Introduction & Overview
The various conflicts and political struggles across the Kurdistan region have garnered widespread media attention in recent years. From the urban battlefields of Syria where the YPJ and YPG fought fierce battles at great cost against the Islamic State, to the increasingly authoritarian state power being leveled against the Kurds in Turkey, protests over the death of a Kurdish woman at the hands of the Iranian morality police, and complex internal politics of the autonomous Kurdish region of Iraq. The struggle of the Kurdish people plays an integral role in the diverse and intricate politics of the Middle East. At the same time, the region has become a hotbed of cyber conflict and espionage, as nations such as Iran, Israel, the Gulf states (amongst others) become increasingly capable in leveraging cyber warfare to undermine their enemies and advance their political aspirations. This is an important tool for nations to utilize in a region fraught with conflict and political tension.
Non-state actors have also begun to increase their use of cyber tactics throughout the Middle East. The Islamic State, for instance, has been well known for their proficiency in information warfare to intimidate their enemies, spread propaganda, and recruit new members. Hamas, similarly, has their own cyber units whose capabilities are relatively outstanding for a non-state actor. This capability has enabled Hamas to carry out successful cyber espionage campaigns against the Israeli Defense Forces and other facets of the Israeli state. Kurdish hackers have actively been engaged in their people’s political struggle for over a decade and their activities paint a picture of the Kurdish struggle at large. This is not entirely surprising, as we move increasingly into a world that both influences, and is influenced by, the internet and the distinction between the two becomes increasingly difficult to differentiate. Looking ahead, it is highly likely that Kurdish hackers will play an ever increasing role in the Kurdish resistance movement, especially as hacktivist tactics become more advanced and the disruptive capabilities of non-state hackers increase.
History of the Kurdish Hacking Movement
The Kurdish hacking movement did not begin to play a role in the Kurdish struggle for autonomy and independence until much later in the broader movement’s history. This is understandable considering Kurdish militant groups, such as the Kurdistan Worker’s Party (PKK) started their armed conflict with the Turkish state in 1979 when the internet, personal computers, and hacking were still in their nascent years. Early operations carried out by Kurdish hackers were simplistic in nature. This often came in the form of website defacements targeting Turkish organizations and aimed at the Turkish public to spread awareness of the injustices suffered by the Kurdish people at the hands of the Turkish state. Other similar hacktivist campaigns could be described as propaganda operations in which Turkish websites were defaced with images of Abdullah Ocolan, considered the leader of the revolutionary Kurdish movement who has been imprisoned by the Turkish state since 1999, as well as messages supporting the armed struggle of the PKK (1). This activity, taking place in the 2012-2013 timeframe, is representative of politically-motivated hacking groups globally in the early 2010s. Their activity was largely focused around website defacements and spreading political messaging to a target audience. Rarely were hacktivist actions disruptive or a threat to any state at large, with groups such as Anonymous being among those most effective at the time.
In these early days of the Kurdish hacking movement, targeted cyber operations went both ways. Turkish hackers were active in trying to achieve political objectives of their own. These groups were often right-wing Turkish nationalists who targeted Kurdish organizations as well as other entities that have always been, and still remain, targets of right-wing violence such as LGBTQ+ organizations. One such example is when a Turkish nationalist group (Ayyildiz Tim) hacked the Facebook user account of a member of the Kurdish LGBTQ+ rights group, Hebun. After gaining access to the user’s account, the hackers defaced the Facebook group with Turkish nationalist symbols and videos to the group page, bragging about their successful hack. Hebun, based in the city of Diyarbakir, made statements at the time about the dangerous impact such cyber-attacks could have, notably due to the hackers’ ability to obtain personal information on the members of the group — something which could put their safety at risk in a hostile environment (2). These early hacktivist campaigns between rivaling Turkish and Kurdish groups showcased how the hacking scene in Turkey and Kurdistan was not just an online political war but a cultural one as well. This can be seen in the real world conflict of the region as left-wing and right-wing politics are leveraged by opposing sides and political struggle is matched by that of a war for culture and identity.
