Who is the Syrian Electronic Army?

  • Published
Hacked BBC Weather Twitter account
Image caption,

BBC Weather's Twitter account was hacked by pro-Assad online activists

The Associated Press news agency is the latest Western news organisation to fall victim to the Syrian Electronic Army's cyber war, with a false tweet about an explosion at the White House causing a sudden albeit brief dip in the Dow Jones index by up to 140 points.

The hack, quickly claimed by the Syrian Electronic Army (SEA), raises questions over the consequences of such misinformation and the group behind the string of hacks targeting numerous news websites and their Twitter accounts.

The group of online hackers and activists claim to be supporters of Syrian President Bashar al-Assad and seek to counter what it calls "fabricated news" on Syria broadcast by Arab and Western media.

On its website, the SEA describes itself as "a group of enthusiastic Syrian youths who could not stay passive towards the massive distortion of facts about the recent uprising in Syria".

Operating via the social media platforms of Facebook and Twitter, the SEA has launched organised spamming campaigns and denial of service attacks on individual, group and organisation websites that they believe undermine the legitimacy of the Syrian government.

Among the early spamming targets were the Facebook accounts of US President Barack Obama and former French President Nicolas Sarkozy.

The SEA's goal is clearly political. On its website, the group accuses pro-opposition groups and activists of using Facebook to "spread their destructive ideas…urging demonstrators to terrorise the civilians who refuse to join their demonstrations and attack public facilities".

As yet it is unclear how the SEA is linked, if at all, to the Syrian government, a claim the group appears to have so far rejected. An affiliate website said to be designed by members of the group denies receiving orders from the Syrian authorities.

Toronto University's Citizen Lab Senior Researcher Helmi Noman has been tracking the group since it first surfaced online in 2011.

Mr Noman discovered that the SEA's now defunct website was registered by the Syrian Computer Society which used to be headed by Syrian President Bashar al-Assad.

However, he says while there are "intriguing connections" between the two, this does not go much beyond "tacit support that would be required for such a group to operate on Syrian networks".

Relishing the attention

The hacking group has been active since 2011, but has upped the ante in recent months.

The group's website posts the latest details of its hacks in English and Arabic, accompanied by screen grabs of hacked Twitter accounts and video clips from media outlets reporting the group's activity. It seems to relish in the media attention it attracts.

Image caption,

Screengrab of hacked National Public Radio website

The SEA also publishes leaked documents obtained through hacked email accounts, including the inbox of Arab League chief Nabil al-Arabi.

US website Buzzfeed , externalhas compiled a snapshot of all of the latest hacks, including the attack on CBS's 60 Minutes Twitter account which claimed that "professionals under US regime protection" were behind the Boston Marathon bombing.

The website of National Public Radio, external was also taken over this month with the words "Syrian Electronic Army Was Here".

The BBC was no exception, with the BBC Weather, Arabic and Ulster Twitter accounts all hacked in March.

Tweets such as "Chaotic weather forecast for Lebanon as the government decides to distance itself from the Milky Way" and "Saudi weather station down due to head on-collision with camel" baffled Twitter users.

These were interspersed with explicit anti-Israel and pro-Assad tweets such as "Tsunami alert for Haifa: Residents are advised to return to Poland" and "Long live #Syria Al-Assad #SEA".

Qatar targeted

The government of Qatar, which has openly supported and financed the Syrian opposition since the start of the unrest, has been a prominent target of the SEA. Qatari-backed al-Jazeera TV and the Qatar Foundation have both been hacked.

The group has also claimed that it hacked Fifa President Sepp Blatter's Twitter account, focussing on allegations that Qatar bribed officials to win approval for its 2022 World Cup bid.

A bogus tweet supposedly from Fifa's Twitter account wrongly alleged that Mr Blatter was going to step down following corruption charges.

Speaking to the BBC's Newsday, Bloomberg News Social Media Director Jared Keller said the SEA had been active for several years and the cyber attacks had "almost become routine".

"Every few months we can expect to see a media outlet or government institution hijacked by the Syrian Electronic Army and they have hit basically every media outlet on the planet from ABC News, to Reuters to now the Associated Press."

Phishing

The BBC and AP both reported phishing emails sent to staff around the same time the accounts were hacked.

Soon after the attack on AP's Twitter account, AP reporter Mike Baker tweeted, external: "The @AP hack came less than an hour after some of us received an impressively disguised phishing email."

Graham Cluley, senior technology consultant at Sophos IT security company, says while it is unclear how the group are hacking into these mainstream media accounts, phishing cannot be ruled out.

"It is possible email accounts were phished. This is where users can be tricked into entering their Twitter passwords through trivial emails that appear to be from Twitter, partner organisations or even your own organisation."

Mr Cluley also suggested staff computers may have been infected with key logging software which allows everything typed to be seen and logged by hackers.

"There are lots of ways to scoop up passwords. It is very simple to do - it happens many thousands of times a day, fairly rudimentary stuff," he adds.

The latest hacking case raises questions over the need for increased password security for websites such as Twitter, with calls for the two-step authentication service.

The BBC says lessons were learned from the hacking incident and it is keeping measures vigorous and up-to-date to prevent future attacks.

In the meantime, Twitter seems to be launching its own battle with the SEA, banning each account set up by the group.

The SEA responds in kind by adding new accounts to the website noting in its Twitter handle the number of accounts set up in defiance of the ban and it has just created a seventh account.