• Anjali Shah, Harsh Yadav, Sejal Barnwal, Nilesh Manickam, Nikita Suresh, Gauri Saraswat, Karthik Lal A.S

ABSTRACT

The ongoing conflict in West Asia has underscored the increasing weaponisation of data by both state and non-state actors, fundamentally transforming the nature of warfare in the region. This paper explores how digital technologies, cyber capabilities, and propaganda networks are being strategically used to manipulate information, conduct surveillance, and disrupt critical infrastructure. Through a detailed analysis of the roles played by key state actors such as Israel and Iran, and non-state entities including Hezbollah, Hamas, and hacktivist groups, the study highlights the convergence of cyber warfare and psychological operations. 

It further examines global reactions, such as UN and EU interventions, and landmark case studies like the Pegasus spyware scandal and Iran-Israel cyber clashes. The paper critically evaluates the gaps in international legal frameworks that have failed to keep pace with the rapid evolution of data-driven conflict, emphasizing the need for robust international regulation and digital rights protection.

Finally, it assesses the profound impact on civilian populations, including the erosion of trust, violation of privacy, psychological harm, and restricted access to reliable information. The paper argues for a human security approach that integrates digital safety into conflict response mechanisms to mitigate the growing threats posed by data weaponisation in West Asia.

INTRODUCTION

Propaganda warfare and cyber warfare have emerged as defining features of modern conflict, particularly in volatile regions such as West Asia. Propaganda warfare involves the deliberate use of information, narratives, and media to influence public opinion, justify actions, and delegitimise adversaries. Traditionally exercised through state-controlled outlets and symbolic messaging, propaganda has evolved with the digital age, gaining unprecedented reach through social media and algorithm-driven content distribution. 

Cyber warfare, by contrast, refers to the use of digital tools to infiltrate, disrupt, or sabotage enemy systems. It encompasses a range of tactics from cyber espionage and data theft to denial-of-service attacks, enabling actors to inflict tangible harm without direct military confrontation. Increasingly, these two forms of warfare intersect: propaganda is often disseminated via cyber channels, while cyber attacks are launched to extract data or alter narratives for political ends. 

Nowhere is this convergence more apparent than in West Asia, a region historically marked by colonial legacies, sectarian divides, and geopolitical rivalries. From the Arab-Israeli wars to the present-day conflicts involving Iran, Israel, and proxy groups like Hezbollah and Hamas, information has long been weaponised. The rise of digital platforms has intensified this trend, allowing both state and non-state actors to conduct coordinated campaigns that blur the line between psychological operations and military strategy. 

These digital confrontations have not only redefined the nature of warfare but also extended the battlefield into the cognitive and cyber realms. Understanding this nexus is vital to grasping how modern conflicts are fought; not just on the ground, but also through narratives, networks, and digital influence.

IMPLICATIONS OF DATA WEAPONISATION

Data weaponisation in the Middle East involves a multilayered dangerous landscape, inclusive of human rights, regional stability, digital autonomy and national security. Information based capabilities are developed within international organizations and non state actors as a means of exercising authority and intelligence gathering and silencing of opposition voices and use of distinct warfare methods in restricted areas that curtail regular military deployments. 

Presence of extensive cyber breaches coupled with the invention of information and the attacks on critical infrastructure systems have resulted in destruction of national security as a major effect. As well as the UAE’s Project Raven, Iranian APT33 provides persistent monitoring capabilities through cyber tools that threaten both internal and external security relationships (Recorded Future, 2022; Reuters, 2022). Surveillance technologies used by authoritarian government to monitor activists and journalists, and by minority people, violates human rights and hurts digital liberties (Citizen Lab, 2021, Access Now 2023). 

Data weaponization practice is directly related to developing conflict and civil conflict, then information warfare. The present dynamics fuse peace with war by coupling the use of data both as an instrument of war, and an instrument of control that produces both perplexing and difficult legal consequences and response complexity (Rid 2013, Deibert 2020). 

Foreign surveillance tools of private sector origin, which governments utilize to collar the populations across borders (Freedom House, 2023), antagonize the digital sovereignty because they are also digital authoritarianism. This process of militarizing of cyberspaces is activated through merging of civilian data systems with military through spyware and biometric surveillance, weakening digital system trust. 

The existence of several normative boundaries between civil and military realms has vanished so regulatory systems need to be implemented and data governance systems and digital rights protection for the civilians operating in the environment of conflict as well as environment of non conflict (Tallinn Manual 2.0, 2017; Geneva Academy, 2023).

