The Other War in Yemen—for Control of the Country’s Internet
Opponents in the civil war use the web to block access, gather intelligence, and even mine cryptocurrency.
In June of this year, a new internet service provider quietly came online in Yemen. Built with funding from the United Arab Emirates and with Chinese equipment, the service was dubbed AdenNet. And with its launch, Abed Rabbo Mansour Hadi’s government in Yemen opened a minor new front against its Houthi opponents.
While coverage of Yemen’s civil war has focused on the devastating physical destruction—tens of thousands dead and a looming famine—another conflict has been playing out in the background: a war for control of the country’s internet.
It began when Houthi rebels swept into Yemen’s capital of Sanaa in 2014. They not only seized the seat of power, but they also captured the country’s major internet infrastructure, allowing the group to filter the internet, carry out surveillance of web traffic, and even mine cryptocurrency, according to a new report from the cybersecurity firm Recorded Future.
“In the middle of the Yemeni civil war, the factions are also vying for control of internet access,” said Greg Lesnewich, a threat intelligence analyst with Recorded Future and one of the authors of the report, which will be presented Wednesday at the inaugural CyberwarCon.
While control over the internet in a conflict zone might once have required the capabilities of an advanced military, the proliferation of surveillance technology and a growing awareness of the internet as a tool of war have made militant groups even in the most impoverished countries aware of the web as a weapon to be harnessed.
For the Houthis, which are backed by Iran, it has provided the upper hand in shaping perceptions of the war. “The media war is a whole other front of the actual war,” said Adam Baron, a visiting fellow at the European Council on Foreign Relations who has reported extensively from Yemen.
In order to control internet access in Yemen, the Houthis turned to a simple commercial solution from the Canadian company Netsweeper, which sells technology to filter and block webpages. Since taking power, the Houthis have at times blocked WhatsApp, Facebook, Twitter, and Telegram, among other sites, including some reporting Houthi troop movements.
To be sure, internet censorship isn’t new to Yemen nor unique to the Houthis. Many opposition sites were blocked under the rule of the previous president, Ali Abdullah Saleh, and such sites remain difficult to access under the Houthi regime.
Those content restrictions broadly mirror internet controls elsewhere in the Middle East. Egypt has blocked many news sites, Lebanon prevents access to 11 Israeli sites per the terms of a 1963 decree calling for a boycott of the country, and Saudi Arabia bars users from a wide range of sites deemed offensive.
But at times, Houthi rebels have gone to extremes. In December 2017, the group shut down internet access in the country entirely for 30 minutes, in what may have been an attempt to prevent the spread of videos showing atrocities perpetrated by Houthi forces. And in July, the group cut access to 80 percent of users of YemenNet, the internet service provider it controls, when it sliced through a fiber-optic cable in the port city of Hodeidah while fortifying Houthi defenses there.
Hodeidah represents a key flashpoint in the civil war—both in the physical and in the digital conflict. The port itself is the primary point of entry for humanitarian supplies and is also where two of the four submarine cables that connect Yemen to the internet terminate. The other two emerge from the sea in Aden, which is controlled by the Saudi-backed Hadi government.
If Saudi-backed forces reclaim Hodeidah, they will also control all the fiber-optic cables supplying internet access to the country, improving their ability to cut off or surveil web use.
By overseeing the internet infrastructure in Sanaa, the Houthis have also had the ability to intercept traffic and snoop on many of the country’s internet users, said Allan Liska, a veteran cybersecurity analyst and another author of the Recorded Future report.
The extent to which the Houthis have deployed that kind of surveillance technology is unclear, but researchers say that residents of Sanaa are highly fearful of the Houthis’ snooping abilities.
“The Houthis have a pretty good grasp on what is happening in Sanaa,” said Greg Johnsen, a journalist and researcher who has written extensively about Yemen. Some of that “comes from human intelligence,” Johnsen said, but “the assumption is that some of this is happening online.”
Liska said he also collected evidence that the United States and Russia are deploying their own digital surveillance tools in Yemen and that he observed malware signatures—a kind of digital fingerprint—for surveillance tools associated with both countries on the Yemeni web.
The Houthis also appear to have dabbled with more exotic internet-related technology. When examining the Yemeni internet, Recorded Future’s researchers observed a small cryptocurrency-mining operation running on routers belonging to the Houthis’ YemenNet.
Mining cryptocurrency involves solving the computationally intensive math problems that form the basis of such currencies. In exchange, the computer that completes that calculation is rewarded with currency.
According to Recorded Future, the mining operation can’t be definitively tied to the Houthi government. But the possibility that it is exploring the use of such technology would be consistent with a growing trend, said Winnona DeSombre, another one of the authors of the report.
“This is another government isolated by the international community catching on that they can mine cryptocurrencies as a way to keep their regime propped up monetarily,” DeSombre said. “North Korea has also used cryptocurrency mining in the past as a means to work around international sanctions.”