Cyber Incident Victim: Kuwait
Date:
Nov 2016
Location:
Kuwait
Summary
Hackers defaced the official parliament website of Kuwait during elections, replacing its main page with a message accusing a specific member of parliament of acting as an Iranian agent and threatening to leak alleged secret communications with Iranian and Syrian officials. The attackers, identifying as Group_Dmar, demanded lawmakers oppose the accused MP, referencing his prior controversies including alleged insults to Saudi Arabia and ties to a Hezbollah commander. Additionally, the defacement urged parliamentary action to address systemic discrimination against stateless Bidoon residents, who lack access to fundamental rights like education and healthcare despite long-term residency in the country. The government disputes the scale of the issue, asserting most Bidoon are ineligible for citizenship due to migration histories.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On November 26, 2016, during Kuwait’s parliamentary elections, the official website of the Kuwaiti parliament was defaced by hackers identifying themselves as "Group_Dmar." The attackers replaced the main page with a message written in Arabic that directly accused Abdul Hamid Dashti, a sitting member of parliament, of acting as an Iranian agent. The hackers claimed to possess recordings of secret communications between Dashti, Iranian officials, and the Syrian government, threatening to release these materials publicly. Their message included a specific warning to Dashti: "the people and government of the Kingdom of Saudi Arabia are a red line not to be crossed," referencing his history of tensions with Saudi Arabia. This incident occurred amid heightened political sensitivity, as Dashti had previously drawn criticism for meeting with relatives of Imad Mughniyah, a deceased commander of the Iran-backed Hezbollah group. In 2015, Saudi Arabia formally requested Kuwait to prosecute Dashti for "repeated insults to Saudi Arabia through the media," underscoring the regional geopolitical tensions underlying the attack. The defacement disrupted the parliament’s online presence on a significant national event day, though the duration of the disruption and technical details of the breach were not specified in available reports.
The hackers’ message also addressed Kuwait’s longstanding issue of stateless residents, known as Bidoon, urging newly elected MPs to advocate for their rights. The statement highlighted the Bidoon community’s lack of access to education, healthcare, and citizenship rights, demanding, "When will their suffering end?" This reference aligned with public debates over Kuwait’s citizenship policies, which the government defended by asserting that only 34,000 of the estimated 110,000 stateless individuals qualified for naturalization, classifying the remainder as migrants from neighboring countries without valid claims. The attack did not include explicit demands beyond the public shaming of Dashti and the call to address the Bidoon issue, and no subsequent leaks of the alleged recordings were documented in the immediate aftermath. The incident underscored the intersection of cybersecurity vulnerabilities, domestic political rivalries, and regional proxy tensions involving Iran and Saudi Arabia, though Kuwaiti authorities’ technical response to the breach and any investigative outcomes were not detailed in the available source material.