Meet the group of young, pro-government Syrian hackers who temporarily tanked the Dow Jones with a simple Twitter attack.
“Exclusive: Terror is striking the #USA and #Obama is Shamelessly in Bed with Al-Qaeda,” the official 60 Minutes Twitter account posted in April, sending CBS scrambling to remove the tweet.
“Do you think Saudi and Qatar should keep funding armed gangs in Syria in order to topple the regime? #Syria,” asked Al Jazeera’s account in July last year, a message also taken down quickly.
For the past two years, at least until last week’s terrifying snafu, the hacker group calling itself the Syrian Electronic Army has been but a pest for most Westerners, doing little more than seizing the occasional news feed’s Twitter account. The SEA stood out with a few unique traits: it adopted a war-torn middle eastern country’s name in its own, and it seemed to have a rough agenda that the western media shouldn’t speak ill of President Bashar al-Assad’s Syrian government. It appeared to target news organizations that had recently given Syrian rebels or civilians sympathetic coverage. But its messages were slipshod, alternating between serious political screed, inside jokes and simple hacker bragging. And besides, in a real hacker’s toolbox, it’s not that impressive to take control of someone’s Twitter account. Burger King’s account got hacked too, and everybody laughed. That was simply part of the Twitter landscape.
But that was before the Syrian Electronic Army, in what started as another, standard hack, took control of the Associated Press’s main feed, and posted “Breaking: Two Explosions in the White House and Barack Obama is injured.” Ignoring the pedantry (explosions shouldn’t be capitalized, and AP’s style is to put BREAKING in all caps), the tweet fooled thousands of Americans into thinking they had been seriously attacked and their president injured. The ensuing panic caused the Dow Jones to briefly drop about 145 points, a temporary loss of $200 billion.
It seems odd, at the outset, that the group takes a strong stance in favor of the Syrian government and its president, Assad. Anyone familiar with Anonymous knows hacktivists are supposed to be critical of all governments. But the SEA is not Anonymous—in fact, the two groups got into a hacking war in 2011 after Anonymous defaced the webpage of the Syrian defense ministry. And Syria, which has been been embroiled in civil war since 2011, has been accused of horrendous atrocities like massacring its own civilians. The U.N. says that Syrian rebels are guilty of war crimes, too.
But the rebels, like the governments of Mali, Somalia, Burma, or heads of any other ongoing internal conflict, aren’t hacking the BBC Weather Channel’s Twitter account, ribbing nearby governments with seemingly-official tweets like “Saudi weather station down due to head on-collision with camel.”
The SEA says it’s not federally sponsored; it’s just a group of young, committed, technology-savvy citizens. “No, we are not supported by anyone or part of the government,” a representative for the SEA—identifying as “a (not the) Leader”—told the Daily Dot. “We are just Syrian youths who want to defend their country against the media campaign that is full of lies and fabricated news reports.”
That may be true, at least for some SEA members, especially considering that source said that the SEA is decentralized. “Every one of us is working from his home.. and some of us are in Syria and some of us are not,” the leader said. But Helmi Noman, a Senior Researcher at the University of Toronto’s Munk School of Global Affairs, has been following the SEA since it came onto the scene in 2011, and sees a clear government connection.
“What we know is [the SEA’s former] domain name was registered by the Syrian Computer Society. We looked into the Syrian Computer Society and discovered that it was headed by al-Assad in the 1990s, before he was president,” Noman told CNN.
And the Assad government’s support for the SEA is ongoing. The SEA moved to a new domain name, sea.sy, on Monday. “It is interesting that the domain is a country code top-level domain name,” Noman said. (The SEA’s old domain, syrianelectronicarmy.com, hasn’t been seized, though it now just redirects to the new, Syria-based site.)
“What is even more interesting,” Noman said, “is that the Syrian agency in charge of managing domain names does not find anything objectionable about the SEA’s activities even though they are potentially illegal. To me, this is yet another example of the tacit support the SEA receives from the regime.”
“Moreover, the fact that the president of the country publicly thanked them for their activities gave them a significant political cover,” he added, “which also works as an incentive to carry on.”
Such an accusation carries far graver connotations considering that a simple Twitter hack had such an impact on the U.S. economy, and that by the White House and the Pentagon’s standards, cyberattacks can be considered acts of war. The FBI is reportedly investigating the AP hack.
“The government proud of our work,” the SEA leader told the Daily Dot. “But it don’t know who we are.”
The SEA has accomplished many of its major Twitter hacks, including one against The Guardian on Sunday, by phishing—emailing employees with an enticing message to get them to click a malicious link. Twitter is now in the process of stepping up its security to make it harder for such attacks to succeed.
When asked who its real enemies were, the SEA leader offered a laundry list—”the US government and its allies and specially in the Arab world like Qatar,Saudi Arabia,Turkey and sure we don’t forget about Israel the Snakehead.”
“We don’t have a goal,” the leader added. “We have a mission, that is to defend our country in the cyber space.”
Illustration by Jason Reed