In an age ruled by artificial intelligence, satellites and supercomputers, the engineer Mohammed al-Ahmad spent six months imprisoned in the basement cells of the Military Security Branch in Damascus for no reason other than a coincidence of names. His name, his father’s, his mother’s and his hometown’s matched those of a man wanted by the directorate.
Readers may be tempted to dismiss this story as fiction or exaggeration. It is neither. What happened to al-Ahmad happened to many in the Syria of former President Bashar al-Assad and his father and predecessor, Hafez al-Assad, across more than 50 years. It could have been avoided with something as simple as an electronic database, or a digital link to the national civil registry.
This isn’t just a story about a man wrongly imprisoned. It’s a parable about a regime that built one of the most feared security apparatuses in the region, yet never mastered the basic tools of the information age. Despite Assad’s claims in the early 2000s that his government was ushering in an era of “digital transformation,” the Syrian state clung to file cabinets, ink stamps and handwritten reports. Even as wars were being fought — and lost — on servers and from behind keyboards, Damascus remained stuck in a bureaucratic past.
Syria didn’t need brilliant enemies to lose the security war. It lost it from within. The security and intelligence systems were built not on competence, but on loyalty, corruption and technical ignorance. They rendered real the old warning attributed to Sun Tzu: “Defeat begins in the war room.” Once feared as an omnipotent surveillance apparatus, Syria’s security state became a crumbling relic, which served as proof that repression alone no longer guarantees survival.
Behind that slow collapse lay a world the regime long kept obscured from view: the internal workings of its security services, the conditions of their personnel, the rot of corruption, the logic of promotions, the mechanisms for choosing who led and who followed. None of it was ever up for public debate. But after the 2011 uprising, the cracks widened and a grim truth emerged: Syria’s security state was not only brutal; it was brittle as well.
In this investigation, former officers from Damascus, Moscow and Caracas spoke out for the first time, revealing how Syria’s security apparatus morphed into an enemy within. Unwittingly, it fulfilled another of Sun Tzu’s warnings: “If you know neither yourself nor your enemy, you will be defeated in every battle.” Clinging to primitive tools of repression, the regime failed to grasp the transformations of the 21st century. Its adversaries didn’t need to overpower it; they slipped through cracks of its own making.
Over the five decades of rule by Hafez and Bashar al-Assad, Syria’s security system swelled into an octopus-like structure, with more than 14 major intelligence branches, each with its own subordinate units. As conflicts arose, new appendages emerged: the Republican Guard, the National Defense Forces and the 4th Armored Division, latterly under Bashar’s brother, Maher al-Assad. But for all this organizational bloat, real decision-making remained tightly centralized, ossified at the top of a rigid hierarchy that refused to recognize its own decline or adapt to a changing world.
The result was a paradox: a massive, multilayered apparatus flush with resources and riddled with contradictions. Instead of operating as a unified force to defend the state, Syria’s security agencies devolved into rival fiefdoms, competing for power, territory and spoils. These branches hoarded information from one another, even if it meant allowing wanted men to slip through their fingers.
Ahmed A., a former captain in the Military Security service’s cyber division, one of the most powerful agencies in Syria’s recent history, recalls this dysfunction firsthand. From his graduation at the military academy until the regime’s collapse, he oversaw network security and training. He now lives in exile.
Internal rivalry and an absence of coordination hollowed out the apparatus from within. In some cases, competition between authorities escalated into open conflict: Clashes broke out between the 215th Company and Air Force Intelligence in 2014 and, later, in the Damascus suburb of al-Maliha between the 4th Division and the Republican Guard — an armed confrontation in which casualties were reported, according to the former officer. In other instances, sluggish communication meant it could take up to a week for enemy coordinates to reach artillery units, by which point the targets had moved, or the shells landed on Syrian army positions instead. Incidents like these, especially in Homs, became routine.
Bloated, brittle and consumed by corruption, the Syrian security state lost the ability to respond to real threats. It became less a shield for Assad’s state than a mechanism for internal control. And when the greatest test arrived, in the form of the 2011 uprising, what had long seemed an unshakable edifice began to crack. Behind the illusion of strength stood a fractured, self-sabotaging system, one that could no longer protect the state, nor even itself.
