International Journal of Intelligence and CounterIntelligence ISSN: (Print) (Online) Journal homepage: www.tandfonline.com/journals/ujic20 Hezbollah and the Internet in the Twenty-First Century János Besenyő, Attila Gulyas & Darko Trifunovic To cite this article: János Besenyő, Attila Gulyas & Darko Trifunovic (2023) Hezbollah and the Internet in the Twenty-First Century, International Journal of Intelligence and CounterIntelligence, 36:3, 669-685, DOI: 10.1080/08850607.2022.2111999 To link to this article: https://doi.org/10.1080/08850607.2022.2111999 Published online: 19 Sep 2022. Submit your article to this journal Article views: 1660 View related articles View Crossmark data Citing articles: 2 View citing articles Full Terms & Conditions of access and use can be found at https://www.tandfonline.com/action/journalInformation?journalCode=ujic20 International Journal of Intelligence and CounterIntelligence, 36: 669–685, 2023 # 2022 Taylor & Francis Group, LLC ISSN: 0885-0607 print/1521-0561 online DOI: 10.1080/08850607.2022.2111999 JÁNOS BESENYŐ , ATTILA GULYAS DARKO TRIFUNOVIC AND Hezbollah and the Internet in the Twenty-First Century Abstract: Hezbollah is a significant power in Lebanon that operates as a Shiite political party and militant group. With Iranian support, Hezbollah has created a so-called resistance society from the Shiites neglected by the government that is based on three pillars: military infrastructure, a largescale network of civilian institutions with the aim of improvement of the well-being of the Shiite population, and a media empire that has an essential role in disseminating the political messages and ideology of Hezbollah and Iran in Lebanon, the Middle East, and other parts of the world, using the full spectrum of media and new technologies, including Internet presence, to shape public opinion, gain supporters and sympathizers, fundraise, and wage information warfare against Israel and the Western World. This article sheds Janos Besenyő is an Associate Professor at Obuda University in Hungary and Head of the Africa Research Center. He received a Ph.D. in military science from Miklos Zrınyi National Defense University in Hungary. He established the Scientific Research Center of the Hungarian Defence Forces General Staff and served in several peacekeeping operations in Africa and Afghanistan from 1997 to 2018. His most recent publication is Darfur Peacekeepers: The African Union Peacekeeping Mission in Darfur (AMIS) from the Perspective of a Hungarian Military Advisor. The author can be contacted at janos.besenyo@ uni-obuda.hu. Attila Gulyas graduated from the Kossuth Lajos Military College. He retired from the service as Head of the department and is a researcher at the Obuda University Doctoral School on Safety and Security Sciences. The author can be contacted at gulyas.attila@phd.uni-obuda.hu. Darko Trifunovic is a founding member and Director of the Institute for National and International Security. He is an Associate Professor at Fudan University in Croatia. He served as First Secretary of the Foreign Service of Bosnia and Herzegovina at the United Nations. He is currently the representative for Serbia and Montenegro in the International Strategic Studies Association. The author can be contacted at darko@intelligence-security.rs. AND COUNTERINTELLIGENCE VOLUME 36, NUMBER 3 669 670 } ATTILA GULYAS, AND DARKO TRIFUNOVIC JANOS BESENYO, light on Hezbollah’s Internet activity and demonstrates Hezbollah’s cyberespionage campaign through two examples, describing its “Fake News” media camps and the possible connection between Hezbollah and money counterfeiting and selling on the Dark Web. Hezbollah is a special organization that is considered a terrorist organization by some countries while others acknowledge it as a political party, because it has a political wing and a military wing. Although the judgment of the organization in the international community is not uniform, it is deeply embedded in Lebanese political life; therefore, in contrast with other terrorist organizations, it has every legal conduit to spread its ideology, raise funds, recruit sympathizers, and so on. The aim of this research, after a short introduction to Hezbollah, beyond giving an overall picture of the organization’s Internet activity, is to demonstrate its information technology capabilities, and to find any evidence or traces related to Hezbollah’s Dark Web use. HEZBOLLAH Hezbollah (Party of God; also spelled Hezbullah, Hizballah, or Hizbullah) is a political party and militant organization that was founded under the aegis of Iran in 1982 during the fifteen-year civil war in Lebanon and the Israeli invasion.1 Hezbollah is a “Janus-faced” organization because it was a kind of militia initially, but today, as a political party, it preserves its militant wing. It plays a vital role in the life of Lebanon. The connection between Iran and Hezbollah has a long history. Iran has been supporting the organization since the beginning, because it needed an organization that collects all of the Shiites in Lebanon to make the influence over the Shiite population more effective. In addition, it needed a proxy in the ongoing low-intensity war against Israel, which is the main enemy in the area. That is why many consider Hezbollah an extension of the Iranian Revolutionary Guard