
231
00:10:19,920 --> 00:10:22,153
to some other faction,
they don't care.
232
00:10:22,189 --> 00:10:23,188
They just need to get access.
233
00:10:23,223 --> 00:10:24,689
Sounds a lot like
the actual war.
234
00:10:24,724 --> 00:10:26,624
It is exactly like
the actual war.
235
00:10:26,660 --> 00:10:30,061
It is 100% a reflect for the
actual war that's happening.
236
00:10:31,431 --> 00:10:32,664
Soon, DarkComet was used
237
00:10:32,699 --> 00:10:35,033
to further escalate Syria's cyberwar.
238
00:10:35,068 --> 00:10:36,968
Pro-Assad hackers - difficult to attribute
239
00:10:37,003 --> 00:10:39,637
but now all over the Syrian internet - launched an attack
240
00:10:39,673 --> 00:10:42,740
designed to steal battle plans from the Free Syrian Army.
241
00:10:42,776 --> 00:10:45,176
The plans detailed a strategy to retake the town
242
00:10:45,212 --> 00:10:48,746
of Khirbet Ghazaleh, a key city for the rebellion.
243
00:10:48,782 --> 00:10:51,516
Nart Villeneuve was working as a researcher for FireEye
244
00:10:51,551 --> 00:10:53,651
when he first discovered the hack, and he was the
245
00:10:53,687 --> 00:10:56,588
perfect person to tell me how the battle plans were stolen.
246
00:10:56,623 --> 00:10:59,691
There was hand-annotated maps.
247
00:10:59,726 --> 00:11:02,093
Pictures of them were
taken with cell phones
248
00:11:02,128 --> 00:11:05,163
and distributed to
the fighting units.
249
00:11:05,198 --> 00:11:07,832
Lists of individuals
with their names,
250
00:11:07,868 --> 00:11:10,535
phone numbers, whether
or not they had weapons.
251
00:11:10,570 --> 00:11:13,838
That stuff is extremely
valuable in a conflict zone.
252
00:11:13,874 --> 00:11:16,074
The hack wasn't technically complex.
253
00:11:16,109 --> 00:11:18,343
Instead it relied on social engineering,
254
00:11:18,378 --> 00:11:20,378
a technique where hackers trick their targets
255
00:11:20,413 --> 00:11:22,447
through psychological manipulation.
256
00:11:22,482 --> 00:11:24,883
Hackers initiated contact through Skype,
257
00:11:24,918 --> 00:11:26,885
presenting themselves as beautiful women.
258
00:11:26,920 --> 00:11:28,887
NART: They would
initiate conversations,
259
00:11:28,922 --> 00:11:32,190
try to establish a little
bit of rapport with them,
260
00:11:32,225 --> 00:11:34,959
ask them to send them
a picture of themselves,
261
00:11:34,995 --> 00:11:36,928
flatter them a little bit,
and then say, you know,
262
00:11:36,963 --> 00:11:38,229
"Do you wanna see
a picture of me?"
263
00:11:38,265 --> 00:11:39,797
When they would
send that picture,
264
00:11:39,833 --> 00:11:41,399
really that was the malware.
265
00:11:41,434 --> 00:11:43,868
They would compromise that
individual, and then they would
266
00:11:43,904 --> 00:11:48,072
be able to harvest the
full Skype chat histories
267
00:11:48,108 --> 00:11:51,643
of anyone else who used
that computer as well.
268
00:11:51,678 --> 00:11:55,213
We obviously can't jump straight
to concluding who's ultimately
269
00:11:55,248 --> 00:12:00,752
responsible, but it definitely
looks like it is a group
270
00:12:00,787 --> 00:12:04,322
that is acting to benefit
the Assad Regime,
271
00:12:04,357 --> 00:12:07,091
and has some sort of
connection to Lebanon.
272
00:12:07,127 --> 00:12:09,594
It made sense that hackers in Lebanon, possibly affiliated
273
00:12:09,629 --> 00:12:12,397
with Hezbollah, might be supporting Assad.
274
00:12:12,432 --> 00:12:14,999
Hezbollah is Iran's political proxy in Lebanon,
275
00:12:15,035 --> 00:12:17,735
and Iran is the Syrian Regime's ally.
276
00:12:17,771 --> 00:12:20,438
NART: We found a document that
is supposedly a leaked document
277
00:12:20,473 --> 00:12:23,107
from Syrian intelligence
that we can't verify,
278
00:12:23,143 --> 00:12:27,478
that talks about the exact
tactics that we see this group
279
00:12:27,514 --> 00:12:32,183
using to target the opposition,
including the use of fake female
280
00:12:32,218 --> 00:12:36,354
personas to try to entrap
individuals and other efforts
281
00:12:36,389 --> 00:12:38,623
to discredit the
opposition online.