Increase in Scope and Tactics: State Hackers & Espionage
The early days of these hacker wars, and those of hacking more generally, seem quaint when compared to the modern capabilities of both nation-state and non-state hacking groups. Website defacements, while still a common occurrence, have mostly given way to the use of data leaks, ransomware, and cyber espionage. The capabilities of many nation-state actors have also greatly increased since the early 2010s. The Middle East in particular saw the rise of formidable military and intelligence hacking units such as those utilized by Iran and Israel. The use of cyber armies has also become a key asset for any nation seeking a level of regional or global power. The same is true of Turkey; around 2016, Turkey began to seriously improve their cyber capabilities, specifically those that came under the control of the state. In previous years, Turkey had been the target of a series of increasingly advanced cyber attacks from hacktivist groups such as Anonymous and various Kurdish hacking groups, as well as from Russian hackers as tensions between the two countries became more pronounced. Turkey consequently prioritized the improvement of its cyber defenses, by beginning an initiative to hire Turkish hackers to start testing the defenses of Turkish IT infrastructure.
While this initiative would increase Turkey’s cybersecurity, it would also improve the offensive cyber capabilities that could be leveraged by the state (3). This would allow Turkey to join a small but growing number of countries with cyber specific units at their disposal. Most importantly, it would be one of the few nations with influence in the Middle East to have such capabilities. This followed not long after Recep Tayyip Erdogan came to power as President of Turkey in 2014. Erdogan has since become known for his nationalist politics and desire to return Turkey to a position of regional power, similar to that of the times of the Ottoman Empire.
With cyber warfare beginning to advance in the Middle East, nationalist hacktivists would become the least of the Kurds’ worries. Newly-formed military hacking units were popping up throughout the various countries in which the Kurdish population resides – primarily Iran and Turkey, both of which have vested interests in monitoring the online activities of the Kurdish population. This advancement in nation-state capabilities would mark a paradigm shift in the hacking wars of Kurdistan.
Since the early formation of Turkey’s cyber units, the country has proven to have a widespread impact globally in cyberspace. State-backed hackers have carried out widespread operations against countries perceived to be the historical enemies of Turkey, including Greece, Armenia, Cyprus, Iraq, and Syria, along with the Kurdish population spread throughout the region (4). Iran likewise has carried out similar attacks and both countries have become known for frequently targeting journalists, human rights activists, and other critics of their respective regimes with spyware and other cyber espionage tactics to monitor their activity and suppress dissent. This activity has even extended to the United States and its western allies, who may represent a rather obvious target for the Iranian government but are at the very least supposed to be military allies to Turkey due to their membership in NATO. Despite cyber-attacks against allied countries being somewhat common, especially within what political scientist Waltz coined as 'the third image of international relations reversed', this decision from Turkey's state hackers showcases a relative degree of unpredictability. Turkey’s cyber army became so prolific that Microsoft added them to their list of the most prevalent nation-state hackers along with Russia, China, North Korea, Iran, and Vietnam (4).
Many cyber-attacks targeted against the Kurds have been espionage operations. Notable examples include the distribution of a mobile app targeting Kurdish Android users that – on the surface – appeared to provide news updates. In reality, once downloaded, the malicious app introduced spyware that allowed the attackers to record phone calls, extract files, and take screenshots in order to gather information on the user (5). Although this particular operation has not been officially attributed to a particular actor, the same tactics were used to spy on regional terrorist organizations such as al-Qaeda and the Islamic State, as well as Kurdish and Turkish organizations (6). From an analytical perspective, it hence becomes a fair deduction to suggest that the operation was an Iranian-state backed campaign. Iran is well known for their cyber espionage operations and has carried out similar attacks against critics of the regime. Similar tactics are used frequently to target the Kurdish people, with Kurdish militant and political groups being a common target for the Turkish government in particular.
Unfortunately for the Kurdish side in this cyber war, the advancement in capabilities by nation-states in the region left a wide intelligence gap between Kurdish militant groups, political activists, and hackers and their opponents. Kurdish hacktivists have increasingly been able to carry out data leak and ransomware operations against their political enemies, but the impact of such attacks have not had the disruptive impact to their targets that well-coordinated cyber espionage operations have had against the Kurdish movement.
The Kurds have seen the support of other hacktivist networks and individuals from around the world rally to their cause. The Anonymous Hacker Collective, for instance, hacked Swedish government websites after Sweden extradited a Kurdish politician to Turkey, in a bid to appease the country to approve their entry into the NATO alliance (7). Another hacker stole thousands of dollars in cryptocurrency in a cyber-attack that they then donated to the revolutionary movement in Rojava. This indicates that the Kurdish liberation struggle may have garnered the support of certain segments of the global hacking community. Unfortunately for the Kurds, their cyber forces will likely continue to struggle head-to-head against their Turkish and Iranian adversaries, so long as they lack the resources that can be mobilized by state-sponsored hacking units.