Corps. The organization does not recognize the existence or legitimacy of Israel which is its main enemy (along with the United States). Israel is also regarded as a scapegoat for Lebanon’s numerous problems. The organization also fights against Western influence in the Middle East. Hezbollah is considered a terrorist organization by eighteen countries without distinguishing between its military and political wings, while other countries and the European Union (EU) separate the political and the military wing and recognize its political wing as a legitimate political party. INTERNATIONAL JOURNAL OF INTELLIGENCE HEZBOLLAH AND THE INTERNET IN THE TWENTY-FIRST CENTURY 671 In this context, it is thought provoking because Sayyed Hasan Nasrallah is the head of both wings. Hezbollah is responsible for approximately 30 terrorist attacks, including bombings, assassinations, hijacking, and kidnapping between 1983 and 2012. The number of casualties is about 500 while the number of injured is near 1,000 people.2 The targets of the Hezbollah attacks were typically Israeli or Jewish interests worldwide, ranging from Europe to South America. In addition, Hezbollah is closely connected with the Sunni–Islamic fundamentalist Palestinian Hamas organization and the Palestinian Islamic Jihad. Despite the religious differences, there are numerous similarities between Hezbollah and Hamas. Both have a political and a military wing, they share the same goals and tactics/, and the judgment of the two organizations is not uniform within the international community. That said, Hezbollah is a role model for Hamas.3 Hezbollah proclaimed its new ideology manifesto in 2009, in which it vowed to oust Western powers from Lebanon, demanded the destruction of Israel, and showed its commitment to Iran’s supreme leader. The organization expressed its desire to build an Iranian-inspired Islam regime while keeping the Lebanese people’s freedom and self-determination. Hezbollah refers to itself as the “Organization of the Oppressed on Earth” and the “Revolutionary Justice Organization.” The main goal of the party is the “liberation” of Jerusalem and the land of Israel by the Arab World, which is governed by an Islamic government established by Hezbollah.4 Hezbollah has built a so-called resistance society in Southern Lebanon, Beirut’s southern suburb, and the Bekaa Valley. Today Hezbollah struggles to liberate the Shebaa Farms area occupied by Israel in the Six-Day War (1967) from Syria. The organization participates in the civil war in Syria alongside Iran and Syria, supporting Bashar al-Assad’s regime, gaining very valuable experiences that improve its military capabilities. That said, Hezbollah is deeply embedded in Lebanese society because it created a state within a state. It has a health care system, media services, agricultural centers, an educational system, low-cost schools, and a financial system. Hezbollah oversees the Al-Shahid Association of the Martyr’s Institute, which pays stipends to the family members of martyrs. The first leader of the organization’s political wing (between 1989 and 1991) was Subhi al-Tufayli, who was dismissed when he was against the decision to participate in the Lebanese parliamentary elections. His successor was Abbas al-Musawi, whom Israel assassinated in 1992. Following the murder of Abbas al-Musawi, the current leader Hassan Nasrallah got into power. As secretarygeneral, he oversees the seven-member Shura, which has five sub councils: the political assembly, the jihad assembly, the parliamentary assembly, the AND COUNTERINTELLIGENCE VOLUME 36, NUMBER 3 672 } ATTILA GULYAS, AND DARKO TRIFUNOVIC JANOS BESENYO, Figure 1. Extraction of the organizational chart of Hezbollah. executive assembly, and the judicial assembly. It is hard evidence for the tight Iranian connection that there are two permanent Iranian representatives on the Shura council. Figure 1 shows the extraction of the organizational chart of Hezbollah. (The whole organizational chart can be seen at https://hezbollah. org/organizational-chart.) As reported by the U.S. Department of State in 2019, Hezbollah had tens of thousands of supporters and members worldwide5 who made a considerable amount of donations, but with international financial sanctions, this source dried up. The U.S. sanctions against Iran have adverse effects on Hezbollah as well. Due to the sanctions, Iranian support of Hezbollah significantly decreased in the last few years, although they are still tied to each other with thousands of threads. Lebanon together with Hezbollah are facing complicated challenges today, including the political crises that come from the political instability and the deeply rooted corruption in the society that are fundamental problems in Lebanon. In addition, the U.S. and EU sanctions of the Lebanese economy and the explosion at the Port of Beirut, then the COVID-19 pandemic, not to mention the Syrian civil war with the Syrian refugees, are burning questions today. This situation may spur one to underestimate Hezbollah’s capabilities, but it is far from the truth. Hezbollah is a progressive, well-prepared organization with every capability needed to wage traditional lowintensity conflicts and wage modern information warfare in the twentyfirst century. INTERNATIONAL JOURNAL OF INTELLIGENCE HEZBOLLAH AND THE