As cyber threats escalate globally, Syrian civil society organizations (CSOs) face increasing risks due to financial constraints, technical challenges, and political pressures. Unfortunately, these have led to security gaps that jeopardize the data and archives of civil society workers.

Since the early days of 2011, the civilian, political, and military bodies that have emerged across Syria continue to operate within a cycle of compromised communications and repeated breaches.

North and East Syria, for instance, have relied on multiple sources to secure a connection during and after the war: the Syrian government’s communications network, satellite internet, Turkish internet services, and lastly, the local Rcell network. 

This constant shifting between providers created considerable chaos in data security, leading to data loss and data inaccessibility. 

Abbas Ali Mousa, an activist with the Synergy Association, a platform documenting missing persons in Syria, stressed the gravity of handling such data—especially the testimonies and records of victims or their families. 

Although preserving these archives is critical for documenting war crimes and finding the missing, civil society organizations in Syria are not equipped with the technical skills and resources to protect this data, said Mousa. 

“Most of the available funds are directed towards field projects and immediate humanitarian needs rather than the development of technical infrastructure.”

Beyond financial constraints, “political instability and logistical challenges” pose  systemic obstacles to digital security efforts, he added. 

As a result, digital security is yet to be adopted as a core practice among civil society, leading to weak data protection strategies. 

Helez Fateh Abdulaziz from Insight Organization, a nonprofit documenting war crimes in Syria, also echoed funding constraints preventing the adoption of robust digital security practices. 

Abdulaziz told SMEX that organizations tend to underestimate the importance of securing technical resources, treating them as a lesser priority despite the challenges they pose to their operations.

Mousa points out that many civil society organizations overlook cybersecurity due to a lack of skilled staff, especially in their early stages. Donor priorities often focus on immediate needs, leaving digital security underfunded. Relying on volunteers in technical roles only worsens the issue, exposing data and accounts to digital threats.

In terms of internal digital communication, these civil organizations do not use official emails and secure cloud storage solutions, explained Mousa. External hard drives—holding information about thousands of beneficiaries and numerous projects—have malfunctioned frequently over the years, causing significant data losses.

“The total absence of adequate protection exposes the data of beneficiaries, donors, and staff to potential breaches or leaks,” explained Sherine Ibrahim from Dar Association for Victims of Forced Displacement, a non-profit organization dedicated to addressing the needs of forcibly displaced men and women. In the context of transitional Syria, it could even endanger people’s lives, Ibrahim added.

Losing control over communication systems complicates the coordination of relief and humanitarian efforts. It leads to data distortion due to breaches, potentially delaying the delivery of services and reducing operational efficiency. 

In some cases, stolen data could be used to target beneficiary communities or to leak sensitive information about activists and human rights defenders. It could also be falsified or manipulated to tarnish the reputation of the organization.

Digital Military-Political Conflict

Due to the ongoing political and military tensions with regions in North and East Syria, Turkey has used digital warfare as an offensive tool, repeatedly attempting to penetrate systems and broadcasting sites of local media in these areas. Turkish authorities have been behind restricting social media accounts by many civil and media activists and legal professionals in Syria. 

In response, some organizations have adopted protective measures. Mousa highlights the precautions they take to prevent breaches: “We have systems to protect sensitive data, utilizing paid and encrypted software for storing information, and we have a dedicated data entry employee to ensure controlled access to it.” 

However, others remain unprepared for digital threats. Jia Qahraman, a board member at Frontier Tech, a web and software solutions company, said that despite the firm’s adherence to high protection standards when purchasing servers, digital security remains a challenge.

“Officials in civil society organizations, local media, and activist circles show little interest in preventive tools and protective programs. Our company has never been consulted on protection technologies or invited to provide in-depth training workshops, which reflects the ongoing negligence toward digital security among civil organizations in Syria,” Qahraman said.

Political tensions led to increased digital violations among civil society groups in Syria. The director of one organization spoke on condition of anonymity due to security concerns: “During our work under former President Bashar al-Assad, we encountered an international donor who was operating both in North and East Syria and in Damascus.”

“Given the political sensitivity between the two locations, we objected to the non-disclosure of projects in North and East Syria and were assured confidentiality,” he explained. “But over time we found that the Syrian regime could access operational details and other data.” 

Workers in these organizations continue to fear ongoing threats in today’s Syria.

An anonymous director shared her experience with SMEX, recalling the challenges of data security under the previous regime. “Working in the capital, protecting our data was a constant nightmare. We only carried out projects with donors licensed to operate in Syria, meaning security agencies were aware of their activities. Still, we feared leaks, especially of beneficiary names, who risked harassment.”

“Some beneficiaries faced security harassment and were questioned about the support they received, a clear sign that our data had been compromised,” she added.

In North and West Syria in areas not under the former regime’s control, the situation was exceedingly harsh. In Idlib, according to statistics from the Women’s Empowerment Office, a survey indicated that 53% of women experienced some form of digital violence. 

This prompted civil organizations to allocate significant budgets for digital security for their workers. This led to the early 2012 launch of the “SalamaTek” digital platform, which provided urgent technical support and assistance for approximately 17,172 Syrians online through an emergency helpline.

Despite the significant cybersecurity risks civil society faces in Syria, organizations have yet to implement robust digital security measures against breaches and infiltration.

With all the changes happening in the country, these organizations continue their operations without any solid plans or strategies for digital security, which could lead to a digital disaster. 

Main Image Credit: AFP
The post Civil Society’s Data in North and East Syria is Not Secure  appeared first on SMEX.