Internal Politics & Hacking Within Kurdistan
While the primary focus of the Kurdish hacking community is on attacking the networks of the countries that they perceive to be oppressing their people, there have been instances of Kurdish hackers targeting other Kurdish organizations. This reflects a rift in the Kurdish political movement more broadly. Primarily, this schism revolves around the Kurdish Regional Government in Iraq, which is an autonomous region governed by the Kurdish population, though is not independent from the Iraqi government. The region is ruled by the Barzani clan, a wealthy Kurdish family that is conservative in their views as well as cooperative with the Kurds’ historical enemy, Turkey. These views and stances have created enemies for the Kurdish Regional Government throughout the rest of Kurdistan, particularly amongst the revolutionary movement who sees Abdullah Ocalan as their leader and espouses anti-state, anti-capitalist, ecological, and feminist views, as well as the practice of democracy (8). These political differences have led to an intra-Kurdish conflict, primarily between the political establishment of the Barzanis and their Peshmerga military forces and the PKK (both their political and military factions).
This internal conflict amongst the Kurds has spilled over into the cyber realm. Revolutionary and anti-state Kurdish hackers have frequently carried out attacks against the Kurdish Regional Government, most of which consist of ransomware attacks and website defacements (9). The Kurdish hacking scene is characterized by an extensive collection of hacktivist groups, among which the 1877 Group is particularly renowned for its attacks against the Kurdish Regional Government (10). 1877 Group is just one of many Kurdish hacking collectives but has also engaged in other high profile cyber-attacks such as one that defaced Donald Trump’s personal website. This defacement was carried out in collaboration with RootAyyildiz, a Turkish hacker known for carrying out similar attacks around the world (11).
While it may be unusual for Kurdish and Turkish hackers to work together, this attack demonstrates the variety of motivations and political affiliations within the hacker underworld. Things are not always as simple as Turkish v. Kurdish, if groups within those communities can find a political common ground. Likewise, Kurdish political groups, militant factions, and hacker collectives are made up of a variety of ideologies and motivations that do not always see eye to eye. Groups such as 1877 have targeted the Kurdish Regional Government’s Ministry of Interior, suggesting that some hacktivists opposed to the Regional Government are based in the Iraqi region of Kurdistan itself. With anti-state sentiment so high throughout Kurdistan, the Kurdish Regional Government will likely continue to be a target of both internal and external revolutionary Kurdish opponents.
The Kurdish Regional Government, under the direction of the Barzanis, has also recently taken steps to increase the digitalization of the Kurdish region of Iraq. This will include the introduction of electronic payment systems, digital border crossing control systems, and the opening of advanced data centers (12). This increase in digital infrastructure means that there will be more targets for hackers to attack, especially if the Regional Government does not implement proper security precautions.
The ongoing cyber conflict throughout Kurdistan is unlikely to receive the same level of attention as other military conflicts in the region. Although this can be explained because threats from nation-state militaries and militant groups pose a far greater threat to stability in the region, it must be grasped that the cyber and military conflicts are very closely related. It has been the goal of Kurdish hacktivists to bring attention to their people’s struggle and strike blows where they are able to at the forces they believe to be responsible for their people’s suffering. In this sense, they act in solidarity with the military and political movements of the Kurdish struggle. The cyber war being waged in Kurdistan tells a story of the history and politics of the region at large.
Another recent development that could influence the situation in Kurdistan is the resurgence and advancement of the global political hacking scene since the start of the War in Ukraine. This is because hackers from all around the world have joined in on both sides of the conflict to further their political beliefs, ranging from the Cyber Partisans, BYPOL, and more. The conflict has also shown how advanced and disruptive hacktivist groups can be with various non-state actors connected to the conflict shutting down critical infrastructure, not just in Ukraine or Russia, but around the world. Perhaps these tactics will set a precedent for how hacktivists everywhere can disrupt governments; if so, the use of hacking may become a more integral aspect of the various conflicts throughout Kurdistan.