INTERNET IN THE TWENTY-FIRST CENTURY 673 HEZBOLLAH ON THE INTERNET The leadership of Hezbollah is fully aware of the importance of the Internet and its inherent possibilities in the permanent conflict with Israel and the United States. They established the traditional media outlets’ Internet-based counterparts and the ways to continue their propaganda and recruitment activity on social media sites despite banning its official profiles. The Internet division of Hezbollah set the following goals for itself: spread propaganda through the Internet and highlight the ideology of the party, wage psychological war against Israel by using the inventions of the new medium, support the Palestinian resistance movements against Israel, strengthen its leadership among the Lebanese Shiite society and popularity in the Arab world, and present Israeli aggression and highlight the fight of the “resistance society.” Social Media Presence … since the moral elements are among the most important in war. They constitute the spirit that permeates war as a whole, and at an early stage they establish a close affinity with the will that moves and leads the whole mass of force, practically merging with it, since the will is itself a moral quantity. —Carl von Clausewitz6 Security experts and defense analysts wrote numerous articles and books on scenarios of the subsequent cyberwars. They envisioned crashing networks and disrupted critical infrastructures; they thought hackers would fight against hackers. But they missed one scenario when the attacker has no cyberwar capability, but it has personal computers, smartphones, and Internet access. ISIS had no cyber capability, so it could not hack networks; instead, it hacked the information itself on the networks when it occupied Mosul. As a result of the successful social media campaign, the organization recruited more than 30,000 new members from more than a hundred countries to join the “Caliphates.” This successful campaign highlighted the importance of social media in information warfare.7 Hezbollah also recognized the importance of the new possibilities inherent in the new domain. Social media proved an excellent medium for spreading Hezbollah propaganda, although, in the beginning it was restricted to mostly the Internet-savvy young generation, but some years later, as the new technology integrated into everyday life, they reached the senior generation as well. Hezbollah created a significant number of social media accounts on Facebook, Instagram, Twitter, and YouTube to spread their propaganda. A AND COUNTERINTELLIGENCE VOLUME 36, NUMBER 3 674 } ATTILA GULYAS, AND DARKO TRIFUNOVIC JANOS BESENYO, good example of this is when Hezbollah ran an “equip a mujahid” crowdsourcing campaign on Facebook and Twitter, spurring the online supporters to fulfill their religious obligations by buying weapons, ammunition, and other military equipment for the Syrian war.8 The contents of the social media profiles were in harmony with well-known Hezbollah propaganda.9 These profiles regularly violated the rules of the websites, which is why a so-called whack-a-mole game was played between the moderators and the account managers. The latter kept on changing their profiles with the same content. Interestingly, the most obviously terrorist accounts were not banned until June 2018, when, under lawmaker pressure, Google and Facebook suspended Hezbollah and Hamas accounts. U.S. lawmakers criticized Twitter because it distinguished the military and political arms of the organization and did not take any action effectively, allowing the organizations and their affiliates to use the platform. Members of the U.S. House of Representatives sent a letter to Twitter, Google, and Facebook in September 2019, requesting information on the number of Hamas and Hezbollah accounts and a timeline of suspending these accounts. At the same time, they called Twitter to update its policy to comply with U.S. laws. Following the letter, Twitter also suspended the Hamas- and Hezbollah-related accounts.10 The reader may wonder why the tech giants did not ban the obviously terrorist accounts on social media. The advertiser on social media brings in money—that is the reason why they hesitated banning the extremist sites. Hezbollah, Hamas, and other affiliated organizations advertised on these platforms, as other organizations do today. A good example is when Facebook—between July 2018 and July 2020—made over $23 million in advertising revenue from inauthentic networks that violated the platform’s policies (coordinated inauthentic behavior).11 Despite the suspended official profiles, thousands of sympathizer posts on social media spread Hezbollah’s propaganda. Figure 2 is a screenshot of a Hezbollah sympathizer’s tweet. The situation is similar on other social media sites where the “Hizbullah “or “Hezbollah” search expressions in English or Arabic yield thousands of results related to the terrorist organization. Hezbollah “Media Camps” Falsehood flies and the Truth comes limping after it.12 According to an article published by Telegraph News Agency in August 2020, since 2012 Hezbollah has been running “Media Camps,”13 where it trains socalled media fighters to manipulate photographs digitally, manage a significant amount of fake social media profiles, avoid Facebook’s censorship, and spread fake