Skip to main content

What is the Syrian Electronic Army?

STORY HIGHLIGHTS
  • The Syrian Electronic Army has claimed an attack on the New York Times website
  • The attack is a "serious escalation" in the group's operations, says a researcher
  • It's targeting U.S. and European media perceived as hostile to Syria's government, he says
  • An attack on the AP Twitter feed caused a flurry of panic and sent stocks plunging

(CNN) -- The Syrian Electronic Army, a group of pro-Syrian regime hackers that has aggressively targeted major news organizations and activists, has claimed credit for a 20-hour-long outage of the New York Times website.

Several Twitter users posted screenshots of a "Hacked by SEA" message they said they received when they went to the New York Times homepage Tuesday.

It's not the first such action by the group; in recent months, it claims to have hacked major UK and U.S. news organizations, as well as Columbia University and rights group Human Rights Watch. CNN.com has been the target of similar attacks.

After the latest apparent hack, fresh questions are being asked about what the Syrian Electronic Army is, where it's from and how it operates.

But, says Helmi Noman, a senior researcher at the Citizen Lab, Munk School of Global Affairs at the University of Toronto, much about the group remains unknown.

He has been tracking the Syrian Electronic Army since May 2011, when it emerged as an organized group with a Facebook page and then its own website.

In its own words, on that website, the Syrian Electronic Army says, "We are a group of enthusiastic Syrian youths who could not stay passive towards the massive distortion of facts about the recent uprising in Syria."

The group appears to have made it its mission to embarrass media organizations in the United States and European nations it perceives as hostile to the government of President Bashar al-Assad.

According to Noman, the claimed attack on the New York Times takes the group's operations to a new level.

"Previous ones were just defacing websites, which was a kind of political graffiti, if you like," he said.

But to take control of the domain name means that the group could redirect traffic, giving it the potential to expose people to malicious websites or code, he said, and represents a "serious escalation."

Stocks plunge, recover after bogus tweet
See how hackers can control your house
Beauty queen says webcam was hacked
Don't get hacked on vacation

The attack came as governments in several countries considered military action in light of reports that al-Assad has used chemical weapons against his own people in an effort to quell an uprising calling for his ouster.

Right after the attack, the Syrian Electronic Army posted a comment, since deleted but logged by Noman, on its Facebook page.

"They said they are determined to escalate attacks on websites belonging to the United States, European countries and all the countries preparing a possible military action against Syria," Noman said.

This suggests that the group will try to carry out more serious attacks, he said, adding that "it's time that the Syrian Electronic Army be taken seriously."

'Tacit support' from Syria

One key question revolves around how close the group is to the al-Assad government, which has now been involved in a bloody civil war for more than two years.

On that subject, all the signs are of "tacit support," Noman said.

No evidence has emerged to support the idea that the group is a government operation, he said, but "they are close enough to the Syrian regime to be able to operate freely in a country with a regime that is known for its restrictive legal and technical measures."

Al-Assad has previously backed the Syrian Electronic Army by name and "expressed his appreciation for their work and described them as a real army on the Internet," Noman said.

The group's domain name was registered by the Syrian Computer Society, which was headed by al-Assad in the 1990s, before he was president, he added.

The Syrian Electronic Army was even hosted on the network of the Syrian government until June, when the domain name was suddenly suspended. The group was without a website for a short time before reappearing on a commercial Russian service, Noman said.

The domain name's suspension occurred a few days after the U.S. government seized several key Syrian government sites, Noman said, leading researchers to believe that the move was intended to create some distance between the hacker group and the Syrian government.

While there's no evidence linking the Syrian Electronic Army to the Russian authorities, Moscow is seen as friendly to the al-Assad regime, making it unlikely that the Russian company will be asked to stop hosting it.

Mystery members

Who the individual members of the Syrian Electronic Army are and where they're from is also shrouded in mystery.

They claim to be mostly Syrians in Syria, but the group also recruits members through Facebook, Twitter and its website, Noman said. A core appears to coordinate attacks, but the group solicits suggestions for targets through an open forum.

It also appears robust, bouncing back despite the efforts of U.S. authorities and Twitter to suspend its activities and developing its methods over time.

Early attacks focused on apparently irrelevant websites, but later efforts shifted toward compromising first the Facebook pages of organizations seen as hostile to the Syrian government and then high-profile Twitter accounts and the New York Times website. In the early days, it used DDOS, or distributed denial of service, attacks, but its methods then grew more sophisticated.