Despite its vast size and sprawling branches, Syria’s security apparatus functioned almost exclusively as a tool of internal repression, all but entirely neglecting its supposed core mission of intelligence-gathering and strategic defense. Its gears were powered by torture, coercion and systemic abuse. Confessions, extracted under duress and often from innocent detainees, became the cornerstone of “evidence-gathering,” feeding an entire bureaucracy of lies.
False confessions led to false charges. Files swelled with fabricated intelligence. Entire investigations were based on ghosts. As these distortions compounded, the agencies themselves became trapped in a cycle of self-deception, mistaking noise for signal, fiction for fact. The system may have succeeded in silencing society, but it failed utterly at understanding it. Professional investigative methods, commonplace in serious intelligence agencies, were dismissed or ignored. Officers remained locked in an ecosystem of inertia and fear, unwilling to change, terrified that a hint of reform might be seen as weakness.
In one especially absurd case, a man who had been dead for years was summoned to appear before a security branch. His status wasn’t corrected for six months, until a patrol showed up at the house where he had supposedly been hiding.
Capt. Ziad, a former officer from Homs now living in exile, describes the system’s deeper flaw: “Cyber illiteracy was the norm among senior officers, men from the Hafez al-Assad era. The younger generation was never given the chance to modernize the system. And so, you had security services recruiting high school dropouts who didn’t understand even the basics of technology. They became the butt of jokes among their own colleagues.” Syrians recall, with a mix of rage and dark humor, how officers would stop people on the street and ask if they were “carrying Facebook in their bags.”
But it wasn’t just individual ignorance. Digital illiteracy had become structural. Security reports were filled with screenshots and hearsay harvested from Facebook pages, many of them fake, exaggerated or controlled by rival agencies. The result was a feedback loop of misinformation, fiction generating more fiction, until the very idea of truth was swallowed by the system.
This collapse in technical capacity didn’t just cripple domestic operations; it shook the confidence of Syria’s international allies. After years of cooperation, both Russia and Iran came to the same conclusion: Syria’s security establishment was no longer trustworthy. Internal leaks were suspected in the assassinations by Israel of high-level figures such as Brig. Gen. Razi Mousavi in 2023, an Iranian military officer killed by a guided missile in Damascus, and the Lebanese Hezbollah commander Imad Mughniyeh in 2008, whose location had been tightly concealed. Iranian officials, convinced that their data was being compromised, dismantled a joint intelligence system they had installed inside Syria’s Military Security after just six months. The Russians, inheritors of Soviet discipline, offered only symbolic coordination, keenly aware that the Syrian services couldn’t even protect their own secrets.
The Syrian military’s integration of modern information systems came far too late and, by the time it did arrive, it was obsolete. The state relied on outdated Russian and Iranian technologies, many of which had been out of service for years. Ground communications systems lay dormant while regional powers like Israel and Turkey surged ahead, developing cutting-edge cyber capabilities at breakneck speed. Syria, by contrast, never launched a communications or espionage satellite.
Yet the real failure was never merely technical. The regime’s digital backwardness reflected a deeper malaise: an entrenched mentality shaped by decades of authoritarianism. Rather than cultivate talent, it invested in loyalty. It hid behind layers of corruption and bureaucracy, hoping these would compensate for its inability to evolve. What emerged was a military and security machine equipped not with modern knowledge but with a backward-looking worldview, drilled into its personnel from the moment they entered the system.
According to a former high-ranking officer, now living in Turkey, most security officers were selected from among students with the lowest grades in high school. Those with higher academic performance rarely applied to military colleges. Admissions favored candidates from rural and predominantly Alawite backgrounds and thus prioritized sectarian and geographic loyalties over merit. The result was predictable: a security state staffed by those with little interest in technical knowledge or strategic thinking. This, the officer says bluntly, “turned the army and security services into a burden on the state and society.”
In this environment, education was devalued. Few spoke a second language. Fluency in English was rare, even among senior officers. Engineering officers, those with real technical training, were mocked as “computer boys” or “tinkerers.” Despite completing five-year programs and earning recognized engineering degrees, they were excluded from meaningful leadership roles. By contrast, military academy officers underwent only three years of training based on outdated curricula, often securing their enrollment through corruption. Promotions were based not on talent but on a rigid system of old military courses — company command, battalion command, staff command — whose manuals dated back to the 1950s or even to the era of trench warfare. Everyone knew these courses were irrelevant, yet no one dared to change them.