news and disinformation. The students come for the 10-day training from Bahrain, Iraq, Saudi Arabia, and Syria. The course is an excellent opportunity INTERNATIONAL JOURNAL OF INTELLIGENCE HEZBOLLAH AND THE INTERNET IN THE TWENTY-FIRST CENTURY 675 Figure 2. Tweet from a Hezbollah sympathizer. for Iran and Hezbollah to spread their ideology and sow the seeds of uncertainty in the region, especially in Iraq. The article is based on interviews with more than twenty former students, politicians, and media experts who asked for anonymity for obvious reasons. The Telegraph investigation revealed that thousands of activists were trained to give their knowledge away after going home. This camp is a multimillion-dollar business for Hezbollah. As reported by the article, Iran also has been running a similar camp, but it is far less popular than Hezbollah’s course. The reason for the high efficiency of this course and the “electronic army” in the Middle East is the greater dependency on social media compared with Western countries. With the lack of a reliable journalistic system, the people can only access information on social media that is very cheap, popular, and easy to access. The “electronic army” effectively exploits this situation. The “digital warlords” launch social media campaigns with fake profiles spreading false information on the target, and their other fake profiles share this until the origin of the false information fades. The misinformation is widely spread and builds in the public consciousness. The Kata’ib Hezbollah group—designated as an Iraqi Shiite terrorist group by Japan and the United States—spends a large amount of USD on Facebook to boost its profiles. According to anonymous sources, 400 AND COUNTERINTELLIGENCE VOLUME 36, NUMBER 3 676 } ATTILA GULYAS, AND DARKO TRIFUNOVIC JANOS BESENYO, individuals have been working for the group’s “electronic army.” Some of the fighters were trained in Hezbollah fake news camp, while the rest are trained by the alumni of this course. The camp induced a so-called arms race among the politicians in the area because having the most skilled electronic warriors gives a prestige for the “owners.”14 The restrictions on Hezbollah in social media do not mean that the organization waives the use of this kind of media. On the contrary, instead of a direct presence, they have a presence on social media via their proxies and sympathizers. The center of Hezbollah philosophy is the “resistance society,” and the aim of the organization is to build a society that supports its military, political, and social goals. The new situation demanded new solutions. With the media camps, Hezbollah did not exhaust all of its possibilities to stay on social media, because it changed its techniques and, instead of posting violent content, which is usually getting censored out, it persuaded its supporters to post peaceful messages about Hezbollah festivals, rallies, and the general secretary’s speeches. Due to this change, thousands of Hezbollah-related posts are on different social media platforms. According to an article on the Bellingcat website in 2019, an ostensibly independent Lebanese activist group augmented Hezbollah messaging and its fundraising system on social media. The Attansakiyeh group defined itself as an independent organization and had Twitter, Facebook, Instagram, Telegram, and YouTube accounts that regularly posted indirect Hezbollah-supportive messages. Their messages suggested the importance of Hezbollah in Lebanese society, but, to evade social media censorship, they tried not to mention Hezbollah explicitly. (At the time of writing this article, the group’s accounts are not available on the aforementioned social media sites.15) Virtual Entrepreneurs and Recruitment on Social Media Hezbollah tends to learn from other, even Sunni, terrorist organizations about new tools, techniques, and procedures (TTPs). Experts call one of the ISISintroduced techniques virtual entrepreneur or virtual planner. The point of this new method is that the operative gets in contact with the candidate interested in their ideology and wins their sympathy. As they are getting deeper into the topic from the suggestions of the operative, they transit to a hidden form of communication like Telegram or Wickr Me. The operative trains the candidate for different kinds of tasks, such as surveillance, assassination, or fundraising, just to name a few.16 Hezbollah realized that this method is cheap and highly rewarding, and even if the terrorist attack is thwarted or the authorities reveal the terrorist cell, Hezbollah can hide behind plausible deniability.17 The Hezbollah virtual entrepreneurs use fake names like “Bilal” (full moon, water, victorious, winner) and focus on Palestinians and Israeli Arabs to carry out terrorist activities in Israel. For example, Muhammad Zaghloul (recruited INTERNATIONAL JOURNAL OF INTELLIGENCE HEZBOLLAH AND THE INTERNET IN THE TWENTY-FIRST CENTURY 677 Palestinian) got sixteen encrypted emails from a Hezbollah operative over the course of several weeks requesting information on Israeli Defense Forces bases and instructions on how to carry out suicide bombings.18 Based on opensource reporting, from January 2017, Hezbollah significantly reduced its online recruitment activity. The reasons are unknown. According to some