Syria fights back with hack attacks

In recent weeks, the self-styled Syrian Electronic Army (SEA) has launched hacking attacks on the BBC, the Associated Press (AP) and most recently, the Guardian. Last week, the group succeeded in hijacking the AP's main Twitter account, with 1.9-million followers. It falsely claimed that United States President Barack Obama had been injured in an explosion. AP corrected the message, but not before $130-billion had been briefly wiped off the value of US stocks.

Online pro-revolution activists have been one of the defining features of the ongoing Arab Spring. In Syria, opposition activists have played a crucial role in the struggle against President Bashar al-Assad. Over the past two years, they have uploaded numerous videos of anti-Assad demonstrations to YouTube, posted gruesome footage of victims killed by government forces, and helped to shape political perceptions in the West, as European Union leaders inch towards arming Syria's ­moderate opposition.

But unlike Tunisia, Egypt and Libya, whose former regimes were caught badly off guard, Assad's government has been fighting back. It has created an increasingly rambunctious group of counter-revolutionary hackers. These hackers have a twin function: to punish Western news organisations seen as critical of Syria's regime and to spread Damascus's alternative narrative.

This says that the war in Syria isn't a popular uprising against a brutal, despotic family-military dynasty, but rather an attempt by Islamist terrorists to turn Syria into a crazy al-Qaeda fiefdom.

The electronic army sprang up in 2011 at the beginning of the anti-Assad revolution. According to defectors from inside its ranks, the group moved last year from Damascus to a secret base in Dubai. Some pro-regime volunteers remain inside Syria, but they are at greater risk there of being unmasked and killed. The Syrian government is widely believed to be behind the electronic army's activities. In a speech to Damascus university in 2011, Assad likened these anonymous online warriors to his frontline troops.

Kremlin bloggers
Opposition activists claim Assad's billionaire cousin, Rami Makhlouf, bankrolls the electronic army and masterminded its move out of Syria. It now operates out of one of Makhlouf's shadowy Dubai companies, they add, citing information from a former electronic army activist, who defected and is now in hiding. Makhlouf pays for food and accommodation. Pro-Assad activists earn about $500 to $1 000 for high-profile attacks on Western targets – a huge sum for most Syrians. The electronic army mainly comprises Alawites from Assad's embattled minority Shia sect, but also includes Sunnis, most of whom back the opposition, and Christians. It receives sporadic technical assistance from Russia, Assad's key backer, opposition sources allege. Like their Syrian counterparts, Kremlin bloggers actively target Vladimir Putin's ­critics, with Russian hackers among the best in the world.

"There are a lot of [pro-regime] Syrian hackers inside Syria and outside Syria," Tareq al-Jaza'eere, an opposition cyberactivist, said. "The Syrian government gives them money to fight an electronic war against the rebels. They are doing hacks. They are doing social media. Their message is that there is no revolution. They say there is a terrorist gang fighting the government."

Said Al-Jaza'eere: "The SEA sometimes works according to orders from Damascus. Sometimes it works on its own. It attacks websites like the Guardian or the BBC because it does not want them to tell the truth." Asked which side was winning this noisy cyberbattle, he said: "We are. The SEA is making a fool of itself."

Analysts say the electronic army's hacking attacks are crude but effective.

The outfit's official website, hosted in Syria, boasts of numerous successes and shows activists in military fatigues sitting in front of a bank of computers, their faces cropped out. It says that its hackers are organised into battalions, with names such as Wolf, the Pro and the Shadow. The site also links to pro-Assad Facebook pages. All the electronic army's attacks have been carried out through "phishing" emails that lure recipients into thinking that they are at the login site for their email, so that the hackers can capture email addresses and passwords. The phishing sites used against the Guardian were registered in Cyprus, though they pointed to a site in the US that "hosts a whole load of malware", according to Rik Ferguson of the security ­company Trend Micro.

Ferguson described the hackers' work as "very visible" and commented: "They aren't terrible at what they do, but you'd have to say from their choice of targets – the GuardianBooks' Twitter account, the BBC Weather account – that the hacks aren't serving any great purpose." Other accounts hacked include BBC Arabic Online, Deutsche Welle, France 24 and Human Rights Watch.

The attacks differ sharply from those on the Washington Post and New York Times, where Chinese state-sponsored hackers silently broke into systems in 2012 and monitored activities and connections within them for up to four months before being discovered. –  © Guardian News & Media 2013

Subscribe to the M&G

These are unprecedented times, and the role of media to tell and record the story of South Africa as it develops is more important than ever.

The Mail & Guardian is a proud news publisher with roots stretching back 35 years, and we’ve survived right from day one thanks to the support of readers who value fiercely independent journalism that is beholden to no-one. To help us continue for another 35 future years with the same proud values, please consider taking out a subscription.

Charles Arthur
Charles Arthur works from Tranquility Base Hotel & Casino. Journalist, speaker, moderator. The Guardian’s Technology editor 2009-14. Coming May ‘18: Cyber Wars, on hacking. Prev: Digital Wars: Apple v Google v Microsoft Charles Arthur has over 74656 followers on Twitter.

Related stories


press releases

Loading latest Press Releases…

The best local and international journalism

handpicked and in your inbox every weekday