282
00:12:38,658 --> 00:12:41,759
By 2013, Hezbollah was engaging Syrian rebels
283
00:12:41,795 --> 00:12:43,161
on the battlefield.
284
00:12:43,196 --> 00:12:45,530
Now, pro-Assad hackers based in Lebanon
285
00:12:45,565 --> 00:12:48,499
were engaging them in cyberspace too.
286
00:12:48,535 --> 00:12:51,602
But support from Syria's allieswasn't enough for Assad to keep
287
00:12:51,638 --> 00:12:54,639
an emerging threat at bay: the Islamic State.
288
00:12:56,843 --> 00:12:58,910
BEN: In Syria, the war wascausing the country to fracture.
289
00:12:58,945 --> 00:13:01,479
Then ISIS arrived.
290
00:13:01,514 --> 00:13:03,982
The jihadis set up their capital in Raqqa.
291
00:13:04,017 --> 00:13:06,884
They took over the land and unleashed a wave of terror.
292
00:13:06,920 --> 00:13:08,820
Like the Electronic Army and the Malware Teams
293
00:13:08,855 --> 00:13:11,889
that had come before them, the Islamic State would also
294
00:13:11,925 --> 00:13:14,993
go after their opponents on the digital frontline.
295
00:13:15,028 --> 00:13:17,729
Their crimes were documented in high-profile execution videos,
296
00:13:17,764 --> 00:13:19,630
distributed over the internet.
297
00:13:35,882 --> 00:13:37,615
Rami Abdul Rahman knows what it's like
298
00:13:37,650 --> 00:13:39,751
to be targeted by ISIS.
299
00:13:39,786 --> 00:13:41,919
He's a Syrian activist who now lives in the UK
300
00:13:41,955 --> 00:13:44,789
after seeking asylum over 15 years ago.
301
00:13:44,824 --> 00:13:47,959
His work exposing war crimes in Syria made him a target.
302
00:13:47,994 --> 00:13:50,128
He was hacked by the terror group supporters,
303
00:13:50,163 --> 00:13:51,963
Photoshopped in front of Jihadi John,
304
00:13:51,998 --> 00:13:53,798
the infamous ISIS executioner,
305
00:13:53,833 --> 00:13:56,801
his data was targeted, and his server was destroyed.
306
00:13:56,836 --> 00:13:58,136
How did that make you feel,
307
00:13:58,171 --> 00:13:59,871
to see yourself in
an orange jumpsuit?
308
00:14:30,036 --> 00:14:32,003
But who was behind the hack?
309
00:14:32,038 --> 00:14:33,404
I'd already been communicating
310
00:14:33,440 --> 00:14:35,907
with Islamic State fighters online.
311
00:14:35,942 --> 00:14:38,843
Some of them were as easy as a text message away.
312
00:14:38,878 --> 00:14:41,846
Junaid Hussain was allegedly one of these fighters.
313
00:14:41,881 --> 00:14:45,850
In Syria, he was known as Abu Hussain al-Britani,
314
00:14:45,885 --> 00:14:49,353
the architect of the Islamic State's cyber army.
315
00:14:49,389 --> 00:14:52,190
But before he traveled to Syria to join ISIS,
316
00:14:52,225 --> 00:14:54,892
Junaid was a regular kid from England best known as TriCk
317
00:14:54,928 --> 00:14:59,097
of the now-disbanded UKhacking collective, TeaMp0isoN.
318
00:14:59,132 --> 00:15:00,865
I traveled to Newcastle
319
00:15:00,900 --> 00:15:03,701
to meet with Junaid's former hacking colleague, MLT.
320
00:15:03,736 --> 00:15:06,270
For security reasons, we can't show his face.
321
00:15:06,306 --> 00:15:08,239
What was TriCk like
back in the day
322
00:15:08,274 --> 00:15:09,774
before all of this
Islamic State stuff?
323
00:15:22,555 --> 00:15:24,889
TriCk hacked the email of Tony Blair's personal assistant.
324
00:15:24,924 --> 00:15:27,859
Together with MLT, he flooded the anti-terror hotline of Mi6
325
00:15:27,894 --> 00:15:30,061
with prank phone calls.
326
00:15:30,096 --> 00:15:31,762
JUNAID: Do you know about TeaMp0isoN?
327
00:15:31,798 --> 00:15:34,031
OPERATOR: I've heard about TeaMp0isoN, yeah.
