New Lines: The hidden war to overthrow Assad began with a phone app!
American New Lines magazine reveals that Assad was hacked and his army soldiers were targeted, as in 2024, a covert espionage war against the Assad regime began, led by a fake phone app that spread among Syrian army soldiers, claiming to be an initiative by Asma al Assad to provide aid to those in need.
However, a new investigation reveals that it was a data-gathering ploy.
The battle waged by opposition factions to seize control of Aleppo on November 27, 2024, included scenes that many didn’t believe, and many of its details will remain unknown for some time.
The dramatic fall of the Assad’s regime, 12 days after the attack, surprised the entire world and raised questions about the secrets of its rapid disintegration.
Analysts claimed that drones were a major factor in the collapse of the regime, which had tightened its grip on Syria for more than half a century.
However, an investigation conducted by New Lines magazine indicates that the collapse of the Assad regime after the fall of Aleppo was the result of a hidden and unseen espionage war that coincided with the military preparations of the factions.
It was a phone app that quietly spread among Syrian army officers and soldiers, serving as the opening shot in a silent cyber war against the Syrian army.
The Syrian Development Organization hoax: The application bore the name “Syrian Development Organization,” which is run by Asma al Assad.
It was designed with a familiar interface, images, and logos identical to those of the official organization, and claimed to be a national humanitarian initiative by the first lady to support the heroes of the Syrian Arab Army.
It began being promoted among the army in early summer 2024, months before the military offensive, as an application that helped its users obtain financial aid.
To obtain financial aid, the app required soldiers to fill out their personal information: full name, spouse’s name, number of children, place and date of birth, and answer non-threatening questions such as:
What type of aid do you expect?
Tell us more about your financial situation?
After such questions, the sensitivity and specificity of the questions later escalate, asking for phone number, military rank, and exact location of service, all the way down to corps, division, brigade, and battalion.
In return, users receive monthly transfers of approximately 400,000 liras, equivalent to about $40 at the time.
What appeared to be a traditional questionnaire for collecting financial aid was in fact a sophisticated model for collecting sensitive data that fed advanced military algorithms.
A Syrian software engineer confirmed to the New Lines magazine that these forms helped generate live military maps, especially when the app combined an officer’s rank and military position, revealing strengths and gaps in the Syrian army’s defense lines.
At the bottom of the app page was another trap: a Facebook link, through which the user’s social media login details were quietly extracted and transferred to external servers.
If the target survived the first trap, they often fell into the second.
The app exploited the deteriorating living conditions of the military in Syria, as soldiers’ salaries had fallen to less than $20 a month, and corruption was so rampant that some officers were even selling loaves of bread to soldiers.
After installing the app and gathering basic information, a sophisticated spyware known as “SpyMax” was installed, enabling attackers to spy on everything on the phone, including calls, messages, photos, and files, as well as the camera and microphone, allowing for live spying on the user without their knowledge.
New Lines magazine reported that the app helped track live geolocation, monitor the movements of soldiers and military sites, eavesdrop on calls, record commanders’ conversations to determine operational plans in advance, extract documents, maps, and files from phones, and even activate cameras to broadcast live from inside military installations.
It indicated that, thanks to this data, opposition factions were able to launch precise attacks on exposed sites, cut off supplies to isolated units, and even disrupt command orders by sending conflicting instructions.
It’s likely that the data was also used to target the military operations room in Aleppo, accelerating the collapse of the regime’s first line of defense.
According to New Lines, those responsible for the cyberattack remain unknown, but the investigation indicates that one of the domains associated with the hackers was hosted on servers inside the United States, which has previously supported the armed opposition; However, this geolocation was likely a deliberate misinformation.
The report indicated that opposition factions, regional or international intelligence agencies, or other unknown parties may have been behind this cyberattack.
It noted that this isn’t the first-time phones have been exploited militarily in Syria, as in February 2020, a Syrian soldier left a phone inside a Russian Pantsir air defense system, where Israel tracked the phone’s signal and carried out a lightning airstrike that completely destroyed the Russian Pantsir air defense system.
It’s impossible to determine though the exact number of phones that were hacked, but estimates suggest it could be in the hundreds or even thousands.
A message posted on the app’s Telegram channel in mid-July 2024 showed that approximately 1,500 money transfers were made during that month alone, while other posts reported additional payments later.
In an interview with Syrian television after the fall of the regime, Syrian President Ahmed al Sharaa revealed additional details about “Operation Deterrence of Aggression,” the name given to the campaign that toppled Assad.
He said that planning for the operation took five years, and that the regime was aware of it but failed to thwart it.
The investigation questioned how al Sharaa knew this, suggesting that one thread could have completely dismantled the Syrian regime.
The story of the final days before the major campaign may remain a mystery, but the Syrian Trojan horse may be one of its essential keys.
The investigation hinted that al Sharaa’s knowledge of the precise details of the regime’s inability may have been the result of a cyber infiltration of its ranks, suggesting that the so-called “Syrian Trojan Horse” may be one of the key keys to understanding the reasons for the regime’s collapse from within.
