How did Syria’s hackers suddenly get so good?
The Syrian Electronic Army, which purports to back Syria’s government and is known for hacking into media websites and even the U.S. Marines recruiting site this week, is getting more ambitious and sophisticated, and may even be receiving help from Iran.
WASHINGTON — The hacker group known as the Syrian Electronic Army (SEA) is getting more ambitious and sophisticated, say experts who’ve looked closely at the tactics underlying their attacks. The hackers may even be receiving outside help from more skilled and dangerous groups — or even from governments.
The SEA has been around since 2011, and, so far, has been known mostly for relatively simple acts of vandalism, like website defacements. Most recently, the group grabbed international attention after commandeering the websites of The New York Times, The Washington Post, and this week the recruitment website for the U.S. Marine Corps.
Last spring, the group went after bigger targets, as when it hijacked the Twitter feed of The Associated Press and sent out a false report about a bombing at the White House. But it also hacked into Web-based communications services used by Syrian rebels to avoid detection by the regime. The goal presumably wasn’t to vandalize those sites but to gather information about the rebels using them.
As the SEA’s ambition has grown, so has its skill level. The attack on The New York Times effectively gave the group control of the entire website. It was accomplished not by a frontal assault, but by changing information in the Domain Name System databases via a company in Australia. Anyone who tried to visit the Times website was redirected to another site under the SEA’s control, sporting its logo.
“The [SEA] apparently uses low-level tactics to compromise websites and Twitter accounts, but they should not be underestimated,” says Helmi Noman, the senior researcher at Citizen Lab, a research group at the University of Toronto that studies hacker networks. “They should not be evaluated based on their level of sophistication, but rather on the potential damage they can cause with unauthorized access to websites.”
So how did the SEA get better in only a few months?
“I don’t think it would be unreasonable to suspect someone more skilled is helping them out,” says Adam Myers, the vice president of intelligence for CrowdStrike, a computer-security company.
In attacks on the Times, Twitter and communications services such as Tango, popular video and text-messaging applications, and Viber, which lets users make free phone calls via the Internet, the SEA got access to accounts as well as to other data in company systems.
“That would indicate that they’re been improving [their methods] over the past couple months. I would not rule out some outside influence giving them pointers,” Myers says. “I think the likely candidates would be Iran.”
Last year, an operation that erased data on tens of thousands of computers at the oil company Saudi Aramco, as well as a massive denial of service attack on the websites of U.S. banks, which were both attributed to Iran, sent waves of panic throughout U.S. intelligence and law-enforcement agencies.
But officials are preparing for a retaliatory strike in cyberspace by forces allied with the Syrian regime. In anticipation of those strikes, the FBI is more closely monitoring Syrians inside the United States and is warning companies and government agencies to brace for possible cyber strikes. U.S. intelligence agencies are also monitoring potential Syrian cyber attacks and keeping lawmakers informed, according to a congressional staffer.