And it may operate in cyberspace, but its attacks can have real-life impact, as was shown when the group hacked the Associated Press Twitter feed in April. It sent out a tweet reading, "Breaking: Two Explosions in the White House and Barack Obama is injured," causing a brief flurry of panic and temporarily sending stocks plummeting.

Noman predicts that the group will continue to look for soft spots to exploit in the wake of the attack on the New York Times.

"It's not just what they want to do or could do; it's what are the available vulnerabilities out there," he said.

The hackers will probably continue to target the websites of U.S. and European media organizations, as well as some Arab sites, especially if international military intervention does occur in Syria, he said. They could carry out more DDOS attacks and may seek to use malicious software to steal private information from Syrian dissidents, he said.

As well as wanting to stay one step ahead of the CIA, competition is a factor in spurring them on.

In recent weeks, some anti-Assad groups have emerged, one calling itself the al-Nusra Electronic Army, in a reference to one of the key rebel groups involved in the fight against al-Assad's forces. A sectarian divide has also emerged, with some Shiite groups defacing Sunni groups' websites and vice versa, Noman said.

Against this backdrop, the Syrian Electronic Army is not likely to quit cyberspace any time soon, and the New York Times may not be the last to fall victim to its efforts.

"It's up to the media to beef up their security so they cannot carry out these kinds of attacks," Noman warned

AP hack proves Twitter has a serious cybersecurity problem

FIFA chief Blatter's Twitter account hacked

CNN's Dominique Van Heerden contributed to this report.

ADVERTISEMENT
Part of complete coverage on
Syrian crisis
June 26, 2014 -- Updated 1243 GMT (2043 HKT)
Jihadists have kidnapped over 140 Kurdish boys to "brainwash" them. But a few boys made a daring escape.
June 26, 2014 -- Updated 1248 GMT (2048 HKT)
Reports that Syrian warplanes carried out a cross-border attack on Iraqi towns is further evidence of the blurring of the two countries' borders.
June 24, 2014 -- Updated 2133 GMT (0533 HKT)
CNN's Atika Shubert speaks to a father whose teenage son joined the Jihad movement in Syria.
June 23, 2014 -- Updated 1141 GMT (1941 HKT)
At the start of Syria's civil unrest, Omar would rally against the government alongside his schoolmates, later taking to the streets in his hometown of Salqin.
June 23, 2014 -- Updated 2117 GMT (0517 HKT)
Atika Shubert looks at the rise of European jihadists traveling to Syria and whether they soon could join ISIS in Iraq.
June 23, 2014 -- Updated 1453 GMT (2253 HKT)
The final stockpile of Syria's chemical weapons has been shipped out of the country, according to the OPCW, the Organisation for the Prohibition of Chemical Weapons.
June 25, 2014 -- Updated 2025 GMT (0425 HKT)
The US isn't doing airstrikes in Iraq. Is there a vacuum for Syria and Iran to step in? CNN's Fareed Zakaria weighs in.
June 10, 2014 -- Updated 0804 GMT (1604 HKT)
CNN's Nick Paton Walsh reports on Syrian rebels using underground explosions against the better-equipped regime.
June 9, 2014 -- Updated 1151 GMT (1951 HKT)
CNN's Nick Paton Walsh returns to the besieged rebel areas of Aleppo, a pale skeleton of a city that has had the life bombed out of it.
June 2, 2014 -- Updated 1151 GMT (1951 HKT)
Syria may be embroiled in a brutal three-year civil war, but that's not stopping the government from holding presidential elections.
June 3, 2014 -- Updated 1123 GMT (1923 HKT)
CNN's Nick Paton Walsh meets an ISIS defector in hiding and gets a rare look into the group's recruitment process.
June 5, 2014 -- Updated 1610 GMT (0010 HKT)
Over a thousand Syrian refugees have turned an abandoned shopping mall in Lebanon into makeshift living quarters.
May 28, 2014 -- Updated 2119 GMT (0519 HKT)
What caught our experts' ears was as much about what he didn't address as much as what he did.
May 20, 2014 -- Updated 1019 GMT (1819 HKT)
The three-year war in Syria has claimed 162,402 lives, an opposition group said Monday, as the raging conflict shows no signs of abating.
May 31, 2014 -- Updated 0141 GMT (0941 HKT)
Official: The U.S. believes a jihadi featured in a suicide bombing video in Syria is Moner Mohammad Abu-Salha who grew up in Florida.
May 20, 2014 -- Updated 1437 GMT (2237 HKT)
For the first time, Britain has convicted someone of a terrorism offense related to the Syrian civil war.
ADVERTISEMENT