The system produced loyal executioners who acted without thought. If someone did propose reform, they were often sidelined and perceived as a threat rather than an asset. This intellectual stagnation became a structural law. Engineering officers, with their academic edge, clashed frequently with their less-educated peers, many of whom resented them. That resentment fed a culture of exclusion, one in which modernization itself became suspect. Technology was seen not as a tool but as a threat, a force that might expose the corruption on which the entire system depended.
By 2011, Syria’s security services still lacked a basic digital database. Paper files remained the norm even for the most mundane tasks, like tracking conscripts or calculating food rations. Modern systems would have introduced transparency, and transparency was dangerous. It could reveal the manipulation, theft and fraud woven into every layer of the institution.
Nothing illustrates the absurdity of this failure more than what Syrians came to call the “tragedy of similar names.” The security branches’ reliance on handwritten records led to generations of blunders. Women were summoned for compulsory military service because their names — Nidal, Zain, Wajd — were mistaken for men’s. In one particularly absurd case, an officer on active duty was summoned to a security branch because his name matched that of a wanted man, with no attempt made to verify his identity. In the end, the regime’s most dangerous enemy was never a foreign spy or domestic dissident. It was itself.
It wasn’t until nearly a decade into Bashar al-Assad’s rule, between 2006 and 2008, that Syria established the Communications Security Directorate, tasked with overseeing surveillance across the country. Other security branches were also allowed to dabble in this field. In those early years, the directorate imported Chinese surveillance systems to monitor landline and mobile communications in coordination with Syriatel and MTN, the main telecom networks. The irony? These systems were so outdated that the Chinese military had already retired them. Syria’s surveillance capacity amounted to a staff of just 20 people, listening around the clock to a handful of selected lines.
Around the same time, branches like State Security and Air Force Intelligence began experimenting with internal security networks, especially after 2011, as the conflict intensified. These efforts, including attempts to manage communications and reconnaissance systems, leaned heavily on Russian expertise. The Reconnaissance Directorate took charge of radio monitoring and eventually expanded into mobile tracking. But even these systems were laughably outdated, as some transmitted information over dial-up and were still in use until the regime began to collapse.
These efforts failed to overcome a deep-seated institutional suspicion of digital systems. Security chiefs insisted that every file, no matter how long, be printed on paper. Computers sat on desks like decoration, installed only to satisfy the regime’s half-hearted nods to modernization. In the army, it was no better: Databases were used for basic personnel files or guard rotations, while the real work — procurement, logistics, corruption — remained untouched by digital oversight. Introducing technology was a double-edged sword; for all its potential benefits, it could also either implicate you in the pervasive duplicity or expose it.
When the 2011 uprising erupted, the gap between Syria’s information apparatus and the real world became impossible to ignore. Incredibly, some branches were unaware that Facebook even existed. A desperate scramble followed. Iranian and Russian experts were flown in to bridge the gap, but Syrian expertise was nonexistent. The so-called digital transformation was little more than a foreign transplant.
Security personnel were dispatched to Russia and Iran for crash courses in hacking, firewalls and information security. The Communications Security Directorate became the new center of gravity. It imported modern surveillance tools such as GPS trackers, signal jammers and advanced monitoring software, and helped establish information technology departments and digital surveillance units inside every major security branch. A technical institute was even created under State Security to train personnel in encryption and cyber warfare. But these departments became more form than function — bureaucratic placeholders with no real operational value.
Capt. Ibrahim, a former officer now living in Caracas, recounts one such farce: “In a delegation I joined, 70% of the people sent to study information security had degrees in literature. They came for the $100 per diem, not to learn.” He adds that even those who passed their courses approached them like any high school exam: “memorize, pass, forget. They got their certificate, framed it and went right back to using their position for personal profit.”
From 2013 onward, more serious efforts emerged to patch up the system’s many technical failures. But the pace of war outstripped them. Syria’s security agencies, consumed with quelling protests and filling prisons, simply couldn’t keep up with the speed of digital change. Repression was their first instinct and their last resort.
By 2014, the Syrian military’s foray into “digital security” had already become a farce. One former officer, now in exile, recalls how he drove over 60 miles each day to deliver cybersecurity lectures to recruits and volunteers at Military Security. Most of his audience, he says, was illiterate. The few who could read showed little interest in anything beyond basic survival, food, water and how to score enough time off to juggle a second or third job.