ROLE OF STATE ACTORS

The West Asian region has meticulously recognised the effects of cyber warfare. In West Asia Israel and Iran are the nations in which they severely employs cyber warfare techniques against other states, similarly many other nations in this region tread on the wheels to utilize the technique. Israel’s cyber security mechanism and AI driven cyber warfare positioned itself as a pioneer of cyber security and cyber intelligence. Israel National Cyber Directorate (INCD) plays an important role in shaping the cyber infrastructure and protecting from the cyber-attacks of adversaries. Iran is another regional power has the advanced cyber technology to destabilize the civilian infrastructure includes all forms of institutions. It also encompasses cyber warfare under the Cyber Defence Command, which is functioning under the Joint Staff of the Armed Forces. Israel and Iran are the regional powers in which they used cyberspace as a tool to retaliate against each other. In 2020 on May 9 Israel launched a targeted cyber-attack against Iran’s Shahid Raja’I port in Bandar Abbas in southern Iran. It was a retaliation towards the Iranian cyber-attack against the Israel water and sewage infrastructure in Israel happened on April 24th and 25th 2020.

ROLE OF NON-STATE ACTORS

The impact of non-state actors has significantly increased in West Asia in recent years. These non-state actors are adopting new cutting-edge technology and altering their conventional methods of warfare as a result of the evolving cyber and digital information landscape. These players, who include private surveillance companies and militant groups, have grown more tech-savvy and are now utilising cutting-edge digital technologies to further their goals.

Organisations such as Hezbollah and Hamas are gathering and utilising data to enhance their cyber and surveillance capabilities. They try to follow and locate their targets, shift public opinion, and push their beliefs forward. There are reports that Israel used an AI tool called “Lavender” during the current conflict in Gaza to target terrorists. Even though the state runs this tool, the data it works on and the network it operates in can often be used by non-state actors, who take advantage of such systems for counter espionage or propaganda. 

This shows how these groups are learning to use high-level technologies once limited to states to advance in this asymmetric battlefield.

Hacktivist groups are also playing a growing role in changing the power game in the region. Cybercrime in the Middle East costs over 2.7 billion dollars each year. Both state and non-state actors are behind this, while many crimes are for money, some are carried out for ideological reasons as well. These groups find gaps in the system and use them to spread propaganda or challenge their rivals.

A more serious concern is how non-state actors are using social media to reach the younger generation and share their ideas in a way that recruits people into terrorist groups like Hamas, Hezbollah, and ISIS. They now use generative AI to create fake videos, images, and stories to support their message. ISIS shared a guide on how to use generative AI safely in 2023. This shows that they are not only using data to recruit, but also they are using innovative AI tools built on large amounts of data to turn information into a powerful weapon in the region.

GLOBAL REACTIONS TO DATA WEAPONISATION

1. International Reactions 

1.1 United Nations: The UN Human Rights Council and over 40 special rapporteurs have condemned spyware like Pegasus for violating human rights, calling for a global moratorium until proper regulations are in place. UNESCO has stressed the need for ethical AI and digital governance. 

1.2 European Union: The EU has sanctioned the NSO Group and regulated surveillance tech exports, citing misuse by authoritarian regimes. The European Parliament continues to push for transparency and accountability in digital surveillance. 

1.3 United States: The U.S. Commerce Department blacklisted NSO Group, banning business with U.S. firms. The Biden administration has elevated digital rights within its human rights policy, addressing data weaponization in international diplomacy. 

2. Key Case Studies 

2.1 The Pegasus Project and Jamal Khashoggi: The Pegasus Project revealed that Pegasus spyware was used by Saudi Arabia and UAE to monitor associates of journalist Jamal Khashoggi. Following this, the U.S. blacklisted NSO Group, and several international bodies called for independent investigations. The incident severely strained diplomatic ties between Saudi Arabia and Western democracies.  

2.2 Iran-Israel Cyber Conflict: The cyber conflict between Iran and Israel has involved attacks on infrastructure, espionage, and retaliatory hacking campaigns. Stuxnet, a worm allegedly developed by the U.S. and Israel targeted Iran’s nuclear program in 2010. In response, Iran has since developed its own cyber capabilities, targeting Israeli public systems.  

