The Syrian Electronic Army has claimed an attack on the New York Times website
The attack is a "serious escalation" in the group's operations, says a researcher
It's targeting U.S. and European media perceived as hostile to Syria's government, he says
An attack on the AP Twitter feed caused a flurry of panic and sent stocks plunging
The Syrian Electronic Army – a group of pro-Syrian regime hackers that has aggressively targeted major news organizations and activists – may operate in cyberspace, but its attacks can have real-life impact.
Several Twitter users posted screenshots of a “Hacked by SEA” message they said they received when they went to the New York Times homepage Tuesday.
It’s not the first such action by the group; in recent months, it claims to have hacked major UK and U.S. news organizations, as well as Columbia University and rights group Human Rights Watch. CNN.com has been the target of similar attacks.
After the latest apparent hack, fresh questions are being asked about what the Syrian Electronic Army is, where it’s from and how it operates.
But, says Helmi Noman, a senior researcher at the Citizen Lab, Munk School of Global Affairs at the University of Toronto, much about the group remains unknown.
He has been tracking the Syrian Electronic Army since May 2011, when it emerged as an organized group with a Facebook page and then its own website.
In its own words, on is website, the Syrian Electronic Army says, “We are a group of enthusiastic Syrian youths who could not stay passive towards the massive distortion of facts about the recent uprising in Syria.”
The group appears to have made it its mission to embarrass media organizations in the United States and European nations it perceives as hostile to the government of President Bashar al-Assad.
According to Noman, the claimed attack on the New York Times takes the group’s operations to a new level.
“Previous ones were just defacing websites, which was a kind of political graffiti, if you like,” he said.
But to take control of the domain name means that the group could redirect traffic, giving it the potential to expose people to malicious websites or code, he said, and represents a “serious escalation.”
The attack came as governments in several countries considered military action in light of reports that al-Assad has used chemical weapons against his own people in an effort to quell an uprising calling for his ouster.
Right after the attack, the Syrian Electronic Army posted a comment, since deleted but logged by Noman, on its Facebook page.
“They said they are determined to escalate attacks on websites belonging to the United States, European countries and all the countries preparing a possible military action against Syria,” Noman said.
This suggests that the group will try to carry out more serious attacks, he said, adding that “it’s time that the Syrian Electronic Army be taken seriously.”
‘Tacit support’ from Syria
One key question revolves around how close the group is to the government of Syrian President Bashar al-Assad, which has been involved in a bloody civil war for more than two years.
On that subject, all the signs are of “tacit support,” says Helmi Noman, a senior researcher at the Citizen Lab, Munk School of Global Affairs at the University of Toronto.
No evidence has emerged to support the idea that the group is a government operation, he said, but “they are close enough to the Syrian regime to be able to operate freely in a country with a regime that is known for its restrictive legal and technical measures.”
Al-Assad has previously backed the Syrian Electronic Army by name and “expressed his appreciation for their work and described them as a real army on the Internet,” Noman said.
The group’s domain name was registered by the Syrian Computer Society, which was headed by al-Assad in the 1990s, before he was president, he added.
The Syrian Electronic Army was even hosted on the network of the Syrian government until June, when the domain name was suddenly suspended. The group was without a website for a short time before reappearing on a commercial Russian service, Noman said.
The domain name’s suspension occurred a few days after the U.S. government seized several key Syrian government sites, Noman said, leading researchers to believe that the move was intended to create some distance between the hacker group and the Syrian government.
“It’s hosted on the network of the Syrian government, which is interesting because it’s the first time we’ve seen a group with questionable activities being hosted on a national computer network.”
Even if it were, he points out, the Syrian government would be unlikely to be open about it. This is in part because it could face legal and political consequences for its actions – for example, over the financial loss suffered as a result of the fake AP tweet, he said.
Who the individual members of the Syrian Electronic Army are and where they’re from is also shrouded in mystery.
“Of course, we cannot tell if these volunteers are from Syria only, or from other countries,” he added.
The group also appears robust, bouncing back despite the efforts of U.S. authorities and Twitter to suspend its activities.
Early attacks focused on apparently irrelevant websites, but later efforts shifted first toward compromising the Facebook pages of organizations seen as hostile to the Syrian government, and now high-profile Twitter accounts.
And it may operate in cyberspace, but its attacks can have real-life impact, as was shown when the group hacked the Associated Press Twitter feed in April. It sent out a tweet reading, “Breaking: Two Explosions in the White House and Barack Obama is injured,” causing a brief flurry of panic and temporarily sending stocks plummeting.
Others were more inflammatory – “Hazardous fog warning for North Syria: Erdogan orders terrorists to launch chemical weapons at civilian areas” – but still not credible.
“It’s not just what they want to do or could do; it’s what are the available vulnerabilities out there,” he said.
The hackers will probably continue to target the websites of U.S. and European media organizations, as well as some Arab sites, especially if international military intervention does occur in Syria, he said. They could carry out more DDOS attacks and may seek to use malicious software to steal private information from Syrian dissidents, he said.
As well as wanting to stay one step ahead of the CIA, competition is a factor in spurring them on.
In recent weeks, some anti-Assad groups have emerged, one calling itself the al-Nusra Electronic Army, in a reference to one of the key rebel groups involved in the fight against al-Assad’s forces. A sectarian divide has also emerged, with some Shiite groups defacing Sunni groups’ websites and vice versa, Noman said.
Against this backdrop, the Syrian Electronic Army is not likely to quit cyberspace any time soon, and the New York Times may not be the last to fall victim to its efforts.
“It’s up to the media to beef up their security so they cannot carry out these kinds of attacks,” Noman warned
CNN’s Dominique Van Heerden contributed to this report.