Whether Syrian rebels hacked President Bashar al-Assad’s e-mails themselves or with the help of Western spy agencies or “hactivists”, the release of dozens of revealing messages points to a new era of information warfare.
Britain’s Guardian newspaper began on Thursday to publish details from the material, which it said members of Syria’s opposition had secretly intercepted between June and February.
They stopped when another unrelated hacking attempt, believed to be by the “Anonymous” hacking group, alerted the authorities to the fact their systems had been compromised.
Details released so far range from evidence of Iranian support for Syria’s crackdown to the spending of thousands of dollars on luxury items by Mr. Assad’s wife and details of his iTunes account and Internet video viewing habits.
The Guardian said it had made extensive attempts to authenticate the e-mails and believed that most if not all were genuine.
Obtaining and publishing volumes of hidden data is clearly getting easier – as has already been shown by the Wikileaks release of U.S. State Department cables and Iraqi and Afghan U.S. war logs – as well as the release of internal e-mails of private intelligence and geopolitical publishing company Stratfor.
Whilst most high-profile examples of such data theft so far have been in Western countries, some experts have long suspected that their greatest impact could be in more autocratic states – helping tip the balance of power away from governments.
Cyber warfare in coming years, experts increasingly believe, could be as much about trying to protect or disseminate particularly sensitive pieces of information as about plotting cyber attacks on essential national infrastructure.
“It’s the first time insurgents have gained access to a regime’s high-level communications during an uprising,” says John Bassett, a former senior official at British signals intelligence agency GCHQ and now a senior fellow at the Royal United Services Institute.
“That could possibly be a significant turning point in the development of cyber warfare.”
Some security experts doubt Syria’s fragmented opposition would have had the capacity to access the e-mails without outside help, but others say those in power in Damascus may simply have been careless.
The Syrian opposition say they were given details of the passwords by an internal regime source.
While the publication is unlikely to have any immediate effect on the chaotic and bloody situation on the ground, they are seen broadly undermining Mr. Assad’s already faltering legitimacy.
It is a tool that could become increasingly popular.
“Any cause could have a supporter who happens to be a hacker,” says Anthony Dyhouse, a cyber security expert for British defence company QinetiQ. “He or she will be well aware that they can use their skills to support the cause.”
Psychological and information warfare is nothing new – adversaries have been using any available means to control information and spread disinformation for centuries. But the information age opens a host of new possibilities.
Wikileaks’ revelations of corruption and repression in Tunisia are widely seen as a factor helping fuel demonstrations there just over a year ago, fuelling the revolution that helped kickstart wider unrest across the Middle East.
Some in Western intelligence circles have long suggested that the targeted release of embarrassing details of the finances or other aspects of the lives of autocratic leaders could prove a weapon against potential foes such as Russia and China.
But some authoritarian governments are fighting back.
Some states are widely believed to have already tried to resort to cyber attacks to limit unwanted online discussion.
Russian dissident websites in particular have often come under cyber attacks from hackers believed to be linked to the Kremlin, while the BBC Persian service this week said it believed Iran was behind an attack on its website.
Such attempts have only met with limited success, however.
Tunisia, which employed some of the world’s most sophisticated Internet censorship and blocking techniques, was unable to stifle protest or block Internet users from key sites including U.S. diplomatic cables on Wikileaks detailing government corruption and repression.
Some believe governments may already be involved in increasingly sophisticated “social engineering” on social network sites to gather intelligence on internal and external enemies.
Earlier this month, it was revealed that suspected Chinese hackers had created a Facebook profile in the name of NATO supreme commander Admiral James Stavridis, apparently in the hope that his colleagues would link to him and share secret information.
The Stratfor hack – in which some 5 million e-mails were taken by Anonymous along with credit card details, usernames and passwords of clients – showed that even companies explicitly focused on security could prove surprisingly vulnerable.
“The more senior people are, the less inclined they become to observe good opsec (operational security),” says Nigel Inkster, a former deputy chief of Britain’s Secret Intelligence Service MI6, and now head of political risk and transnational threats at London’s International Institute for Strategic Studies.
“That is problematic enough when dealing with material that is obviously in need of classification,” he said. “It is much harder when it comes to what people fondly imagine is private correspondence.”
The bottom line, QinetiQ’s Dyhouse says, is that like everyone else national leaders will have to remember that anything they write down in e-mail format could become public.
“Consider an e-mail to be a postcard and assume that at some stage someone other than the intended recipient will read it,” he said. “Don’t put anything in it which would cause you a problem if that happened.”