assumptions, Hezbollah failed to gain a foothold in the West Bank, so it is focusing on the Syrian side of the Golan Heights. The social media giants’ steps against the organization, together with Israel’s counterterrorism endeavors, also might play a role in the failure of Hezbollah.19 Cyberwar, Cyberwarfare, Cyberespionage Among the experts, there is no uniform definition of cyberwarfare, although the widely accepted definition is the use of cyberattacks against states, causing significant harm, disruption of vital computer systems, and loss of life.20 The perpetrators of these kinds of attacks range from nation-state actors to terrorist groups, cybercriminals, and hacker groups furthering the goals of some nation. In the course of the attacks, the actors can use the following kinds of weapons: different kinds of harmful software solutions, including viruses, malware applications, Trojans; Distributed Denial of Service attacks blocking legitimate users from accessing devices or network services; data theft from governmental, business, or educational institutions; cyberespionage that compromises the target country’s national security; ransomware solutions, data hostage, and blackmailing; and spreading fake news and disinformation campaigns that cause chaos and loss of confidence in financial or governmental organizations. A cyberattack, on one hand, is a part of the cyberwar, so the cyberwar consists of a series of cyberattacks, while on the other hand the cyberattacks are regarded as a “campaign between wars” or “wars between wars.”21 Military experts consider cyberwar an asymmetric type of warfare because one of the involved parties uses unconventional tactics to equalize its lower military capabilities. In contrast with conventional warfare, information wars do not need extensive and expensive military machinery. Instead, they take a computer and Internet access, coupled with experts in computer programming systems. AND COUNTERINTELLIGENCE VOLUME 36, NUMBER 3 678 } ATTILA GULYAS, AND DARKO TRIFUNOVIC JANOS BESENYO, Hezbollah and Cyberespionage According to uncorroborated information, Hezbollah has built a center for cyberwarfare in the outskirts of Beirut in the Dahya neighborhood led by one of the relatives of the secretary-general. The center is dedicated to the fight against Israel. The hackers and other professionals, or at least a part of them, are trained by Iranians. Although this information is not corroborated, some events seem to prove the existence of the Hezbollah cyber unit. Israeli security experts at the Check Point security firm revealed a widespread cyberespionage campaign in 2015 whose origin reached back to 2012, targeting servers of military suppliers, telecommunication companies, media outlets, and universities. The action affected a dozen countries, including Israel, Japan, Saudi Arabia, Turkey, the United Kingdom, and the United States, to name a few. The experts identified a unique software package called “Explosive” used in the campaign. The analysis carried out by the security experts found the “fingerprints” of the notorious Iranian ITSecTeam hacker group in the malware’s source code tailored for cyberespionage.22 Beyond this, the local setting of the operating system was “Arabic-Lebanon” on the computer where the source code was compiled. The software analysis provided further evidence for the Lebanese connection because the malware’s control servers were physically located in Beirut. The investigation also uncovered the identity of a Lebanese person who was in connection with the servers. Check Point named the campaign “Volatile Cedar” while the perpetrator got the Lebanese Cedar name, referring to the cedar in the Lebanese national emblem. Evaluating the shreds of evidence, it can be presumed with high probability that Hezbollah was behind the campaign.23 Daniel Cohen, coordinator of the Cyber Warfare Program at the Institute for National Security Studies, a prominent Israeli think tank, has written: We see the attacks are getting more sophisticated, the tools are more sophisticated, and they [Hezbollah] are getting into the databases of the system and are trying to gain intelligence—a password, details of people.24 This was the first time Hezbollah was tied to a major cyberattack. The Clear Sky Israeli cybersecurity company detected suspicious activities on the network of some Israeli companies in early 2020. Comprehensive forensic research on the compromised systems revealed special hack tools familiar to the experts in connection with the “Volatile Cedar” campaign. The attackers targeted Oracle and Atlassian web servers by exploiting known vulnerabilities that were not patched. The experts studied the groups’ TTPs and they identified those open-source tools that were used by the attackers to find the vulnerable servers on which they installed their malware software INTERNATIONAL JOURNAL OF INTELLIGENCE HEZBOLLAH AND THE INTERNET IN THE TWENTY-FIRST CENTURY 679 packages. The software modules had numerous functionalities, like recording keyboard strokes, uploading and downloading files, receiving commands from the control servers, and database manipulation. Further analysis of the software components used in the campaign revealed unique markers typical for malware solutions of the Lebanese Cedar group. The encryption methods within the