Bullets in cyberspace: The new terrain of diplomatic warfare

Bullets in cyberspace: The new terrain of diplomatic warfare
Comment: Even small states can exploit opportunities that cyberwarfare offers to instigate and exacerbate political conflicts, writes Amar Diwakar.
6 min read
26 Jun, 2017
Russian hackers were behind the attack on QNA, the FBI has said [Tass/Getty]

These are exceptional times in the Gulf, where an intractable political schism has pitted Saudi Arabia, UAE, and Bahrain against Qatar in a face-off with all the trappings of cyber-intrigue.

At its core, the crisis echoes our current moment of cyber-insecurity and misinformation. Within the habitus of social media, digital spoilers such as "fake news", trolls, and bots are wielded to influence consumer behaviour, and even political outcomes.

Considering the series of events that have led up to it, the spat with Qatar offers a glimpse into the extent to which the tools of cyberwarfare have been put in service of escalating an intra-GCC diplomatic standoff.

Cyber palace intrigue

The GCC information wars were ostensibly triggered following the breach of the Qatar News Agency website, which saw hackers plant fabricated remarks attributed to the country's ruler.

The response from media-controlled outlets in Saudi Arabia and the UAE - despite swift, vehement and frequent Qatari disavowal of the remarks - was to ratchet up fake news-inspired outrage and stoke a vociferous diplomatic confrontation in the region. Emboldened by Trump's support in both rhetoric and weapons, Riyadh and Abu Dhabi sensed a long-awaited opportunity to rein in Doha, considered to be the Gulf's "problem child".

With this in mind, there is room to suggest that the false statements that spurred an economic and political blockade of Qatar might have been an orchestrated attempt to curb the diminutive state's enthusiasm for charting out an independent foreign policy.

International law enforcement officials overwhelmingly support the Qatari government's claims that QNA was hacked. FBI investigations concluded that freelance Russian hackers were behind the intrusion.

This was confirmed hardly a few days after the circulation of a batch of leaked emails from the inbox of the UAE's ambassador to the US, Yousef al-Otaiba. The Intercept reported that those emails, released by a group called "Global Leaks", demonstrate a cozy relationship between al-Otaiba and a pro-Israel, neoconservative think-tank called the Foundation for Defense of Democracies (FDD).

The hacks revealed backchannel cooperation between the FDD and the UAE, and collaboration on a campaign to undermine Qatar as a regional and global actor. This included collusion with journalists who have published material accusing Qatar and Kuwait of supporting "terrorism".

The regional calculus in the aftermath of the Iranian nuclear deal is also evident. Another leak revealed a memorandum that singled out non-US firms with operations in Saudi Arabia and the UAE that were looking to invest in Iran, so as to pressure them over any possible business overtures in the Islamic Republic.

The bulk of the first anti-Qatar hashtag, which originated in Kuwait and peaked rapidly, implied heavy bot usage and advanced planning

Hashtag #skirmishes

That the QNA hack came after Qatar stated that it had been a victim of a targeted smear campaign accusing them of supporting terrorist groups is illustrative. Indeed, Marc Jones says through a well-sourced case that preparations behind an anti-Qatari digital propaganda campaign had begun in mid-April, well before the hacks.

Jones described how a mobilisation of Twitter bot armies was intensifying anti-Qatar propaganda online.

Apparently, "Qatar is the treasury of terrorism" started trending just days before Qatar's hacking; with many Twitter accounts using the hashtag revealed to be bots.

Following the QNA hack, bot armies surfaced once more, as Jones discovered the presence of propaganda bots on numerous hashtags. One of these Twitter trends was #AlJazeeraInsultsKingSalman. Jones argues that 20 percent of Twitter accounts that posted anti-Qatari material under the hashtag were bots.

