“Do You Have A Flag?” – Egyptian Political Upheaval & Cyberspace Attribution

Murad A. Al-Asqalani is an open-source intelligence analyst based in Cairo, Egypt.  Divergent Options’ content does not contain information of an official nature nor does the content represent the official position of any government, any organization, or any group.

(Author’s Note — “Do You Have A Flag?” is a reference to the Eddie Izzard sketch of the same name[1].)

National Security Situation:  Response to offensive Information Operations in cyberspace against the Government of Egypt (GoE).

Date Originally Written:  May 15, 2017.

Date Originally Published:  June 1, 2017.

Author and / or Article Point of View:  This article discusses a scenario where the GoE tasks an Interagency Special Task Force (ISTF) with formulating a framework for operating in cyberspace against emergent threats to Egyptian national security.

Background:  In 2011, a popular uprising that relied mainly on the Internet and social media websites to organize protests and disseminate white, grey and black propaganda against the Mubarak administration of the GoE, culminated in former President Mubarak stepping down after three decades in power.

Three disturbing trends have since emerged.  The first is repeated deployment of large-scale, structured campaigns of online disinformation by all political actors, foreign and domestic, competing for dominance in the political arena.  Media outlets and think tanks seem to primarily cater to their owners’ or donors’ agendas.  Egyptian politics have been reduced to massive astroturfing campaigns, scripted by creative content developers and mobilized by marketing strategists, who create and drive talking points using meat and sock puppets, mask them as organic interactions between digital grassroots activists, amplify them in the echo chambers of social media, then pass them along to mainstream media outlets, which use them to pressure the GoE citing ‘public opinion’; thus, empowering their client special interest groups in this ‘digital political conflict’.

The second trend to emerge is the rise in Computer Network Attack (CNA) and Computer Network Exploitation (CNE) incidents.  CNA incidents mainly focus on hacking GoE websites and defacing them with political messages, whereas CNE incidents mainly focus on information gathering (data mining) and spear phishing on social media websites to identify and target Egyptian Army and Police personnel and their families, thus threatening their Personal Security (PERSEC), and overall Operation Security (OPSEC).  The best known effort of this type is the work of the first-ever Arabic Advanced Persistent Threat (APT) group: Desert Falcons[2].

The third trend is the abundance of Jihadi indoctrination material, and the increase in propaganda efforts of Islamist terrorist organizations in cyberspace.  New technologies, applications and encryption allow for new channels to reach potential recruits, and to disseminate written, audio, and multimedia messages of violence and hate to target populations.

Significance:  The first trend represents a direct national security threat to GoE and the interests of the Egyptian people.  Manipulation of public opinion is an Information Operations discipline known as “Influence Operations” that draws heavily on Psychological Operations or PSYOP doctrines.  It can render drastic economic consequences that can amount to economic occupation and subsequent loss of sovereignty.  Attributing each influence campaign to the special interest group behind it can help identify which Egyptian political or economic interest is at stake.

The second trend reflects the serious developments in modus operandi of terrorist organizations, non-state actors, and even state actors controlling proxies or hacker groups, which have been witnessed and acknowledged recently by most domestic intelligence services operating across the world.  Attributing these operations will identify the cells conducting them as well as the networks that support these cells, which will save lives and resources.

The third trend is a global challenge that touches on issues of freedom of speech, freedom of belief, Internet neutrality, online privacy, as well as technology proliferation and exploitation.  Terrorists use the Internet as a force multiplier, and the best approach to solving this problem is to keep them off of it through attribution and targeting, not to ban services and products available to law-abiding Internet users.

Given these parameters, the ISTF can submit a report with the following options:

Option #1:  Maintain the status quo.

Risk:  By maintaining the status quo, bureaucracy and fragmentation will always place the GoE on the defensive.  GoE will continue to defend against an avalanche of influence operations by making concessions to whoever launches them.  The GoE will continue to appear as incompetent, and lose personnel to assassinations and improvised explosive device attacks. The GoE will fail to prevent new recruits from joining terrorist groups, and it will not secure the proper atmosphere for investment and economic development.

This will eventually result in the full disintegration of the 1952 Nasserite state bodies, a disintegration that is central to the agendas of many regional and foreign players, and will give rise to a neo-Mamluk state, where rogue generals and kleptocrats maintain independent information operations to serve their own interests, instead of adopting a unified framework to serve the Egyptian people.

Gain:  Perhaps the only gain in this case is avoidance of further escalation by parties invested in the digital political conflict that may give rise to more violent insurgencies, divisions within the military enterprise, or even a fully fledged civil war.

Option #2:  Form an Interagency Cyber Threat Research and Intelligence Group (ICTRIG).

Risk:  By forming an ICTRIG, the ISTF risks fueling both intra-agency and interagency feuds that may trigger divisions within the military enterprise and the Egyptian Intelligence Community.  Competing factions within both communities will aim to control ICTRIG through staffing to protect their privileges and compartmentalization.

Gain:  Option #2 will define a holistic approach to waging cyber warfare to protect the political and economic interests of the Egyptian people, protect the lives of Egyptian service and statesmen, protect valuable resources and infrastructure, and tackle extremism.  ICTRIG will comprise an elite cadre of highly qualified commissioned officers trained in computer science, Information Operations, linguistics, political economy, counterterrorism, as well as domestic and international law to operate in cyberspace.  ICTRIG will develop its own playbook of mission, ethics, strategies and tactics in accordance with a directive from the political leadership of GoE.

Other Comments:  Option #1 can only be submitted and/or adopted due to a total lack of true political will to shoulder the responsibility of winning this digital political conflict.  It means whoever submits or adopts Option #1 is directly undermining GoE institutions.  Since currently this is the actual reality of GoE’s response to the threats outlined above, uncoordinated efforts at running several independent information operations have been noted and documented, with the Morale Affairs Department of the Military Intelligence and Reconnaissance Directorate running the largest one.

Recommendation:  None.


[1]  Eddie Izzard: “Do you have a flag?”, Retrieved from: https://www.youtube.com/watch?v=_9W1zTEuKLY

[2]   Desert Falcons: The Middle East’s Preeminent APT, Kaspersky Labs Blog, Retrieved from https://blog.kaspersky.com/desert-falcon-arabic-apt/7678/

Cyberspace Egypt Murad A. Al-Asqalani Option Papers Psychological Factors

Egyptian Syriana: A Gulf-Funded Russian Roulette

Murad A. Al-Asqalani is an open-source intelligence analyst based in Cairo, Egypt.  Divergent Options’ content does not contain information of an official nature nor does the content represent the official position of any government, any organization, or any group.

National Security Situation:  Political opportunity for the current Egyptian administration in the war in Syria.

Date Originally Written:  December 11, 2016.

Date Originally Published:  January 9, 2017.

Author and / or Article Point of View:  The article is written from the point of view of the As’Sissi administration (TAA) of Government of Egypt (GoE) towards the war in Syria.

Background:  In 1958, Egypt and Syria formed the first Arab alliance in the region.  Although the United Arab Republic was short-lived, and despite its demise in 1961, political and security relationships between the two countries have continued.  The armies of both countries launched a surprise attack against Israel in 1973 to reclaim the Sinai and Golan Heights, which were occupied after a pre-emptive war launched by Israel in 1967.  However, after the unilateral decision by Egyptian President Anwar Sadat to make peace with Israel, Syrian President Hafiz Al-Assad pursued a policy of sustained agitation propaganda against the Sadat and the Mubarak administrations.  This policy was maintained by his son and successor, current Syrian President Bashar Al-Assad, then it was followed by a policy of encouraging public opinion subversion through agent provocateurs peddling pro-Syria narratives in Egyptian state media, after the Egyptian uprising of 2011.  On several occasions, Egyptian Intelligence Community officials claimed that several Egyptian Islamist terrorists received support from Syrian and Iranian intelligence services to carry out attacks against Egyptian officials and interests.

Following years of political instability, former Army Field Marshal As’Sissi rose to the helm of power in Egypt, leading an administration that seeks to project ‘soft power’ in the near-abroad.  The war in Syria offers TAA an opportunity to redraw the map of regional alliances and to maneuver around several national security threats that currently have no viable solutions.  These threats include tracking battle-hardened Jihadis returning from Syria, a fragile national economy reliant on tourism, Suez Canal revenues to secure foreign currency, and Iranian aggression.