programs, the style of the programming, and some code snippets proved the Lebanese Cedar origin. Beyond this, the experts also found code snippets from the malware solutions of the Iranian ITSecTeam and the Persian Hacker group. However, there is no information on whether the Iranian hackers gave Lebanese Cedar direct help or not. Having the “fingerprints” of the group and knowing the TTPs, Clear Sky made a widespread discovery on the Internet to find compromised publicfaced web servers. As a result of their research, they found more than 250 victims worldwide. Each of them was infected by Lebanese Cedar’s malware. The most affected countries were mainly from the Middle East (Egypt, Israel, Jordan, Saudi Arabia), but Argentina, Brazil, France, Germany, the Palestinian Authority, the United Kingdom, and the United States were also involved. Most identified victims are companies from the telecommunications industry, Internet service providers, hosting providers, and government agencies. According to the security experts, the campaign started in 2015, and due to the prudent and wise use of the malware, it stayed hidden from security experts for five years. Although Clear Sky security experts do not claim unequivocally that the Lebanese group belongs to Hezbollah, the targets of the first and second campaigns and Iranian cooperation all show with high probability that Lebanese Cedar is connected to the Hezbollah Cyber Unit. Regardless, after these two professional campaigns, Lebanese Cedar changed gear from a “plain” hacker group to an advanced persistent threat organization, because it has all the character of a stealthy threat actor. The security experts cannot estimate the quantity and quality of the information obtained by Lebanese Cedar during the five-year operation.25 The two unveiled cyberespionage campaigns show that the organization’s cyber capabilities have significantly improved in the last decade. The campaigns, each going on for years, were bearing the hallmark of a wellprepared, disciplined, well-orchestrated group or groups. The amount and the quality of the stolen information and the damage caused by Hezbollah are inestimable. Likewise, the destination of the stolen data is also unknown. In the mirror of the events, we can be sure that Hezbollah does not give up the cyberespionage and for sure that it keeps on improving its cyber capabilities, and it prepares for the next campaign—if it is not ongoing now. AND COUNTERINTELLIGENCE VOLUME 36, NUMBER 3 680 } ATTILA GULYAS, AND DARKO TRIFUNOVIC JANOS BESENYO, HEZBOLLAH AND THE DARK WEB What do terrorists do on the Dark Web? According to Serbakov,26 they use it to spread their propaganda, and for fundraising, recruiting, training, and coordination. Gabriel Weimann’s answer in his article with the title “Migration to the Dark Web” is “more of the same but more secretly.”27 It is only partially true because, in contrast with ISIS or al-Qaeda, Hezbollah has a big advantage due to its hybrid position; namely, it has legal media conduits for reaching its audience. Searching for Hezbollah on the Dark Web Searching for the “footprints” of Hezbollah on the Dark Web is cumbersome and time-consuming for a researcher because the traditional search engines do not work in this domain. The popular Dark Web systems—such as The Onion Router, Invisible Internet Project, or Freenet—have their own search engines, but their abilities are limited and far less efficient than their traditional equivalents on the Surface Web. While the traditional engines like Google or Bing keep crawling on the Internet searching for new sites and indexing them, the search engines on the Dark Web work differently. There is no automated indexing so the site owners can propagate their sites via public link collections, or the databases of the search engines. But if a site owner does not promote their site, others will not be aware of it. The “Hezbollah” expression and its different spellings in different languages did not yield any relevant results, neither on the search engines of the aforementioned systems nor the searching in the link collections. The second way to find virtual traces of the organization is based on the assumption that Hezbollah is deeply involved in illicit activities, as proven in Rachel Ehrenfeld’s book Funding Evil.28 Ehrenfeld presents in detail the following financial sources of Hezbollah: Support from Iran Support from charitable organizations Donations from individuals Proceeds from legitimate businesses Illegal arms trading Cigarette smuggling Currency and other counterfeit goods Fraud Robbery Operating illegal telephone exchanges Drug trafficking INTERNATIONAL JOURNAL OF INTELLIGENCE HEZBOLLAH AND THE INTERNET IN THE TWENTY-FIRST CENTURY 681 Figure 3. Hezbollah’s counterfeit dollar on the Apollon cryptomarket. The reader may notice that a significant part of the sources comes from illicit activity. In his book Terrorism Inc., Colin P. Clarke corroborates Ehrenfeld’s findings that a considerable amount of Hezbollah’s income comes from illegal activity, including currency and pharmaceutical counterfeiting.29 Using this information as a springboard for a search of the dozens of crypto markets, which are a main arena for illicit activities on the Dark Web, yielded a remarkable result. As Figure 3 shows, Hezbollah made counterfeit $100 USD denomination notes to be sold on the Apollon Market cryptomarket. Following the link to the description of the offer, the vendor, under the pseudonym “therealbitsofall (100%),” says, “Please search Hezbollah fro [sic] pricing and features. These are the best USD notes on the market. I’ve partnered w Hez to provide a US-US sample so you can see them fast before placing a larger order w him. This is for 1 sample note.” A further search on the site yielded the vendor under the pseudonym “Hezbollah.” It seems that he is a genuine counterfeit dollar vendor and “therealbitsofall (100%)” is only a partner. “Hezbollah” sells bulk counterfeit “Hezbollah” USD dollars from the 2006 and 2009 series, as seen in Figure 4. “Hezbollah” gives some additional instructions for the buyers for aging the money and how to use it safely. According to the buyers’ comments, both vendors are reliable, and the counterfeit money is also high quality and accepted by automated teller machines and shops. It has every security AND COUNTERINTELLIGENCE VOLUME 36, NUMBER 3 682 } ATTILA GULYAS, AND DARKO TRIFUNOVIC JANOS BESENYO, Figure 4. Hundred dollar bills on the Apollon cryptomarket selling by Hezbollah. feature, just like real money. The “Hezbollah” attribute of the counterfeit dollar is a trademark of the quality. The fact that the vendor’s pseudonym and the counterfeit dollar’s name is “Hezbollah” is not hard evidence, of course, but it is hard to deny that it is a strange coincidence. Taking into account the quality of the “Hezbollah money,” in the counterfeit money business the “Hezbollah” name is a kind of hallmark.30 It is not likely that a Hezbollah operative is behind the nickname because, according to Matthew Levitt, Hezbollah has built a worldwide network of supporters, sympathizers, and formal operatives to provide financial, operational, and logistical support.31 In some cases, these primarily informal groups are the sources of false documents, weapons, counterfeit money, and financial funds. It is hard to follow them back to Hezbollah, because the Hezbollah operatives, who are involved in the crime, are in the background and run well-trained and committed henchmen. They are described by an experienced Hezbollah-case Federal Bureau of Investigation investigator as “useful idiots” who want to be engaged in a glorious cause.32 While they are the basis of the plausible deniability of the organization, at the same time the anonymity provided by the Dark Web covers them so the circle is closed. INTERNATIONAL JOURNAL OF INTELLIGENCE HEZBOLLAH AND THE INTERNET IN THE TWENTY-FIRST CENTURY 683 CONCLUSION Hezbollah, from the beginning, has waged war against its eternal enemy Israel and Western influence—especially the U.S. presence in the region. The history of the organization is patterned with kinetic wars and low-level conflicts with Israel, but in the last few decades the war is waged in a new domain. From the moment of its birth, Hezbollah has kept honing its information warfare capabilities using every available means and domain. The most significant evidence for their proficiency is the successful and popular “Fake News Training Camp” that has been successfully working for more than a decade, spreading their ideology and unrest in the Middle East. It is hard to deny that the idea and its realization are the quintessence of the technology available for everyone in the twenty-first century. The long-run cyberespionage campaigns and involvement in the Dark Web in its raising of finances prove that Hezbollah has grown to the challenges of the twentyfirst century. The revelation of the connection between Hezbollah and the Dark Web is a new achievement that requires further investigation in order to discover more details, contacts, and procedures and techniques. The organization’s history shows that it quickly adapted to new situations and realized the importance of the inherent possibilities of new technologies so in the future its presence cannot be overlooked in the cybersecurity landscape. ORCID Janos Besenyő http://orcid.org/0000-0001-7198-9328 Attila Gulyas http://orcid.org/0000-0001-5645-144X http://orcid.org/0000-0003-3591-9554 Darko Trifunovic REFERENCES 1 Dominique Avon and Anaїs-Trissa Khatchadourian, Hezbollah: A History of the “Party of God” (Cambridge, MA: Harvard University Press, 2012), pp. 23–24. 2 The Henry Jackson Society, Timeline of Terror: A Concise History of Hezbollah Atrocities (London: Henry Jackson Society, 2012). 3 Carl Anthony Wege, “Hezbollah and Hamas,” TRAC Terrorism Research & Analysis Consortium, https://www.researchgate.net/publication/265014056_ Hezbollah_and_Hamas (accessed 14 February 2021). 4 “Hezbollah: History and Overview,” Jewish Virtual Library, https://www. jewishvirtuallibrary.org/history-and-overview-of-hezbollah (accessed 7 March 2021). 5 U.S. Department of State, Bureau of Counterterrorism, “Country Reports on Terrorism 2019,” https://www.state.gov/reports/country-reports-on-terrorism2019/ (accessed 8 March 2021). 6 Carl von Clausewitz, On War (Oxford: Oxford University Press, 2007), p. 141. AND COUNTERINTELLIGENCE VOLUME 36, NUMBER 3 684 } ATTILA GULYAS, AND DARKO TRIFUNOVIC JANOS BESENYO, 7 Peter Warren Singer and Emerson T. Brooking, Like War: The Weaponization of Social Media (Boston and New York: Mariner Books, 2018), p. 9. 