Twitter-hacking Syrian Electronic Army: How much state support does it have?

The Twitter hacks by the Syrian Electronic Army – the most recent hit The Guardian – reflect a shift toward disseminating propaganda and attacking Syria’s perceived enemies in the media. 

|
AP
A screenshot of the Twitter account for the BBC's weather service on Thursday March 21. Supporters of Syrian President Bashar Assad appear to have hijacked the Twitter account for the BBC's weather service.

The pro-Syrian cyberhackers behind the recent attacks on major media outlets’ Twitter accounts claim to be members of a grass-roots organization defending the honor of the nation, but are likely nothing more than government-backed cyberwarriors, some researchers say.

The hacks by the Syrian Electronic Army (SEA) on Twitter reflect an intensifying effort in recent weeks to disseminate pro-Syrian propaganda and attack Syria’s perceived enemies in the media. The emphasis marks an apparent shift for the group, which previously had focused more on attacking and defacing websites and Facebook pages of members of Syria’s opposition and others they perceived as anti-Syrian, according to close observers of the group.

The most recent attack came Monday, with the SEA hacking into several Twitter accounts belonging to the British newspaper, The Guardian.

Shortly after, Twitter warned news organization in an e-mail that their accounts could be vulnerable. Twitter has been shutting down the latest versions of the official SEA Twitter channel (the group was on its 12th) as fast as the San Francisco-based company can find them.

Citing “several recent incidents of high-profile news and media Twitter handles being compromised,” the company wrote that: “We believe that these attacks will continue, and that news and media organizations will continue to be high value targets to hackers.”

Twitter hack victims have so far included CBS, NPR, and the BBC. Previously hacked organizations included Human Rights Watch, Reuters, Sky News Arabia, and even the FIFA World Cup organization. The AP and BBC both reported that “phishing” e-mails were sent to their staff about the same time accounts got hacked.

But the biggest “twit-hit” was on April 25, when the official Twitter account of the Associated Press was hijacked and used to tweet a hoax that the White House had been hit by bombs and President Obama injured. The US stock market immediately plummeted 145 points, the fake news erasing an estimated $200 billion in market value – at least for a few minutes – before it rebounded.

The group has now hit “basically every media outlet on the planet from ABC News, to Reuters, to now the Associated Press," Jared Keller, Bloomberg News social media director told the BBC.

What’s behind the Twitter hacks is a bald effort to win attention for Syria’s cause and to attack the nation’s perceived enemies in the media, several close observers say.

Some researchers who have been tracking the SEA for years say the group appears to have at least “tacit support” from Syrian President Bashar al-Assad. Others argue the group is operated out of Dubai by deep-pocketed supporters of the Syrian regime. Still others say the connection with the Assad regime is quite direct.

“The SEA definitely has a close relationship with the regime,” says Amjad Baiazy, an independent cyber-researcher in London who was held in detention by the regime in 2011. “I can’t say if they are also supported by certain individuals, but I can say they are funded by the regime. There are also strong indications that members of the group are trained by Iranian [information technology] experts.”

The fact that the group’s website is hosted on the national Syrian network, where local web hosting is highly politicized, indicates at the very least “tacit support” from the Assad regime, according to Helmi Noman, a senior researcher with Citizen Lab, a cyber-research center at the University of Toronto.

Such “local hosting of sensitive content indicates state approval or at least tolerance of the content and the people behind the content,” Mr. Noman writes in an e-mail interview. Even so, “I do not have information that suggests that the SEA is a Syrian state operation, but the tacit support which we have documented can potentially amount to sponsorship.”

It is significant, as well, that President Assad thanked the group in a major televised speech in 2011, which Noman calls “a prerequisite political blessing without which such a group with questionable activities cannot operate.”

In that speech to Damascus University, Assad likened online cyberwarriors to his best troops: "The army consists of the brothers of every Syrian citizen,” he said. “Young people have an important role to play at this stage, because they have proven themselves to be an active power. There is the electronic army, which has been a real army in virtual reality."

When the domain names of the SEA were seized last month by US authorities, the SEA survived the interruption by launching a new country code top-level domain name – sea.sy – for its website, Noman writes. Doing so, “implies that the national agency in charge of domain name registration does not find the SEA's hacking and compromising activities objectionable,” he notes.

Still, the SEA has steadfastly denied on its website any links to the Syrian regime, portraying itself as just a group of self-organized volunteers.

“We are a group of enthusiastic Syrian youths who could not stay passive towards the massive distortion of facts about the recent uprising in Syria, and this distortion is carried out by many Facebook pages that deliberately work to spread hatred and sectarian intolerance between the peoples of Syria to fuel the uprising,” the group’s description says on its website.

Distancing itself is not surprising, the researchers say.

“The state needs this distance so that it cannot be held legally, politically, or even financially responsible for the SEA's activities,” Noman writes. “On the other hand, I won't be surprised if the Syrian institutions at some point defend their support [for] the SEA, arguing that their activities come in the context of a legitimate cyberwar. In fact, that is how the local media is portraying them in its celebratory reports which I have been looking at.”

The SEA has shifted from defacing political and mostly apolitical websites to targeting the media, which it perceives as hostile to the Syrian regime. The SEA, for instance, has not targeted "friendly" Russian or Iranian media, observers say. The group also likes media attention, and compromising the online presence of media outlets amplifies their exposure to the media, they agree.

“Basically they want to become famous to tell their story to the international community,” says Mr. Baiazy. “To do this, they have to catch attention. So they target, for example, the Twitter account for Reuters. Believe it or not, they actually are trying to leave a positive impression about Syria.”

Baiazy, who was imprisoned in Syria in 2011 and interrogated about his online activities, says those questioning him were very young and barely computer literate. If so, it remain a question about the far more sophisticated actors also said to be part of the Syrian Electronic Army, which has been systematically and clandestinely luring opposition sympathizers with tainted video links in e-mail, fake Skype encryption tools, and tainted online documents.

Those hackers believed to be allied to Syria's government have deployed a fairly sophisticated array of powerful spyware with names like DarkComet, backdoor.bruet, and Blackshades. Available on the Internet, these malware are used to infiltrate the personal computers of opposition figures and rights activists and send back information on their friends and contacts as well as passwords, cybersecurity experts say.

Also of note, The Guardian reports that defectors from inside the SEA claim many in the organization moved last year from Damascus to a secret base in Dubai funded by Assad's billionaire cousin, Rami Makhlouf, who controls it.

Pro-Assad activists are said to receive $500 to $1,000 for attacks on major Western targets – a huge sum for most Syrians, The Guardian reported.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Twitter-hacking Syrian Electronic Army: How much state support does it have?
Read this article in
https://www.csmonitor.com/USA/2013/0501/Twitter-hacking-Syrian-Electronic-Army-How-much-state-support-does-it-have
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe