'Yemen Cyber Army' hitlist appears unscathed - so far

Hacker group with murky origins announced on Sunday that it was targeting Saudi banks and companies, but all appear to be online as of Tuesday.
2 min read
21 July, 2015
Hackers say that they are going to target Saudi companies and banks [Getty].

Is it a new front in the Yemen war?

The 'Yemen Cyber Army' announced on Sunday that they were stepping up their online attacks against Saudi Arabia, which has been participating in the war in Yemen with airstrikes on Houthi and allied positions, after recent hacks targeted Saudi government ministries and released thousands of sensitive documents.

The organisation is also thought to be linked with the recent Wikileaks dump of Saudi foreign ministry documents, which shed light on the Arab kingdom's role in the region.

The hack rattled the Saudis, and its government warned citizens that they faced 20 years in prison should they dare to share the leaked cables online.

However, Sunday's proclamation of “cyber war” on Saudi Arabia, accompanied by a list of 23 websites of Saudi companies and banks, has yet to rally the troops, with all of the websites checked by al-Araby al-Jadeed on Tuesday morning alive and well.

The tech website Vocativ did report that some of the websites were down on Monday, but they appear to be up and running again.

Previous hacks attributed to the Yemen Cyber Army have featured images of suited men in masks associated with the international hacker group Anonymous, which the Yemen Cyber Army has pledged allegiance to. There is a twist though – the men wear belts adorned with the Yemeni jambiya dagger.

This sop to Yemeni culture has not been enough to placate those who doubt that the group actually originates elsewhere – with fingers pointing at Saudi Arabia's regional rival, Iran.

Figures such as Ayatollah Khamenei and Hizballah leader Hassan Nasrallah feature prominently, although this is perhaps not out of the ordinary, as the Houthi movement, which the Yemen Cyber Army appears to support, are part of the pro-Iranian 'resistance' camp in the Middle East.

Yet there are other, more obvious, signs that the group is actually Iranian, or at least based there.

Speaking to Buzzfeed News, Boaz Dolev, the head of the cybersecurity firm ClearSky, said that they had identified a piece of malware that they believe was used in the hacks against the Saudi foreign ministry, and are almost certain was made by the Iranian government. Other cybersecurity firms have also reported similar findings.

It is also doubtful that, considering the constant lack of electricity and fuel for generators in Yemen, as a result of the war and general instability, that hackers based there would be able to carry out sophisticated operations like the ones carried out against the Saudis.