8 Ibid. 9 Hezbollah’s Media Empire. The Meir Amit Intelligence and Terrorism Information Center (2019), https://www.terrorism-info.org.il/en/hezbollahsmedia-empire/ (accessed 12 March 2021). 10 Sarah E. Needleman and Bowdeya Tweh, “Twitter Suspends Accounts Linked to Hamas, Hezbollah,” Wall Street Journal (2021), https://www.wsj.com/ articles/twitter-suspends-accounts-linked-to-hamas-hezbollah-11572888026 (accessed 10 February 2021); Toi Staff, “Hezbollah Says Some of Its Facebook and Twitter Pages Shuttered,” The Times of Israel, https://www.timesofisrael. com/facebook-twitter-pages-of-hezbollah-shuttered (accessed 9 January 2021). 11 Chloe Colliver, Jennie King, and Eisha Maharasingam-Shah, “Hoodwinked: Coordinated Inauthentic Behaviour on Facebook,” Institute for Strategic Dialogue, https://www.isdglobal.org/wp-content/uploads/2020/10/Hoodwinked-2. pdf (accessed 15 February 2021), p. 3. 12 Jonathan Swift, quoted in The Examiner, No. 14 (1710), p. 2, https://books. google.hu/books?id=KigTAAAAQAAJ&q=%22Truth+comes%22&redir_esc= y#v=onepage&q=swift&f=false (accessed 5 March 2021). 13 Wil Crisp and Suadad al-Salhy, “Exclusive: Inside Hizbollah’s Fake News Training Camps Sowing Instability across the Middle East,” The Telegraph, https://www.telegraph.co.uk/news/2020/08/02/exclusive-inside-hezbollahs-fakenews-training-camps-sowing/ (accessed 2 February 2021). 14 Wil Crisp and Suadad al-Salhy, “Fake News Production in the Middle East,” Journalismfund.eu, https://www.journalismfund.eu/fake-news-production-MiddleEast, (accessed 15 January 2021). 15 Hector Martinez, “Hashtaggers for Hezbollah? How Social Media Fundraising Can Skirt the Rules,” Bellingcat, https://www.bellingcat.com/news/2019/08/27/ hashtaggers-for-hezbollah-how-social-media-fundraising-can-skirt-the-rules/ (accessed 12 March 2021). 16 Michael Shkolnik and Alexander Corbeil, “Hezbollah’s ‘Virtual Entrepreneurs’: How Hezbollah is Using the Internet to Incite Violence in Israel,” CTCSENTINEL, Vol. 11, No 6 (2018), https://ctc.usma.edu/hezbollahs-virtualentrepreneurs-hezbollah-using-internet-incite-violence-israel/ (accessed 19 February 2021); Seamus Hughes and Alexander Meleagrou-Hitchens, “The Reach of ISIS’s Virtual Entrepreneurs into the United States,” Lawfare, https://www.lawfareblog.com/reach-isiss-virtual-entrepreneurs-united-states (accessed 28 March 2021). 17 Shkolnik and Corbeil, “Hezbollah’s ‘Virtual Entrepreneurs.’” 18 Ibid. 19 Ibid. 20 Katie Terrell, Hanna Kevin Ferguson, and Linda Rosencranc, “Cyberwarfare” [definition]. TechTarget, https://www.techtarget.com/searchsecurity/definition/ cyberwarfare, (accessed 10 March 2021). INTERNATIONAL JOURNAL OF INTELLIGENCE HEZBOLLAH AND THE INTERNET IN THE TWENTY-FIRST CENTURY 21 685 “The Cyber-War In the Middle East: Israel, Iran and Others,” Invisible Dog Investigative Journalism, http://www.invisible-dog.com/cyber_war_eng.html (accessed 5 February 2021), 22 The ITSecTeam is an Iranian hacker group believed to have been working on behalf of Iran’s Islamic Revolutionary Guard Corps. Council on Foreign Relations, “Cyber Operations,” https://www.cfr.org/cyber-operations/itsecteam 23 Jeff Moskowitz, “Cyberattack Tied to Hezbollah Ups the Ante for Israel’s Digital Defences, Christian Science Monitor, https://www.csmonitor.com/World/ Passcode/2015/0601/Cyberattack-tied-to-Hezbollah-ups-the-ante-for-Israel-sdigital-defenses (accessed 9 March 2021). 24 Quoted in Jeff Moskowitz, “Hezbollah Just Upped the Cyber Ante against Israel”, INSIDER, https://www.businessinsider.com/hezbollah-just-upped-thecyber-ante-against-israel-2015-6 (accessed 9 March 2021). 25 ClearSky Research Team, “Lebanese Cedar,” APT Global Lebanese Espionage Campaign Leveraging Web Servers, Clearsky, https://www.clearskysec.com/ cedar/ (accessed 25 March 2021). 26 M arton Serbakov, “A terroristak internet hasznalata [Internet Use of Terrorists],” B€untetőjogi Szemle Szemle, No. 2 (2018), https://ujbtk.hu/drserbakov-marton-tibor-a-terroristak-internethasznalata%c2%b9/ (accessed 22 February 2021), pp. 85–93. 27 Gabriel Weimann, “Terrorist Migration to the Dark Web,” Perspective on Terrorism, Vol. 10, No. 3, http://www.terrorismanalysts.com/pt/index.php/pot/ article/view/513/html (accessed 12 February 2021), pp. 40–44. 28 Rachel Ehrenfeld, Funding Evil: How Terrorism Is Financed—And How to Stop It (Chicago: Bonus Books, 2003), p. 109. 29 Colin P. Clarke, Terrorism, Inc.: The Financing of Terrorism, Insurgency, and Irregular Warfare (Denver: Praeger, 2015), p. 92. 30 American Jewish Committee, Setting the Record Straight on Hezbollah: Full Report, https://www.ajc.org/news/setting-the-record-straight-on-hezbollah-fullreport, (accessed 24 March 2021). 31 Matthew Levitt, Hezbollah’s Criminal Networks: Useful Idiots, Henchmen, and Organized Criminal Facilitators. The Washington Institute for Near East Policy, https://www.washingtoninstitute.org/policy-analysis/hezbollahs-criminal-networksuseful-idiots-henchmen-and-organized-criminal (accessed 17 January 2022). 32 Ibid. AND COUNTERINTELLIGENCE VOLUME 36, NUMBER 3
0
advertisement
Related documents
Download
advertisement
Add this document to collection(s)
You can add this document to your study collection(s)
Sign in Available only to authorized usersAdd this document to saved
You can add this document to your saved list
Sign in Available only to authorized users