2.3 Iran’s Surveillance During 2022 Protests: Following the death of Mahsa Amini, Iran used mobile surveillance, internet shutdowns, and facial recognition to suppress nationwide protests. The EU responded with sanctions against officials and entities involved in the crackdown. The U.S. also supported initiatives to provide Iranian citizens with internet access and tools to bypass censorship. 

LEGAL FRAMEWORKS FOR DATA WEAPONISATION AND THEIR CONSEQUENCES

As the role of data across numerous fields grows rapidly, challenges on the international legal frame to manage its malicious use have come to light. At present, the basic principles that govern personal data are being violated on purpose in favour of military operations while defying the International Humanitarian Law (IHL) (Mone et al. 2024b). For instance, the fact of Clearview AI’s database being sold to different authorities during the Russia-Ukraine war indicates the intentional violation of personal data for the force’s gain, violating the International Humanitarian Law. Therefore, concerns have been raised on the application of the IHL to military operations such as targeting and surveillance that majorly leverage data, considering that its operationalization is merely considered an act of espionage and hence falls under domestic rather than international law (Mone et al. 2024a). Conventional wars are regulated by the International Humanitarian Law. 

However, a transformed battlefield, as showcased in the Russia-Ukraine war, has uncovered loopholes in war management. The war has demonstrated that the current international institutions are not sufficient to deal with the proliferation of data; neither are they prepared to deal with the developing flaws (McCormick and Slaughter 2021). 

Additionally, regulating the “data war” under the existing principles of international law may be unsuccessful in creating robust international legal frameworks to address the associated challenges. These developments further accentuate the global divide between data-rich regions in the Global North, with strong data protection mechanisms (such as the GDPR and the California Privacy Rights Act), and regions in the Global South, where there is a lack of comprehensive data protection laws and regulatory regimes. This disparity underscores the urgent need for global cooperation for substantial international regulatory mechanisms. Overall, the evolving nature of data warfare poses significant challenges to the existing international legal frameworks. 

These frameworks should focus on enhancing data protection and privacy, establishing norms and rules for responsible behaviour in cyberspace, and facilitating effective attribution and responsibility for data operations. Such efforts would require collaboration among States, international organisations, and Big Tech corporations to establish global standards and mechanisms that can effectively regulate and counter data warfare. The establishment of these frameworks and cooperation on a global scale would provide a comprehensive approach to address the complexities and transboundary nature of data warfare, safeguarding the stability, security, and integrity of the international system.

IMPACT OF DATA WEAPONISATION ON THE CIVILIAN POPULATION

As observed in the ongoing conflicts in West Asia, the growing weaponization of data by both state and non-state actors poses a serious challenge to the civilian population. Along with the conventional form of warfare, data manipulation, surveillance, and digital misinformation have become the central tools of contemporary conflicts. Hence, it becomes essential to examine how data weaponization affects civilians’ access to reliable information, their psychological status, and the different measures needed to safeguard them.

Firstly, the digital information environment in West Asia is being shaped by authoritarian regimes and the several propaganda networks, increasingly depriving civilians of credible information. In the aftermath of the Arab Spring, new media in the region had fostered both the empowerment and the mistrust, as the citizens remained wary of surveillance and manipulated narratives (Almeida & Banaji, 2019) . This eventually resulted in the restricted public access to truthful, life-saving information in the warzones. 

Secondly, the continuous exposure to the disinformation and the invasive digital surveillance has had profound psychological, social, and political impacts on civilian populations. State-run campaigns, for instance being those targeting Jamal Khashoggi, demonstrate how disinformation is used not only to silence dissent but also to intimidate and psychologically destabilise the societies, reducing the trust and the fragmenting communities (Al-Rawi, 2021).

Lastly, while digital safety efforts have emerged through diaspora journalist networks and civil society actors, these initiatives often remain limited in scope and accessibility. Syrian diaspora journalist networks, for instance, have pioneered digital safety campaigns and counter-disinformation efforts, offering essential yet small-scale protections to at-risk populations (Porlezza & Arafat, 2022) . The absence of comprehensive, community-wide digital literacy and protective infrastructure leaves civilians vulnerable in this weaponised data landscape. 

By applying a human security framework, this study highlights the inseparability of digital security and human safety, advocating for targeted policy interventions and grassroots resilience initiatives within ongoing West Asian conflicts.

