Syria fights back with hack attacks

In recent weeks, the self-styled Syrian Electronic Army (SEA) has launched hacking attacks on the BBC, the Associated Press (AP) and most recently, the Guardian. Last week, the group succeeded in hijacking the AP's main Twitter account, with 1.9-million followers. It falsely claimed that United States President Barack Obama had been injured in an explosion. AP corrected the message, but not before $130-billion had been briefly wiped off the value of US stocks.

Online pro-revolution activists have been one of the defining features of the ongoing Arab Spring. In Syria, opposition activists have played a crucial role in the struggle against President Bashar al-Assad. Over the past two years, they have uploaded numerous videos of anti-Assad demonstrations to YouTube, posted gruesome footage of victims killed by government forces, and helped to shape political perceptions in the West, as European Union leaders inch towards arming Syria's ­moderate opposition.

But unlike Tunisia, Egypt and Libya, whose former regimes were caught badly off guard, Assad's government has been fighting back. It has created an increasingly rambunctious group of counter-revolutionary hackers. These hackers have a twin function: to punish Western news organisations seen as critical of Syria's regime and to spread Damascus's alternative narrative.

This says that the war in Syria isn't a popular uprising against a brutal, despotic family-military dynasty, but rather an attempt by Islamist terrorists to turn Syria into a crazy al-Qaeda fiefdom.

The electronic army sprang up in 2011 at the beginning of the anti-Assad revolution. According to defectors from inside its ranks, the group moved last year from Damascus to a secret base in Dubai. Some pro-regime volunteers remain inside Syria, but they are at greater risk there of being unmasked and killed. The Syrian government is widely believed to be behind the electronic army's activities. In a speech to Damascus university in 2011, Assad likened these anonymous online warriors to his frontline troops.

Kremlin bloggers
Opposition activists claim Assad's billionaire cousin, Rami Makhlouf, bankrolls the electronic army and masterminded its move out of Syria. It now operates out of one of Makhlouf's shadowy Dubai companies, they add, citing information from a former electronic army activist, who defected and is now in hiding. Makhlouf pays for food and accommodation. Pro-Assad activists earn about $500 to $1 000 for high-profile attacks on Western targets – a huge sum for most Syrians. The electronic army mainly comprises Alawites from Assad's embattled minority Shia sect, but also includes Sunnis, most of whom back the opposition, and Christians. It receives sporadic technical assistance from Russia, Assad's key backer, opposition sources allege. Like their Syrian counterparts, Kremlin bloggers actively target Vladimir Putin's ­critics, with Russian hackers among the best in the world.

"There are a lot of [pro-regime] Syrian hackers inside Syria and outside Syria," Tareq al-Jaza'eere, an opposition cyberactivist, said. "The Syrian government gives them money to fight an electronic war against the rebels. They are doing hacks. They are doing social media. Their message is that there is no revolution. They say there is a terrorist gang fighting the government."

Said Al-Jaza'eere: "The SEA sometimes works according to orders from Damascus. Sometimes it works on its own. It attacks websites like the Guardian or the BBC because it does not want them to tell the truth." Asked which side was winning this noisy cyberbattle, he said: "We are. The SEA is making a fool of itself."

Analysts say the electronic army's hacking attacks are crude but effective.

The outfit's official website, hosted in Syria, boasts of numerous successes and shows activists in military fatigues sitting in front of a bank of computers, their faces cropped out. It says that its hackers are organised into battalions, with names such as Wolf, the Pro and the Shadow. The site also links to pro-Assad Facebook pages. All the electronic army's attacks have been carried out through "phishing" emails that lure recipients into thinking that they are at the login site for their email, so that the hackers can capture email addresses and passwords. The phishing sites used against the Guardian were registered in Cyprus, though they pointed to a site in the US that "hosts a whole load of malware", according to Rik Ferguson of the security ­company Trend Micro.

Ferguson described the hackers' work as "very visible" and commented: "They aren't terrible at what they do, but you'd have to say from their choice of targets – the GuardianBooks' Twitter account, the BBC Weather account – that the hacks aren't serving any great purpose." Other accounts hacked include BBC Arabic Online, Deutsche Welle, France 24 and Human Rights Watch.

The attacks differ sharply from those on the Washington Post and New York Times, where Chinese state-sponsored hackers silently broke into systems in 2012 and monitored activities and connections within them for up to four months before being discovered. –  © Guardian News & Media 2013

Charles Arthur
Charles Arthur works from Tranquility Base Hotel & Casino. Journalist, speaker, moderator. The Guardian’s Technology editor 2009-14. Coming May ‘18: Cyber Wars, on hacking. Prev: Digital Wars: Apple v Google v Microsoft Charles Arthur has over 74656 followers on Twitter.

Workers fight job-creation ‘mess’

Former Ekurhuleni workers argued in court that a programme promising to equip them with skills simply acted as a labour broker for the municipality

Court dissolves local municipality

Landmark judgment paves the way for South Africans to use legal system to hold councils responsible

Mabuza’s ‘distant relative’ scored big

Eskom’s woes are often because of boiler problems at its power plants. R50-billion has been set aside to fix them, but some of the contracts are going to questionable entities

ANC faction gunning for Gordhan

The ambush will take place at an NEC meeting about Eskom. But the real target is Cyril Ramaphosa

Press Releases

New-style star accretion bursts dazzle astronomers

Associate Professor James O Chibueze and Dr SP van den Heever are part of an international team of astronomers studying the G358-MM1 high-mass protostar.

2020 risk outlook: Use GRC to build resilience

GRC activities can be used profitably to develop an integrated risk picture and response, says ContinuitySA.

MTN voted best mobile network

An independent report found MTN to be the best mobile network in SA in the fourth quarter of 2019.

Is your tertiary institution is accredited?

Rosebank College is an educational brand of The Independent Institute of Education, which is registered with the Department of Higher Education and Training.

Is your tertiary institution accredited?

Rosebank College is an educational brand of The Independent Institute of Education, which is registered with the Department of Higher Education and Training.

VUT chancellor, Dr Xolani Mkhwanazi, dies

The university conferred the degree of Doctor of Science Honoris Causa on Dr Xolani Mkhwanazi for his outstanding leadership contributions to maths and science education development.

Innovate4AMR now in second year

SA's Team pill-Alert aims to tackle antimicrobial resistance by implementing their strategic intervention that ensures patients comply with treatment.

Medical students present solution in Geneva

Kapil Narain and Mohamed Hoosen Suleman were selected to present their strategic intervention to tackle antimicrobial resistance to an international panel of experts.