Cyber Incident Victim: Saudi Customs Service
Date:
Jan 2016
Location:
Saudi Arabia
Summary
Anonymous conducted cyber attacks against multiple Saudi government websites, including the Saudi Customs Service, under operations #OpSaudi and #OpNimr, protesting the execution of 47 prisoners including Shia cleric Nimr Al Nimr. The coordinated attacks disrupted services for high-profile targets such as the Ministry of Defense, Royal Air Force, Ministry of Education, and General Passports Service, with some sites remaining offline for multiple days while others were restored.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 2, 2016, the Saudi Arabian government executed 47 prisoners convicted on terrorism charges, including prominent Shia cleric Sheikh Nimr Al Nimr, who had been arrested in 2012 at age 17 for alleged anti-government protest activities. In response, the hacktivist collective Anonymous launched coordinated cyberattacks against multiple Saudi government websites under the designations #OpSaudi and #OpNimr, continuing prior activism against Al Nimr’s treatment after Saudi authorities sentenced him to crucifixion in 2015. The attacks commenced shortly after the executions were publicly announced, with Anonymous-affiliated Twitter accounts such as @GlobalReVoL3 and @CockSec listing targeted entities on January 3-4. Among the affected organizations were the Saudi Customs Service, Ministry of Defense, Royal Air Force, Ministry of Education, Saudi Press Association, Ministry of Finance, General Passports Service, and the Ombudsman’s Office. These distributed denial-of-service (DDoS) attacks rendered the websites inaccessible by overwhelming their servers with traffic.
The sustained cyber campaign caused significant disruption to Saudi government digital services, with the Ministry of Defense’s website remaining offline for at least three days after being initially targeted on January 3. By January 5, when media reported the incident, some services like the Saudi Press Association had been restored, while others including the Customs Service and Passports Office remained nonfunctional. The attacks represented an escalation from Anonymous’s prior September 2015 operations against Saudi targets protesting Al Nimr’s sentencing, though no data breaches or permanent system compromises were confirmed. Saudi authorities did not publicly acknowledge the incidents or detail technical countermeasures beyond restoring select websites, though the prolonged downtime of high-value targets like the Defense Ministry suggested limited preparedness for large-scale DDoS mitigation. The operational impacts included disrupted public access to customs declarations, press releases, educational resources, and passport services during the outage period.