CONCLUSION

The continuous and present day conflicts in West Asia have illustrated how data has turned into a powerful weapon, redefining the nature of modern warfare. Both state and non-state actors now use digital technologies not only to conduct the cyber attacks but also to control and manipulate the narratives, suppress dissent, and destabilize societies through surveillance and propaganda. This interconnectedness of cyber warfare and information warfare has increased the risks to regional stability, human rights, and civilian security. The absence of strong international legal frameworks and the increasing of the digital divide between the Global North and South further complicate efforts to regulate these practices. 

As conflicts spread more and more into the cognitive and digital realms, protecting the civilian populations requires swift and concerted actions that integrate the international regulatory reforms with the regional digital governance, and the local initiatives. Combating the weaponization of data in West Asia is not only a security necessity but also an essential step toward safeguarding fundamental human freedoms in the digital age.

BIBLIOGRAPHY

1. Rid, Thomas. Active Measures: The Secret History of Disinformation and Political Warfare. New York: Farrar, Straus and Giroux, 2020. https://us.macmillan.com/books/9780374287269/activemeasures
2. Singer, P. W., and Emerson T. Brooking. LikeWar: The Weaponization of Social Media. New York: Houghton Mifflin Harcourt, 2018. https://www.likewarbook.com/ https://www.hmhbooks.com/shop/books/LikeWar/9781328695741
3. Valeriano, Brandon, Benjamin Jensen, and Ryan C. Maness. Cyber Strategy: The Evolving Character of Power and Coercion. Oxford: Oxford University Press, 2018. https://global.oup.com/academic/product/cyber-strategy-9780190618094
4. Clarke, Richard A., and Robert Knake. Cyber War: The Next Threat to National Security and What to Do About It. New York: HarperCollins, 2010. https://www.harpercollins.com/products/cyber-war-richard-a-clarke
5. Access Now. (2023). Cybersecurity and human rights in the Middle East. https://www.accessnow.org 
6. Citizen Lab. (2021). Running in circles: Uncovering the clients of cyberespionage firm Circles. https://citizenlab.ca/2021/03/running-in-circles-uncovering-the-clients-of cyberespionage-firm-circles
7. Deibert, R. (2020). Reset: Reclaiming the internet for civil society. House of Anansi.
8. Freedom House. (2023). Freedom on the Net 2023: The rise of digital repression. https://freedomhouse.org/report/freedom-net/2023
9. Geneva Academy. (2023). Digital technologies and armed conflict.
   https://www.geneva academy.ch
10. Recorded Future. (2022). Iranian cyber threat group APT33: Evolution and targeting analysis.
    https://www.recordedfuture.com
11. Reuters. (2022). Inside the UAE’s Project Raven: A secret hacking team of Americans. https://www.reuters.com/investigates/special-report/usa-spying-raven
12.  Rid, T. (2013). Cyber war will not take place. Oxford University Press. Tallinn Manual 2.0. (2017).
13. Tallinn Manual 2.0 on the international law applicable to cyber operations. Cambridge University Press.
14. Ayesha Haroon, ‘AI and Cyber Drove Warfare in the Israeli-Iran Conflict and Its Impact on Gulf States’ Security’, Journal of Politics and International Studies 10, no. 2 (2024): 145–63.
15. Laila Rizky Amaliya, ‘A Cyber War of Iran-Israel: A Geopolitical Rivalry’, in International Conference on Strategic and Global Studies (ICSGS 2024) (Atlantis Press, 2025), 45–56,
    https://www.atlantis-press.com/proceedings/icsgs-24/126008135.
16. Davies, Harry, and Bethan McKernan. 2024. “‘The Machine Did It Coldly’: Israel Used AI to Identify 37,000 Hamas Targets.” The Guardian, April 4, 2024. https://www.theguardian.com/world/2024/apr/03/israel-gaza-ai-database-hamas-airstrike. 
17. Byman, Daniel, and Emma McCaleb. 2025. “Understanding Hamas’s and Hezbollah’s Uses of Information Technology.” https://www.csis.org/analysis/understanding-hamass-and-hezbollahs-uses-information-technology. 
18. Schaer, Cathrin. 2024. “Why Is the Middle East Losing so Much Money to Cybercrime?” Dw.Com, September 5, 2024. https://www.dw.com/en/why-is-the-middle-east-losing-so-much-money-to-cybercrime/a-70123520. 
