By: Ben Schaefer, Columnist
Photo by: American Security Project
Since 1982, Hezbollah, the Lebanese “Party of God” and Iran-backed Shiite terrorist organization, has antagonized its enemies through a potent mix of armed attacks and psychological warfare. Among these tactics, Hezbollah pioneered the use of cyber-operations as a tool of coercion over a decade ago and continues to use the Internet as a weapon today. Inspired and refined with the help of Iran, Hezbollah is shifting its coercive tactics from urban streets and battlefields to the routers of their Western adversaries.
Hezbollah formed during the Israeli occupation of Lebanon in 1982 and is credited as a factor in Israel’s withdrawal from Lebanon in 2000.[i] The group’s success can be attributed—at least in part—to substantial financial backing from Iran, which donated more money to Hezbollah than to any other foreign militia group.[ii] Iran’s backing has allowed Hezbollah to develop a force of as many as 30,000 fighters,[iii] as well as an advanced psychological operations capability through its broadcast station and media wing, Al-Manar. [iv] In return, Iran gained a stalwart ally in the Arabic-speaking Middle East, and a conduit for subversive tactics that Tehran can plausibly deny.[v]
Through its significant resource base, Hezbollah has produced an advanced technical capability that allows the group to use the Internet to accomplish significant strategic objectives.[vi] In 2006, during the 34-day Israel-Hezbollah War, Hezbollah launched sophisticated cyber-attacks against websites in multiple countries that supported Israel, including targets in the United States.[vii] These attacks focused on spreading Hezbollah’s propaganda, but also compromised legitimate websites to give Hezbollah supporters a means of providing financial donations to the group.[viii]
More recently, in 2015, Hezbollah infiltrated both private and public entities in Israel’s defense sector in an attack known as “Volatile Cedar.”[ix] The initial report describing the breach, distributed by the Israeli cybersecurity firm Check Point, does not directly implicate Hezbollah;[x] however, based on the targets, operational methods, and resources required, the attack has generally been attributed to the group.[xi] If the assessment proves accurate, Volatile Cedar demonstrates a significant cyber capability by a non-state actor.[xii]
In fact, Hezbollah has benefited in cyberspace from its ties to Iran, an advantage not available to most other terrorist groups. After Iran suffered a blow to its nuclear test facilities by the Stuxnet virus in 2010, it greatly increased research and development efforts for its own cyber abilities.[xiii] A report by the British Technology firm Small Media indicates that in 2015, Tehran had increased its spending on cybersecurity by 1,200 percent in a mere two-year period,[xiv] and allowed Tehran to ascend to the top-tier of cyber threats against the United States in 2018.[xv]
As Tehran’s favored proxy-militia, Hezbollah has already received tools and training from Iran.[xvi] Further, because Hezbollah provides Iran with a measure of plausible deniability in regional meddling, Iran will likely continue to use its Lebanese cyber-warriors for everything from espionage, as “Volatile Cedar” could indicate, to offensive operations like large-scale Distributed Denial of Service attacks against financial institutions in countries like Israel and Saudi Arabia.
Hezbollah’s capabilities could indicate a broader shift in cyberterrorism. The group has often been at the forefront of using new tactics and methods as tools of coercion and inspires other terrorist organizations to follow its lead. For example, in the 1980’s, Hezbollah pioneered the use of suicide tactics as a means of gaining an advantage over the better resourced Israeli Defense Forces.[xvii] This tactic proved so effective that suicide bombing remains a common weapon in many terrorists’ arsenals to this day. As Hezbollah’s cyber capabilities grow stronger and more successes are noted, other terrorist groups may adopt similar techniques.
Hezbollah’s cyber capabilities demonstrate that non-state actors can undertake Internet operations commensurate to their nation-state counterparts. The group has a proven track record of developing tactics ahead of their time, and its advanced use of cyber operations should be treated no differently. Cyberterrorism now poses a greater threat to the West than ever before, and Hezbollah could be the harbinger of a new wave of Internet terrorists.
[i] “Profile: Lebanon’s Hezbollah Movement,” BBC, March 15, 2016, http://www.bbc.com/news/world-middle-east-10814698.
[ii] Casey Addis and Christopher Blanchard, “Hezbollah: Background and Issues for Congress,” Congressional Research Service (R41446, January 3, 2011), 4. Available at: https://fas.org/sgp/crs/mideast/R41446.pdf.
[iii] Ben Hubbard, “Iran Out to Remake Mideast with Arab Enforcer: Hezbollah,” The New York Times, August 27, 2017, https://www.nytimes.com/2017/08/27/world/middleeast/hezbollah-iran-syria-israel-lebanon.html.
[iv] Colin P. Clark, “How Hezbollah Came to Dominate Information Warfare,” The RAND Blog, September 19, 2017, https://www.rand.org/blog/2017/09/how-hezbollah-came-to-dominate-information-warfare.html.
[v] Matthew McInnis, The Cipher Brief, July 21, 2016, https://www.thecipherbrief.com/article/tech/how-much-should-we-fear-iranian-cyber-proxies.
[vi] Addis and Blanchard, “Hezbollah,” 4.
[vii] Colin P. Clark, “Hezbollah has Been Active in America for Decades,” The National Interest, August 26, 2017, http://nationalinterest.org/feature/hezbollah-has-been-active-america-decades-22051?page=show.
[viii] Hilary Hylton and Austin Tuesday, “How Hizballah Hijacks the Internet, “ Time, August 8, 2006, https://content.time.com/time/world/article/0,8599,1224273,00.html.
[ix] Jeff Moskowitz, “Cyberattack Tied to Hezbollah Ups the Ante for Israel’s Digital Defense,” The Christian Science Monitor, June 1, 2015, https://www.csmonitor.com/World/Passcode/2015/0601/Cyberattack-tied-to-Hezbollah-ups-the-ante-for-Israel-s-digital-defenses.
[x] “Volatile Cedar: Threat Intelligence and Research,” Check Point (March 30, 2015): 6. Available at: https://www.checkpoint.com/downloads/volatile-cedar-technical-report.pdf.
[xi] Moskowitz, “Cyberattack Tied to Hezbollah.”
[xii] Collin Anderson and Karim Sadjadpour, “Iran’s Cyber Threat: Espionage, Sabotage, and Revenge,” Carnegie Endowment for International Peace (Washington, DC: Carnegie Endowment for International Peace, 2018), 36.
[xiii] Natasha Bertrand, “Iran is Building a Non-Nuclear Threat Faster than Experts ‘Would Have Ever Imagined,’” Business Insider, March 27, 2015, http://www.businessinsider.com/irans-cyber-army-2015-3.
[xiv] “Iranian Internet Infrastructure and Policy Report: Special Edition, the Rouhani Review (2013-2015),” Small Media (February 2015): 7. Available at: https://smallmedia.org.uk/sites/default/files/u8/IIIP_Feb15.pdf.
[xv] Daniel Coats, “Worldwide Threat Assessment of the US Intelligence Community,” Director of National Intelligence (February 13, 2018): 5. Available at: https://www.dni.gov/files/documents/Newsroom/Testimonies/2018-ATA—Unclassified-SSCI.pdf.
[xvi] Anderson and Sadjadpour, “Iran’s Cyber Threat,” 21.
[xvii] Carl Anthony Wege, “Hezbollah’s Communication System: A Most Important Weapon,” International Journal of Intelligence and Counterintelligence 27, no. 2 (2014): 241.