Hack attacks are growing at the speed of 5G across the globe, and Iraq has been hard-hit lately.
The official website of controversial Iraqi Shiite cleric Muqtada al-Sadr was hacked Jan. 6 after he called for his followers to activate the Mahdi Army to fight US troops. His call followed the US assassination of top Iranian military commander Qasem Soleimani and the deputy head of the Popular Mobilization Units (PMU), Abu Mahdi al-Muhandis. The hackers put Iraqi-US flags on the homepage, writing: "Iran no more."
That intrusion came just weeks after several other attacks on official Iraqi websites — including the prime minister's.
A hacker hit the sites of various Iraqi government committees Dec. 18. Using a Twitter account under the name M4x Pr0, the hacker claimed to have retrieved 15 gigabytes of emails from the Ministry of Oil, 8GB from the Ministry of Defense and 17GB from the Ministry of Interior. The hacker also infiltrated the sites of the ministries of health, education and trade.
Before deleting his account, the thief expressed determination to publish sensitive information and messages.
Though some electronic breaches are accomplished simply for technical bragging rights among hackers, many are being made to steal information or influence security and the political situation. On Nov. 25 on the Iraqi Counter Terrorism Service website, a statement was posted declaring a military coup in support of the protests that have been underway in Iraq since the beginning of October. After 25 minutes, the service clarified the statement was due to a hack.
On Nov. 18, anonymous hackers breached the website of the Ministry of Communications. They wrote on the homepage, “Closed by the people — martyrdom or victory needed." The message was one of solidarity with the protesters.
Such attacks aren't the exception, but rather seem systematic.
Over the years, Iraqi government sites have been hacked repeatedly. In October 2016, a Saudi hacker managed to break into the official Ministry of Foreign Affairs website. The trespasser published on the homepage the slogan of the Saudi kingdom, along with a threat. In May 2017, the website of the Iraqi National Security Council was breached a few hours after bombs exploded in the capital, Baghdad.
The recent repeated breaches have triggered criticism and complaints. Strategic expert Munqith Dagher said he doubted the Iraqi government's ability to secure its websites. He explored the political dimension and asked, “How could the government then protect its people?”
Authorities outline various motivations behind hacking.
Minister of the National Alliance Ali al-Bderi told Al-Monitor, “There are two reasons why government websites are hacked. The first is stealing information to blackmail ministries and leaders and send information to external enemies of Iraq. The second reason is corruption within ministries and institutions that deal with companies having foreign ties that leak information and allow hacking and piracy.”
Ihsan al-Shammari, head of the Iraqi Center for Political Thought, told Al-Monitor that recurrent hacking operations on ministry websites "are a challenge to sensitive ministries and institutions, and prove the inability to maintain sufficient digital security." He added, "The government and official institutions pay little attention to cybersecurity, and they employ traditional and inefficient security technology despite the large amounts of money spent on this issue."
Though some reports show that hacking such websites is a form of political rivalry among Iraqi parties, Shammari rejected the idea that hacking is being used for political sabotage. "This is part of the struggle between protesters and the government,” he said.
The Digital Media Center issued a statement Sept. 28 blaming Iraqi institutions for neglecting cybersecurity. The report stated, “The breaches prove that Iraq has no clear strategy for cybersecurity, especially since some websites are linked to national security and should supposedly be extremely secure.”
When Al-Monitor asked about the negligence accusations, the Iraqi Ministry of Communications responded: “There are security protocols in place to protect privacy, and the information system employs measures to secure data online.” The ministry also mentioned that “privacy is maintained through encryption of messages using secure protocols which limit accessibility to shared data," and it confirmed, “The technology to protect data from sabotage by hackers is there.”
Former judge and legal expert Ali al-Tamimi told Al-Monitor, “Hacking sabotages the country’s national interests. The security apparatus has to launch an investigation into this issue. The parliament has to also hold the different actors accountable as well as the institutions that have been breached and find out who is involved. It appears that foreign actors are involved and some people have accepted bribes for cooperating with such actors, especially since the breaches are recurring without any investigation.”
Parliament member Falah al-Khafaji told Al-Monitor some progress is being made. “The parliament is moving toward discussing the issue of breaches now that it has become clear that they are systematic and directly affect citizens’ security and data," Khafaji said.
A member of the parliamentary Council of Representatives, Siham al-Moussawi, expressed another take on the matter. She told the media Dec. 18 that she agrees hacking operations are unacceptable if they seek to "discredit and overthrow public figures," but they can serve a legitimate purpose if they aim to uncover corruption.