328
00:15:34,067 --> 00:15:35,933
JUNAID: We embarrass governments,
329
00:15:35,969 --> 00:15:37,768
and ---- the police.
330
00:15:37,804 --> 00:15:39,904
OPERATOR: Yeah...
331
00:15:39,939 --> 00:15:42,373
BEN: They did it as an act of political protest,
332
00:15:42,408 --> 00:15:44,542
but also for the lulz.
333
00:15:44,577 --> 00:15:47,411
It got them both arrested, but only Junaid went to jail.
334
00:15:48,748 --> 00:15:50,548
Did prison change Junaid?
335
00:16:21,080 --> 00:16:22,480
How did he radicalize?
336
00:16:37,564 --> 00:16:39,197
Because I guess after
the Tony Blair hack,
337
00:16:39,232 --> 00:16:41,465
he was probably one of the
most famous hackers in Britain.
338
00:17:04,824 --> 00:17:06,390
Was he a skilled hacker?
339
00:17:28,615 --> 00:17:31,983
In August 2015, Junaid was killed in a US air strike.
340
00:17:32,018 --> 00:17:34,719
But before he was assassinated, Junaid is thought to have
341
00:17:34,754 --> 00:17:37,188
carried out another cyber attack.
342
00:17:37,223 --> 00:17:39,557
This one was designed to expose the location of the
343
00:17:39,592 --> 00:17:43,594
Islamic State's critics so they could be captured and killed.
344
00:17:46,299 --> 00:17:48,366
BEN: In Syria, cyber attacks were used by groups affiliated
345
00:17:48,401 --> 00:17:51,202
with the Assad Regime to wage war online.
346
00:17:51,237 --> 00:17:54,071
When ISIS arrived, they seemed to adopt similar techniques
347
00:17:54,107 --> 00:17:56,207
to target their opponents.
348
00:17:56,242 --> 00:17:58,876
ISIS claims the men being executed in this video
349
00:17:58,911 --> 00:18:01,512
are members of Raqqa Is Being Slaughtered Silently,
350
00:18:01,547 --> 00:18:03,948
a group of activists who document and expose
351
00:18:03,983 --> 00:18:06,784
the atrocities of the so-called Islamic State.
352
00:18:06,819 --> 00:18:08,919
Hamood Mohamed Almossa is in charge of
353
00:18:08,955 --> 00:18:10,955
cybersecurity for the group.
354
00:18:10,990 --> 00:18:13,591
He agreed to Skype with me from an undisclosed location.
355
00:18:13,626 --> 00:18:16,127
Hamood, do you want to explain
to me how ISIS was hunting down
356
00:18:16,162 --> 00:18:18,863
members of your
organization online?
357
00:18:18,898 --> 00:18:22,066
(Speaking Arabic)
358
00:19:05,011 --> 00:19:07,611
He can't fully prove it, but Hamood believes Junaid Hussain
359
00:19:07,647 --> 00:19:10,514
orchestrated the attack so that ISIS could locate
360
00:19:10,550 --> 00:19:12,249
and kill their opposition.
361
00:19:12,285 --> 00:19:15,086
Fortunately, Hamood wasn't fooled by the phishing attack,
362
00:19:15,121 --> 00:19:17,321
and he didn't download the malware.
363
00:19:17,357 --> 00:19:20,491
But did others, and were they killed as a result?
364
00:19:20,526 --> 00:19:22,827
ISIS is almost
adopting everything
365
00:19:22,862 --> 00:19:24,762
that was successful in Syria.
366
00:19:24,797 --> 00:19:26,630
We're talking about images,
we're talking about video,
367
00:19:26,666 --> 00:19:28,199
we're talking
about cyber attacks.
368
00:19:28,234 --> 00:19:30,134
And again, these were techniques
that were essentially
369
00:19:30,169 --> 00:19:33,304
tried and true from earlier
phases of the Syrian Civil War.
370
00:19:33,339 --> 00:19:34,638
Exactly.
371
00:19:34,674 --> 00:19:37,308
And then here we are,
they're adopting it again.
372
00:19:37,343 --> 00:19:39,443
The war in Syria showed that armies of hackers
373
00:19:39,479 --> 00:19:41,645
can assist soldiers in the battlefield
374
00:19:41,681 --> 00:19:45,316
because the tools are both easy to use and free to acquire.
375
00:19:45,351 --> 00:19:46,684
This is a set of tools
376
00:19:46,719 --> 00:19:48,819
that are increasingly
available to everybody now.