19. Nelu, Clarisa. n.d. “Exploitation of Generative AI by Terrorist Groups.” International Centre for Counter-Terrorism – ICCT. https://icct.nl/publication/exploitation-generative-ai-terrorist-groups#:~:text=Examining%20groups%20like%20Hezbollah%2C%20Hamas,%2C%20privacy%2C%20and%20free%20expression. 
20. Akkad, D. (2022, September 22). Pegasus and other spyware threatens UN human rights work, Guterres warns. Middle East Eye. https://www.middleeasteye.net/news/pegasus-spyware-threatens-un-human-rights-work? 
21. Burgess, M. (2022, September 23). Iran’s internet shutdown hides a deadly crackdown. Wired. https://www.wired.com/story/iran-protests-2022-internet-shutdown-whatsapp/ 
22. Commerce adds NSO group and other foreign companies to Entity List for malicious cyber activities. (n.d.). U.S. Department of Commerce. Retrieved April 13, 2025, from https://www.commerce.gov/news/press-releases/2021/11/commerce-adds-nso-group-and-other-forei gn-companies-entity-list?
23. Digital surveillance / Pegasus: Civil society calls for EU sanctions against NSO Group. (n.d.). Rsf.org. Retrieved April 13, 2025, from https://rsf.org/en/digital-surveillance-pegasus-civil-society-calls-eu-sanctions-against-nso-group? 
24. Exclusive: Ex-NSA cyberspies reveal how they helped hack foes of UAE. (n.d.). Reuters. Retrieved April 13, 2025, from https://www.reuters.com/investigates/special-report/usa-spying-raven/ 
25. Forensic Methodology Report: How to catch NSO Group’s Pegasus. (2021, July 18). Amnesty International. https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-g roups-pegasus/?   
26. Jones, M. O. (2020, June 2). Qatar blockade: Saudi-led disinformation war is the tip of the iceberg. Middle East Eye. https://www.middleeasteye.net/opinion/qatar-blockade-saudi-led-disinformation-war-just-tip-iceberg? 
27. Marczak, B. (2018, September 18). HIDE AND SEEK: Tracking NSO Group’s Pegasus spyware to operations in 45 countries. The Citizen Lab.
    https://citizenlab.ca/2018/09/hide-and-seek-tracking-nso-groups-pegasus-spyware-to-operations-in-4 5-countries/
28. Mone, Varda, Sadikov Maksudboy Abdulajonovich, Ammar Younas, and Sailaja Petikam. 2024a. “Data Warfare and Creating a Global Legal and Regulatory Landscape: Challenges and Solutions.” International Journal of Legal Information, 1–11. ___. 2024b. “Global Legal and Regulatory Landscape: Challenges and Solutions.” International Journal of Legal Information, 1–11.
    https://doi.org/DOI: 10.1017/jli.2024.22. 
29. McCormick, H. David, and J. Matthew Slaughter. 2021. “Data Is Power.” Foreign Affairs. https://www.foreignaffairs.com/articles/united-states/2021-04-16/data-power new-rules-digital-age. 
30. Arora, P., “General data protection regulation—A global standard? Privacy futures, digital activism, and surveillance cultures in the Global South,” Surveillance & Society 17, no. 5 (2019): 717–25CrossRefGoogle Scholar,
    https://doi.org/10.24908/ss.v17i5.13307. 
31. Schmitt, Michael N., ed., Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations (Cambridge: Cambridge University Press, 2017)CrossRefGoogle Scholar. 
32. Lubin, Asaf, “The rights to privacy and data protection under international humanitarian law and human rights law,” in Research Handbook on Human Rights and Humanitarian Law: Further Reflections and Perspectives, eds. Kolb, Robert, Gaggioli, Gloria, and Kilibarda, Pavle (Cheltenham, UK: Edward Elgar, 2022), 463–92Google Scholar, https://doi.org/10.4337/9781789900972.00035. 
33. Almeida, C. M., & Banaji, S. (2019). Digital Use and Mistrust in the Aftermath of the Arab Spring . Media, Culture & Society, 41(8), 1125-1141.
    https://doi.org/10.1177/0163443718823143
34. Al-Rawi, A. (2021). Disinformation under a Networked Authoritarian State: Saudi Trolls’ Credibility Attacks against Jamal Khashoggi . Open Information Science, 5(1), 140-162. https://doi.org/10.1515/opis-2020-0118
35. Porlezza, C., & Arafat, R. (2022). Promoting Newsafety from the Exile: The Emergence of New Journalistic Roles in Diaspora Journalists’ Networks . Journalism Practice, 16(9), 1867-1889. https://doi.org/10.1080/17512786.2021.1925947