In the wake of the Egyptian atypical coup of 2013, the GoE turned to Gulf countries for economic aid packages, and turned to Putin’s Russia for military cooperation.  The GoE also strengthened its political and military cooperation with the French government, which openly opposes the Assad regime in Syria.  After the bombing of a Russian commercial airliner over the Sinai by operatives of the so-called Islamic State (IS), and after disagreements with Gulf countries regarding a final solution in Syria, as well as the war in Yemen, TAA supported two conflicting draft resolutions in the security council, and declared its support for a ‘Syrian national army’ (SNA).  TAA stated that SNA was best suited to stabilize war-torn Syria.  TAA envisions SNA as a replacement for the now-defunct and disgraced Syrian Arab Army (SAA) with the SNA being a melting pot to assimilate all ethnicities and all emergent armed groups in Syria after a process of national reconciliation.

Many observers translated this position as ‘support for Assad,’ which perhaps may prove to be wrong.  In other words, since the Government of Syria (GoS) has been undermined by Russian and Iranian meddling, the SAA is in disarray after huge losses coupled with nationwide defection and desertion, and since the social fabric of Syria as a nation-state was torn along ethnic and religious fault lines, TAA is not betting on the survival of Assad per se, but is rather trying to sell a model for nation building.

Significance:  TAA is interested in maintaining a secular GoS, improving security cooperation, maintaining a fragile alliance with Russia, and in engineering a political rapprochement with Iran.  It is also interested in protecting certain Egyptian economic interests, mainly tourism and Suez Canal revenues, as well as newly discovered, deepwater natural gas fields in the Mediterranean Sea.  Given these parameters, the options available to TAA are:

Option #1:  Support a ‘Syrian National Army’

Risk:  By declaring support to an SNA, TAA risks economic divestment by Saudi Arabia, the stigma of supporting Assad and SAA (both accused of committing war crimes), and the ethical predicament of siding with foreign troops and foreign religious militias – Russian special operations forces, Iranian Islamic Revolutionary Guard Corps, Hezbollah, Shiite mercenaries, etc – deployed against the Syrian people.

Gain:  By proposing the SNA narrative, TAA aims to save the failed model of a secular Arab republic in Syria, and to improve cooperation with its security services.  It offers the parties most invested in the conflict, namely Russia and Iran, an exit strategy to stop supporting Assad after the war ends.  In return, it expects a share in post-war reconstruction and military rebuilding contracts, wishes to strengthen its position with Russia, and hopes to use Iranian ambitions for regional hegemony to counter political and economic pressures from Saudi Arabia.  It is also interested in inclusion in any future plans for developing and operating natural gas pipelines, deepwater natural gas fields in the Mediterranean, as well as regional natural gas production and collection hubs.  Blocking access of Gulf countries to a Mediterranean port ensures that tankers will continue to sail through the Suez Canal to ship oil and liquified natural gas (LNG) to Europe.

Option #2:  Support the ‘Syrian Revolution’

Risk:  The ‘Syrian Revolution’ narrative, in which opposition forces fight to topple GoS, is no longer relevant after the dimensions of the proxy war in Syria were revealed.  By supporting this narrative, TAA will undermine itself, and delegitimize its rise to power.  It will upset Russia while siding with Gulf countries against Iran in an almost-lost proxy war.  TAA will also risk becoming a supporter of terrorism, after most of the so-called revolutionary factions in Syria have demonstrated to be mostly Sunni Islamist extremists.  It will risk impact to its economic interests, such as tourism and Suez Canal revenues, as well as investments in the energy sector.  It will risk direct involvement in the conflict, should Gulf countries decide to intervene militarily.  It should be noted that former President Muhammad Morsi’s reference to a possible Egyptian military intervention in Syria was one of the main triggers of the 2013 atypical coup against him, and his Qatar and Turkey-backed Muslim Brotherhood government.

Gain:  By supporting the ‘Syrian Revolution’ narrative, TAA stands to secure more Saudi and perhaps Qatari direct investments and petroleum aid packages.

Other Comments:  TAA’s regional calculus involves Israel, Turkey, and Qatar. Israel’s red line is supplying Hezbollah with advanced weapons, and it maintains a fruitful security cooperation with GoE tackling the IS insurgency in the Sinai.  Therefore, TAA limits Egyptian arms sales to GoS to light weapons and ammunition.  TAA is currently engaged in a media war against Qatar and Turkey for their pan Islamic aspirations, which TAA considers a threat to Egyptian sovereignty.

Recommendation:  None.



Civil War Egypt Murad A. Al-Asqalani Option Papers Syria