Attacks/Breaches

5/16/2013
12:04 PM
50%
50%

Who Is Syrian Electronic Army: 9 Facts

Syrian hackers claim to battle American imperialism, media bias and Angelina Jolie.
Previous
1 of 9
Next


Beware patriotic Syrian hackers holding a media grudge.

That's one takeaway from the ongoing exploits of the Syrian Electronic Army, a self-described group of grassroots Syrian hackers who support Syrian President Bashar al-Assad.

During the country's two-year -- and counting -- civil war, the Syrian Electronic Army has been deployed as a propaganda tool to correct perceived slights or misinformation being disseminated via media outlets that the group sees as sympathetic to Syrian rebels. Its modus operandi is to compromise the Twitter and Facebook accounts of its targets, which are predominantly media outlets. The group's most well-known exploit to date was seizing control of multiple Associated Press (AP) Twitter feeds, then using them to issue bogus messages, including the following alert on April 23: "Breaking: Two Explosions in the White House and Barack Obama is injured."

In the wake of that tweet, the White House confirmed that the president was unharmed, that there had been no explosions and that the FBI was investigating the hoax tweets. Due to automated high-speed trading systems set to monitor Twitter feeds, however, the news triggered a temporary downturn in the U.S. stock market that briefly erased $200 billion in value. According to Th3 Pr0 (pronounced "the pro"), the self-described 18-year-old "leader of special operations department" for the Syrian Electronic Army -- personal website tagline: "proud to be pro-Assad hacker" -- the hack was in retaliation for Network Solutions having seized the group's domain names, as well as for the United States "supporting the terrorist groups in Syria."

"We generally target the most malicious media, especially those who refuse to cover both sides of the war," a member of the SEA's "Special Operations Division," known as the Shadow, told Vice magazine.

Other media outlets targeted by the group have included CBS, AFP, Sky News Arabia and E! Online, with the hackers using a seized Twitter feed at the celebrity news site to announce earlier this month that Justin Bieber was gay, before telling Bieber fans they'd been "trolled." That followed its March compromise of multiple BBC Twitter accounts, which the group used to post anti-Semitic rants as well as to offer the following report via the BBC's Twitter weather feed: "Saudi weather station down due to head-on collision with camel."

In May, meanwhile, the group seized control of the Twitter account for satire site the Onion. "UN retracts report of Syrian chemical weapon use: 'Lab tests confirm it is Jihadi body odor,'" reported one hoax tweet. Another said that the Onion's CEO said he regretted "taking Zionist money to defame Syria."

Obviously, the hacking group has its own perspective on not only the Syrian conflict, but what constitutes balanced reporting. For example, another hoax tweet -- posted to a hacked a Reuters Twitter account last year -- read: "White house spokesperson says financial and technical support given to #AlQaeda operatives in #Syria."

As that tweet illustrates, the Syrian Electronic Army persistently attempts to reframe the country's civil war as a conflict perpetrated by foreign powers that are arming terrorists and bringing them into the country in a bid to overthrow the legitimate Syrian government.

The hackers' perspective parallels more widespread, pro-Assad propaganda based on accusing many Western media outlets of not just bias, but also "persistent media warmongering, faking news and fabricating … stories." That's according to a report on the Syria News website, which claimed that "terror NATO sponsors" were "airlifting, training, arming, financing and smuggling Al-Qaeda terrorists" into Syria.

Photograph courtesy of Flickr user Christiaan Triebert.

RECOMMENDED READING

Anonymous OpUSA Hackathon: Mostly Bluster

Twitter Battles Syrian Hackers

Twitter Preps Two Factor Authentication After AP Hoax

How Syrian Electronic Army Unpeeled The Onion

Syrian Hacktivists Hit Guardian Twitter Feeds

Syria Back Online After Internet Blackout

Previous
1 of 9
Next
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
Why Enterprises Can't Ignore Third-Party IoT-Related Risks
Charlie Miller, Senior Vice President, The Santa Fe Group,  5/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Security through obscurity"
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11232
PUBLISHED: 2018-05-18
The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable.
CVE-2017-15855
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, the camera application triggers "user-memory-access" issue as the Camera CPP module Linux driver directly accesses the application provided buffer, which resides in u...
CVE-2018-3567
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WLAN while processing the HTT_T2H_MSG_TYPE_PEER_MAP or HTT_T2H_MSG_TYPE_PEER_UNMAP messages.
CVE-2018-3568
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, in __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potentially occur.
CVE-2018-5827
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WLAN while processing an extscan hotlist event.