The Syrian Electronic Army has claimed an attack on the New York Times website
The attack is a "serious escalation" in the group's operations, says a researcher
It's targeting U.S. and European media perceived as hostile to Syria's government, he says
An attack on the AP Twitter feed caused a flurry of panic and sent stocks plunging
The Syrian Electronic Army, a group of pro-Syrian regime hackers that has aggressively targeted major news organizations and activists, has claimed credit for a 20-hour-long outage of the New York Times website.
Several Twitter users posted screenshots of a “Hacked by SEA” message they said they received when they went to the New York Times homepage Tuesday.
It’s not the first such action by the group; in recent months, it claims to have hacked major UK and U.S. news organizations, as well as Columbia University and rights group Human Rights Watch. CNN.com has been the target of similar attacks.
After the latest apparent hack, fresh questions are being asked about what the Syrian Electronic Army is, where it’s from and how it operates.
But, says Helmi Noman, a senior researcher at the Citizen Lab, Munk School of Global Affairs at the University of Toronto, much about the group remains unknown.
He has been tracking the Syrian Electronic Army since May 2011, when it emerged as an organized group with a Facebook page and then its own website.
In its own words, on that website, the Syrian Electronic Army says, “We are a group of enthusiastic Syrian youths who could not stay passive towards the massive distortion of facts about the recent uprising in Syria.”
The group appears to have made it its mission to embarrass media organizations in the United States and European nations it perceives as hostile to the government of President Bashar al-Assad.
According to Noman, the claimed attack on the New York Times takes the group’s operations to a new level.
“Previous ones were just defacing websites, which was a kind of political graffiti, if you like,” he said.
But to take control of the domain name means that the group could redirect traffic, giving it the potential to expose people to malicious websites or code, he said, and represents a “serious escalation.”
The attack came as governments in several countries considered military action in light of reports that al-Assad has used chemical weapons against his own people in an effort to quell an uprising calling for his ouster.
Right after the attack, the Syrian Electronic Army posted a comment, since deleted but logged by Noman, on its Facebook page.
“They said they are determined to escalate attacks on websites belonging to the United States, European countries and all the countries preparing a possible military action against Syria,” Noman said.
This suggests that the group will try to carry out more serious attacks, he said, adding that “it’s time that the Syrian Electronic Army be taken seriously.”
‘Tacit support’ from Syria
One key question revolves around how close the group is to the al-Assad government, which has now been involved in a bloody civil war for more than two years.
On that subject, all the signs are of “tacit support,” Noman said.
No evidence has emerged to support the idea that the group is a government operation, he said, but “they are close enough to the Syrian regime to be able to operate freely in a country with a regime that is known for its restrictive legal and technical measures.”
Al-Assad has previously backed the Syrian Electronic Army by name and “expressed his appreciation for their work and described them as a real army on the Internet,” Noman said.
The group’s domain name was registered by the Syrian Computer Society, which was headed by al-Assad in the 1990s, before he was president, he added.
The Syrian Electronic Army was even hosted on the network of the Syrian government until June, when the domain name was suddenly suspended. The group was without a website for a short time before reappearing on a commercial Russian service, Noman said.
The domain name’s suspension occurred a few days after the U.S. government seized several key Syrian government sites, Noman said, leading researchers to believe that the move was intended to create some distance between the hacker group and the Syrian government.
While there’s no evidence linking the Syrian Electronic Army to the Russian authorities, Moscow is seen as friendly to the al-Assad regime, making it unlikely that the Russian company will be asked to stop hosting it.
Who the individual members of the Syrian Electronic Army are and where they’re from is also shrouded in mystery.
They claim to be mostly Syrians in Syria, but the group also recruits members through Facebook, Twitter and its website, Noman said. A core appears to coordinate attacks, but the group solicits suggestions for targets through an open forum.
It also appears robust, bouncing back despite the efforts of U.S. authorities and Twitter to suspend its activities and developing its methods over time.
Early attacks focused on apparently irrelevant websites, but later efforts shifted toward compromising first the Facebook pages of organizations seen as hostile to the Syrian government and then high-profile Twitter accounts and the New York Times website. In the early days, it used DDOS, or distributed denial of service, attacks, but its methods then grew more sophisticated.
And it may operate in cyberspace, but its attacks can have real-life impact, as was shown when the group hacked the Associated Press Twitter feed in April. It sent out a tweet reading, “Breaking: Two Explosions in the White House and Barack Obama is injured,” causing a brief flurry of panic and temporarily sending stocks plummeting.
Noman predicts that the group will continue to look for soft spots to exploit in the wake of the attack on the New York Times.
“It’s not just what they want to do or could do; it’s what are the available vulnerabilities out there,” he said.
The hackers will probably continue to target the websites of U.S. and European media organizations, as well as some Arab sites, especially if international military intervention does occur in Syria, he said. They could carry out more DDOS attacks and may seek to use malicious software to steal private information from Syrian dissidents, he said.
As well as wanting to stay one step ahead of the CIA, competition is a factor in spurring them on.
In recent weeks, some anti-Assad groups have emerged, one calling itself the al-Nusra Electronic Army, in a reference to one of the key rebel groups involved in the fight against al-Assad’s forces. A sectarian divide has also emerged, with some Shiite groups defacing Sunni groups’ websites and vice versa, Noman said.
Against this backdrop, the Syrian Electronic Army is not likely to quit cyberspace any time soon, and the New York Times may not be the last to fall victim to its efforts.
“It’s up to the media to beef up their security so they cannot carry out these kinds of attacks,” Noman warned
CNN’s Dominique Van Heerden contributed to this report.