The Syrian Electronic Army has claimed hacks on AP, CBS News, NPR and the BBC
Its attack on the AP Twitter feed caused a flurry of panic and sent stocks plunging
The group is hosted on the network of the Syrian government, says researcher
Syrian President Bashar al-Assad has previously praised the group's work, he says
The Syrian Electronic Army – a group of pro-Syrian regime hackers that has aggressively targeted major news organizations and activists – may operate in cyberspace, but its attacks can have real-life impact.
The power of misinformation was amply demonstrated when the group hacked the Associated Press Twitter feed Tuesday.
The fake AP message – which read, “Breaking: Two Explosions in the White House and Barack Obama is injured,” – caused a brief flurry of panic and sent stocks plummeting.
The tweet was quickly revealed as false, and the Dow Jones Industrial Average recovered from its 145-point dip, but it was nearly a day before the AP Twitter account was restored to life.
Now, fresh questions are being asked about what the Syrian Electronic Army is, where it’s from and how it operates.
In its own words, on is website, the Syrian Electronic Army says, “We are a group of enthusiastic Syrian youths who could not stay passive towards the massive distortion of facts about the recent uprising in Syria.”
Over the past few months, the group claims to have hacked British broadcaster the BBC and U.S. outlets CBS News and NPR, as well as Columbia University and rights group Human Rights Watch.
The group even compromised the Twitter account Monday of the head of world soccer, FIFA President Sepp Blatter and FIFA’s official account for the 2014 World Cup in Brazil.
But much about the Syrian Electronic Army remains unknown.
‘Tacit support’ from Syria
One key question revolves around how close the group is to the government of Syrian President Bashar al-Assad, which has been involved in a bloody civil war for more than two years.
On that subject, all the signs are of “tacit support,” says Helmi Noman, a senior researcher at the Citizen Lab, Munk School of Global Affairs at the University of Toronto.
He has been tracking the Syrian Electronic Army since May 2011, when it first emerged as an organized group with a Facebook page and then its own website.
“What we know is their domain name was registered by the Syrian Computer Society. We looked into the Syrian Computer Society and discovered that it was headed by al-Assad in the 1990s, before he was president,” said Noman.
“It’s hosted on the network of the Syrian government, which is interesting because it’s the first time we’ve seen a group with questionable activities being hosted on a national computer network.”
Al-Assad has also backed the group by name and “expressed his appreciation for their work and described them as a real army on the Internet,” he said.
However, Noman and his fellow researchers do “not have evidence that this group is actually a Syrian government operation.”
Even if it were, he points out, the Syrian government would be unlikely to be open about it. This is in part because it could face legal and political consequences for its actions – for example, over the financial loss suffered as a result of the fake AP tweet, he said.
Who the individual members of the Syrian Electronic Army are and where they’re from is also shrouded in mystery.
The group has sought to recruit volunteers through its Facebook page, inviting them to flood selected websites with pre-prepared spam comments, said Noman.
“Of course, we cannot tell if these volunteers are from Syria only, or from other countries,” he added.
Many people are familiar with Anonymous, the hacker collective that is known for its DDOS, or distributed denial of service, attacks that take websites offline, and backed the 2011 Occupy movement and WikiLeaks’ Julian Assange.
But while the Syrian Electronic Army’s activities bear some similarities to those of Anonymous, the group is quite different in other ways, said Noman.
Not only do its domain name and registration betray clear connections with Syria, but its members are reachable through the group’s website, Facebook and Twitter pages.
Disrupting the flow
The group also appears robust, bouncing back despite the efforts of U.S. authorities and Twitter to suspend its activities.
And Noman has noted an evolution in the Syrian Electronic Army’s methods over time.
Early attacks focused on apparently irrelevant websites, but later efforts shifted first toward compromising the Facebook pages of organizations seen as hostile to the Syrian government, and now high-profile Twitter accounts.
“They demonstrate interest in disrupting the flow of information, especially the flow of information from international media,” Noman said of the group.
This is not surprising because it is in line with what the Syrian government itself has tried to do, in accusing the regional and international media of being biased against it, he said.
Tuesday’s attack on the AP Twitter feed shows “an escalation in depth but not in scale,” Noman said.
While the Syrian Electronic Army has compromised the Twitter accounts of several international media organizations before, the kind of message sent to the AP feed was more disturbing.
The attack on BBC Weather’s Twitter feed, for example, was hard to take seriously. “Syrian Electronic Army Was Here,” read one tweet. “Saudi weather station down due to head-on collision with camel,” said another.
Others were more inflammatory – “Hazardous fog warning for North Syria: Erdogan orders terrorists to launch chemical weapons at civilian areas” – but still not credible.
What is worrying about the AP Twitter hack is that next time there is breaking news on Twitter, people will wonder if it’s true or just another compromise, Noman said.
It’s a warning to everyone to step up their own online security measures – and be aware that not all they read may be true.