“I talked to them about cellphone security, how not to download unknown apps, how to avoid phishing schemes and extortion attempts,” he recalls. “But no one took it seriously. Not the soldiers. Not the officers. It was like talking to a wall.” The apathy, he adds, wasn’t personal; it was structural. “Cybersecurity” was seen as irrelevant, unmanly or a distraction from the institution’s real function: sustaining itself and repressing others.
The few initiatives that did exist were constantly undermined by limited budgets, nepotism and bureaucratic rot. When military leaders tried to modernize the cybersecurity landscape, their efforts yielded little more than empty reports. “Years of work produced no real results,” the officer says, “because the entire system was built to fail.”
He offers one example: a month-long training course in Russia, ostensibly aimed at developing information security skills. Thirteen Syrian officers attended. Each was given a sum of $3,000. “That money,” he says, “was the real reason anyone signed up.” The officers had no interest in the content. They secured their spots through connections, not merit, and spent more energy packing bread, olives and pickled eggplant from home than studying cybersecurity. The goal wasn’t learning. It was hoarding.
The course, he estimates, cost the Syrian state at least half a million dollars. “It was entirely useless,” he says bluntly. “A waste.” Even the Russian hosts quickly caught on. Expecting seriousness, they found indifference. As a result, they offered only shallow instruction, convinced the Syrians were there for pocket money and leisure. “My colleagues would sit in their rooms drinking mate [a traditional, caffeinated herbal beverage] they had brought from Syria,” he says. “They didn’t attend the sessions. They didn’t care.”
Yet the most surreal incident, he recalls, came during another training at the State Security institute. Two Russian experts gave a lecture on Russia’s efforts to develop a sovereign operating system that didn’t rely on Western software. It was a costly and complex project, they explained, one that had taken years and tens of millions of dollars. Inspired, the Syrian leadership dispatched a four-man delegation to Russia to replicate the model.
The Russians were stunned to receive just four officers, with no technical background, no support team and no infrastructure. “Once they realized these four were Syria’s entire team for the mission,” he says, “they didn’t hesitate. They expelled them.”
When the officers returned, no one asked for a report. There were no evaluations, no assessments, no follow-ups. “That’s how all Syrian foreign missions work,” the officer explains. “They’re not about training or knowledge. They’re about money. You don’t get nominated unless you have the right connections, or if someone’s getting a cut.”
At the heart of Syria’s military intelligence, the computer division was tasked with securing all sorts of information for the entire army, from importing new equipment to handling basic software issues. In theory, it was a nerve center. In reality, it resembled a junk market more than a modern institution. Its inventory was pieced together from confiscated gear: laptops seized from detainees, secondhand parts and pirated operating systems bought for half a dollar in the al-Bahsa market in Damascus.
One officer recounts filing a request for a basic modem in 2016. By the time the regime collapsed, it still hadn’t arrived. Security software subscriptions, he adds, were consistently rejected if they exceeded $50 a month. Even the firewall meant to shield the entire nation’s infrastructure was cobbled together from free, open-source tools, while robust enterprise systems that could have offered real protection were dismissed as “unnecessary expenses.” “We’re completely blind,” one engineer at the Communications Directorate told him.
The absurdities mounted. In 2015, the military acquired two high-end mobile interception kits disguised as innocuous black bags, capable of tracking cellular communications. One was installed in the officer’s branch, the other at the Reconnaissance Directorate. The only connection between the two? A single landline. “We’d send a four-line Word document,” he recalls, “and it would take 30 minutes to arrive.” This, in an era of satellite internet and 4G networks.
The illusion that Syria’s security services could hold their own in a real war finally collapsed during rebel factions’ so-called “Deterrence of Aggression” campaign, launched in November 2024. For decades, these agencies had been deployed against unarmed protesters or ragtag militias. Such battles required no strategy, no digital infrastructure and no long-term thinking. When faced with an enemy that used modern tools and real-time coordination, the system crumbled. The regime had mistaken its own repression for readiness.
A third warning of Sun Tzu’s went: “Money not spent on the army is spent on its funeral.” Syria’s security elite dismissed that advice and paid the price.
The defeat wasn’t just military. It happened first in the planning room, in every outdated decision made by men who couldn’t grasp the century they were living in. While the regime spoke of modernization and development, its only real legacy was a tech market of scavenged parts and pirated software. In the end, Syria didn’t simply bury its digital future; it staged a bitter, surreal funeral for it.
Sign up to our mailing list to receive our stories in your inbox.