377
00:19:48,855 --> 00:19:52,656
So the whole idea is that these
tools are no longer just in
378
00:19:52,692 --> 00:19:56,360
the hands of the Chinese or
Russian or American government,
379
00:19:56,396 --> 00:19:59,897
that people like-- well,
people like you and me,
380
00:19:59,932 --> 00:20:04,034
only with far worse intentions,
now have these tools and can
381
00:20:04,070 --> 00:20:06,337
engage in relatively
sophisticated spying.
382
00:20:06,372 --> 00:20:08,172
And same goes for a battlefield.
383
00:20:08,207 --> 00:20:09,507
Absolutely.
384
00:20:09,542 --> 00:20:11,642
As the war becomes
hot, and as, you know,
385
00:20:11,677 --> 00:20:13,811
battlefield intelligence
becomes more important,
386
00:20:13,846 --> 00:20:17,348
this sort of surveillance
and espionage becomes
387
00:20:17,383 --> 00:20:19,517
part of the battlefield
and part of the battle plan.
388
00:20:19,552 --> 00:20:22,186
In a lot of cases it's
simple social engineering,
389
00:20:22,221 --> 00:20:24,522
but they're very
effective at it.
390
00:20:24,557 --> 00:20:26,924
The types of targets that
they're going after are usually
391
00:20:26,959 --> 00:20:30,561
individuals active on Twitter
and Facebook so they don't need
392
00:20:30,596 --> 00:20:34,365
to use anything particularly
advanced to get the job done.
393
00:20:34,400 --> 00:20:37,201
In Syria, the issue is not only the hacking itself,
394
00:20:37,236 --> 00:20:40,538
but the inability of the targets to protect themselves.
395
00:20:40,573 --> 00:20:44,408
You can really no longer be
sure what side you're seeing,
396
00:20:44,444 --> 00:20:47,545
or what kind of
actor is involved,
397
00:20:47,580 --> 00:20:50,548
or whether you're seeing
some sort of false flag.
398
00:20:50,583 --> 00:20:53,250
It just gets murkier and
murkier with every year.
399
00:20:53,286 --> 00:20:55,753
Syria is a country,
or used to be a country,
400
00:20:55,788 --> 00:20:58,589
that government is
watching you by default.
401
00:20:58,624 --> 00:21:00,925
You under surveillance
by default.
402
00:21:00,960 --> 00:21:04,261
Syrians, they were
not able actually to...
403
00:21:04,297 --> 00:21:07,731
to change their behaviours,
to know that they have rights
404
00:21:07,767 --> 00:21:10,401
of their own privacy,
or to protect themselves.
405
00:21:10,436 --> 00:21:12,970
So the same things apply now
on what's going on in
406
00:21:13,005 --> 00:21:14,472
the cyber conflict in Syria.
407
00:21:14,507 --> 00:21:17,575
People have no
knowledge about protection
408
00:21:17,610 --> 00:21:19,710
or why do I have to
protect myself.
409
00:21:19,745 --> 00:21:22,746
I thought that I have
pretty good security protocols
410
00:21:22,782 --> 00:21:26,250
when it comes to encryption
or circumvention or...
411
00:21:26,285 --> 00:21:28,886
or even protocols
dealing with people.
412
00:21:28,921 --> 00:21:33,224
Unfortunately, until someone
came, and he was a journalist
413
00:21:33,259 --> 00:21:35,993
not from Syria and
he starts filming me,
414
00:21:36,028 --> 00:21:38,229
and he was arrested.
415
00:21:38,264 --> 00:21:41,065
And they got access to
all our information.
416
00:21:41,100 --> 00:21:42,900
And that was the minute
417
00:21:42,935 --> 00:21:44,668
that I had to leave the
country immediately.
418
00:21:44,704 --> 00:21:47,271
So I found that security
is not about yourself only,
419
00:21:47,306 --> 00:21:49,406
but it's about the whole network
that you're working with.
420
00:21:51,811 --> 00:21:54,445
When the pro-democracy movement started in 2011,
421
00:21:54,480 --> 00:21:56,814
few could've imagined that Syria would fracture
422
00:21:56,849 --> 00:21:58,983
into deadly chaos.
423
00:21:59,018 --> 00:22:01,318
And no one could've guessed what an important role
424
00:22:01,354 --> 00:22:04,021
the internet would play not only on the battlefield,
425
00:22:04,056 --> 00:22:06,757
but crushing free speech and political reform.
426
00:22:06,792 --> 00:22:09,527
While the country's future hangs in the balance,
427
00:22:09,562 --> 00:22:12,830
one thing has become certain: Syria offers a terrible window
428
00:22:12,865 --> 00:22:15,266
into how the battles of the future can unfold,
429
00:22:15,301 --> 00:22:17,468
both off- and online.
41737
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.