The Syrian Electronic Army has claimed hacks on AP, CBS News, NPR and the BBC
Its attack on the AP Twitter feed caused a flurry of panic and sent stocks plunging
The group is hosted on the network of the Syrian government, says researcher
Syrian President Bashar al-Assad has previously praised the group's work, he says
The Syrian Electronic Army, a group of pro-Syrian regime hackers that has aggressively targeted major news organizations and activists, has claimed credit for a 20-hour-long outage of the New York Times website.
The power of misinformation was amply demonstrated when the group hacked the Associated Press Twitter feed Tuesday.
The fake AP message – which read, “Breaking: Two Explosions in the White House and Barack Obama is injured,” – caused a brief flurry of panic and sent stocks plummeting.
The tweet was quickly revealed as false, and the Dow Jones Industrial Average recovered from its 145-point dip, but it was nearly a day before the AP Twitter account was restored to life.
Now, fresh questions are being asked about what the Syrian Electronic Army is, where it’s from and how it operates.
In its own words, on that website, the Syrian Electronic Army says, “We are a group of enthusiastic Syrian youths who could not stay passive towards the massive distortion of facts about the recent uprising in Syria.”
Over the past few months, the group claims to have hacked British broadcaster the BBC and U.S. outlets CBS News and NPR, as well as Columbia University and rights group Human Rights Watch.
The group even compromised the Twitter account Monday of the head of world soccer, FIFA President Sepp Blatter and FIFA’s official account for the 2014 World Cup in Brazil.
But much about the Syrian Electronic Army remains unknown.
‘Tacit support’ from Syria
One key question revolves around how close the group is to the al-Assad government, which has now been involved in a bloody civil war for more than two years.
On that subject, all the signs are of “tacit support,” Noman said.
He has been tracking the Syrian Electronic Army since May 2011, when it first emerged as an organized group with a Facebook page and then its own website.
“What we know is their domain name was registered by the Syrian Computer Society. We looked into the Syrian Computer Society and discovered that it was headed by al-Assad in the 1990s, before he was president,” said Noman.
While there’s no evidence linking the Syrian Electronic Army to the Russian authorities, Moscow is seen as friendly to the al-Assad regime, making it unlikely that the Russian company will be asked to stop hosting it.
Al-Assad has also backed the group by name and “expressed his appreciation for their work and described them as a real army on the Internet,” he said.
However, Noman and his fellow researchers do “not have evidence that this group is actually a Syrian government operation.”
Who the individual members of the Syrian Electronic Army are and where they’re from is also shrouded in mystery.
The group has sought to recruit volunteers through its Facebook page, inviting them to flood selected websites with pre-prepared spam comments, said Noman.
They claim to be mostly Syrians in Syria, but the group also recruits members through Facebook, Twitter and its website, Noman said. A core appears to coordinate attacks, but the group solicits suggestions for targets through an open forum.
Many people are familiar with Anonymous, the hacker collective that is known for its DDOS, or distributed denial of service, attacks that take websites offline, and backed the 2011 Occupy movement and WikiLeaks’ Julian Assange.
But while the Syrian Electronic Army’s activities bear some similarities to those of Anonymous, the group is quite different in other ways, said Noman.
Not only do its domain name and registration betray clear connections with Syria, but its members are reachable through the group’s website, Facebook and Twitter pages.
Disrupting the flow
It also appears robust, bouncing back despite the efforts of U.S. authorities and Twitter to suspend its activities and developing its methods over time.
And Noman has noted an evolution in the Syrian Electronic Army’s methods over time.
Early attacks focused on apparently irrelevant websites, but later efforts shifted toward compromising first the Facebook pages of organizations seen as hostile to the Syrian government and then high-profile Twitter accounts and the New York Times website. In the early days, it used DDOS, or distributed denial of service, attacks, but its methods then grew more sophisticated.
“They demonstrate interest in disrupting the flow of information, especially the flow of information from international media,” Noman said of the group.
This is not surprising because it is in line with what the Syrian government itself has tried to do, in accusing the regional and international media of being biased against it, he said.
Tuesday’s attack on the AP Twitter feed shows “an escalation in depth but not in scale,” Noman said.
While the Syrian Electronic Army has compromised the Twitter accounts of several international media organizations before, the kind of message sent to the AP feed was more disturbing.
The attack on BBC Weather’s Twitter feed, for example, was hard to take seriously. “Syrian Electronic Army Was Here,” read one tweet. “Saudi weather station down due to head-on collision with camel,” said another.
Noman predicts that the group will continue to look for soft spots to exploit in the wake of the attack on the New York Times.
What is worrying about the AP Twitter hack is that next time there is breaking news on Twitter, people will wonder if it’s true or just another compromise, Noman said.
It’s a warning to everyone to step up their own online security measures – and be aware that not all they read may be true.
AP hack proves Twitter has a serious cybersecurity problem