For the most part, bot research has been predominantly tied to Western cases. Reflecting on this significant gap, Akin Unver shows how geospatial time-frequency analysis is a useful tool to measure mobilisation and escalation during the Qatar crisis. He does this by showing how fake news was disseminated through bots by monitoring bot-driven hashtag proliferation on Twitter.

To gauge the Gulf's contested digital geography, he selected two of the most popular hashtags between June 2–7: "Cut Relations with Qatar" and "People of the Gulf are Refusing to Boycott [Qatar]". He managed to measure the geographic diffusion of the hashtags and their variants by generating a time-frequency event map.

The map indicated that the bulk of the first anti-Qatar hashtag, which originated in Kuwait and peaked rapidly, implied heavy bot usage and advanced planning. Tellingly, the second pro-Qatar hashtag was weaker and did not possess the same spike of activity as its counterpart, indicating a more organic propagation.

If Jones and Unver are correct in their observations, then the cluster of anti-Qatar digital traffic, which exhibits a well coordinated and prepared cyber-manipulation strategy, was set in motion well before any provocative speech by the Qatari emir.

The acceleration of bot usage implies a growing inclination to exploit the capacity digital propaganda tools provide by disseminating fake information on social media, affording a potent legitimisation of discourse in however a small window of attention.

Digital crisis management

There has been much discussion on how democracies might be more vulnerable to "fake news" campaigns, and how digital technologies have compromised democratic politics. A key insight to the Qatar crisis is the nature by which digital propaganda proliferates during incidents involving authoritarian systems, and how these regimes respond to such threats.

Unver argues that authoritarian states' "restrictive and centralising nature render them the perfect victims for bot-driven fake news. When the fake news involved directly addresses authoritarian leaders or their families, escalations become especially likely."

He believes it is precisely during a high-stakes diplomatic crisis that could force authoritarian regimes to open up in order to resolve their digital vulnerabilities - either by bringing technological expertise into government or allowing social verification structures to take root within civil society.

we are witnessing the metamorphosis of statecraft in the region - one that employs cyber instruments to attack states while tapping into a glut of mercenary hackers-for-hire

Without a cyber infrastructure in place to counter fake news in real-time, the danger of conflict amplifies exponentially in diplomatic crises, particular in those that feature authoritarian governments.

An emergent statecraft 

It seems appropriate to say that we are witnessing the metamorphosis of statecraft in the region - one that employs cyber instruments to attack states while tapping into a glut of mercenary hackers-for-hire.

The latter in particular reflects a broader transformation in international espionage: consider that the FBI informed The New York Times that Russian freelance hackers, such as those that infiltrated QNA, have frequently appeared in investigations of attacks sponsored by nation-states.

In a report for Bellingcat, independent cybersecurity researchers Collin Anderson and Claudio Guarnieri claim that at least one group of hackers can be identified as working freelance for various GCC states, with methods resembling those used to hack al-Otaiba's emails.

Labelling the obscure entity "Bahamut", Anderson and Guarnieri describe a group with a diverse set of motivations that range from "Iranian women's rights activists to Turkish government officials, and from Saudi Aramco to a Europe-based human rights organisation focused on the region".

Bahamut frequently staged spear-phishing attacks, and ambitiously targeted a number of foreign ministers and other public figures in the Gulf. As such, they appear to be a sustained operation focused across a swathe of political, economic and social sectors.

Such digitally imbued hostilities bear witness to the distinctive landscape of the Gulf, reflecting a protracted technological transition. In a region with diverse targets and interests abounding, groups like Bahamut reveal how smaller states take advantage of reduced barriers to cyberwarfare and extend tools of surveillance beyond their borders.

Amar Diwakar is a freelance writer and research consultant with Global Risk Intelligence. He holds an MSc in International Politics from SOAS and blogs at Splintered Eye

Follow him on Twitter: @indignant_sepoy

Opinions expressed in this article remain those of the authors and do not necessarily represent those of The New Arab, al-Araby al-Jadeed, its editorial board or staff.