A notable development to monitor will be the formation of a new united Kurdish hacking force, calling themselves the People’s Cyber Army. This development was announced on the Telegram channel of an already-existing Kurdish hacking collective, or individual, known as Kurdish Cyber Gerila. This individual or group gained notoriety in the aftermath of recent attacks against players and fans of the predominantly-Kurdish Amedspor football team during a match against Bursaspor, made up mostly of Turkish players and supporters. During the incident, Turkish fans from Bursaspor threw knives, bullets, and bottles onto the pitch, while simultaneously singing and waving anti-Kurdish songs and banners (13). In retaliation for this incident, the Cyber Gerila claimed on their Telegram channel to have hacked various Turkish government websites, as well as taken control of email accounts belonging to Turkish government officials and agencies.
If the claims of a united hacking movement in Kurdistan are true, it could represent an advancement in the capabilities of Kurdish hackers. A united collective brings more talent, capabilities, and resources to carry out more advanced attacks. This also evidently involves the potential for propaganda and recruiting benefits, similar to those of the IT Army of Ukraine which represents a united cyber front in their war against Russia. Only time will tell if the newly-formed People’s Cyber Army is the needed change the Kurdish hacking community has been looking for.
Works Cited (Chicago)
(1) - Waqas. “225 Turkish Websites Hacked by Kurdish Hackers.” HackRead, 29 June 2017, https://www.hackread.com/300-turkish-sites-hacked/
(2) - Kaos GL . “Kurdish LGBT Rights Group Hacked on Facebook.” Kaos GL - LGBTİ+ Haber Portalı, https://kaosgl.org/en/single-news/kurdish-lgbt-rights-group-hacked-on-facebook.
(3) - Cimpanu, Catalin. “Turkey Wants to Build Army of Hackers.” BleepingComputer, BleepingComputer, 30 Dec. 2016, https://www.bleepingcomputer.com/news/government/turkey-wants-to-build-army-of-hackers/.
(4) - Corfield, Gareth. “Turkey and Vietnam Pose Hacking Threat, Says Microsoft.” The Register® - Biting the Hand That Feeds IT, The Register, 8 Oct. 2021, https://www.theregister.com/2021/10/08/microsoft_digital_defence_report/.
(5) - Stone, Jeff. “A Spyware App Designed to Monitor Kurdish Targets Attracted More than 1,400 Downloads.” CyberScoop, 8 Sept. 2021, https://cyberscoop.com/spyware-kurds-eset-bladehawk-iran/.
(6) - Anxin, Qi. “Razor Eagle Organization-a Targeted Attack Organization Circling in the Cyberspace of the Middle East and West Asia Revealed Its Activities.” 奇安信威胁情报中心, https://ti.qianxin.com/blog/articles/Blade-hawk-The-activities-of-targeted-the-Middle-East-and-West-Asia-are-exposed/.
(7) - Medya, Eylul. “Hacker Group Anonymous Hacks Swedish Official Website in Protest at Extradition of Kurdish Politician.” Medya News, 5 Dec. 2022, https://medyanews.net/hacker-group-anonymous-hacks-swedish-official-website-in-protest-at-extradition-of-kurdish-politician/.
(8) - Wladimir Van Wilgenburg on April 26, 2023, et al. “Iraqi Kurdistan and the Turkey-PKK Conflict.” Kurdish Peace Institute, 26 Apr. 2023, www.kurdishpeace.org/research/conflict-resolution-and-peacebuilding/iraqi-kurdistan-and-the-turkey-pkk-conflict/.
(9) - Fazel, Yad. “KRG Cyber Attack.” Medium, Medium, 12 Aug. 2021, https://yadfazel.medium.com/krg-cyber-attack-bfd42e91f1e8.
(10) - Fazel, Yad. “‘Dead Horse’ Krg Cyber Attack.” Medium, Medium, 8 Sept. 2021, https://yadfazel.medium.com/dead-horse-krg-cyber-attack-36b74a6cd5b2.
(11) - Unamatata, Hack. “Donald Trump Hacked Site by the Turkish Rootayyildiz and the 1877 Team.” SecNews.Gr, 11 Oct. 2021, en.secnews.gr/369126/hacked-site-donald-trump-rootayyildiz-1877-team/.
(12) - “Department of Information Technology.” Kurdistan Regional Government, https://gov.krd/dit-en/.
(13) - Chalak, Chenar. “Seven Arrested Following Racist Attack against Kurdish Team in Turkey.” Rudaw.Net, www.rudaw.net/english/middleeast/turkey/06032023.