It has been a busy couple of months for a hacking collective calling themselves the “Syrian Electronic Army” (SEA). Targeting mostly media organisations Twitter accounts and websites the hacktivists have managed to claim the scalps of some high profile media companies.
The Guardian, one of the victims of SEA, would have you believe that the hacktivists are funded by the Syrian government based on a speech given by Assad to Damascus university students at the end of 2011, where he praised the electronic army and embraced them as an extension of his physical army: “The army consists of the brothers of every Syrian citizen” Young people have an important role to play at this stage, because they have proven themselves to be an active power. There is the electronic army, which has been a real army in virtual reality.”
Opposition activists claim that Assad’s cousin Rami Makhlouf is funding SEA via his billions and that key members of the team have based themselves in Dubai. The reality is a lot more mundane.
The Syrian Electronic Army consists of five to six core members, mostly students, either in high school or university, most based in Syria, with a couple in the US and the UK. The group is fighting against what it perceives as western media attacks against Syria, reports of chemical weapon use, rebel opposition victories and reports of Assad’s demise.
The movement, while not large, is more grass root, led by a dedicated few that believe Assad is the right answer for the country. They often site state control Syrian media of examples where the western media has it all wrong, missing the point that this source is likely to be biased towards Assad and his government.
The Syrian Electronic Army is not motivated by money, if they were they could have made billions when they hacked the Associated Press Twitter account and promptly announced the death of President Obama. Within minutes 150 billion US dollars was wiped of the New York stock exchange, if SEA had of shorted the S&P they would have made billions for themselves, subsequent investigations by NYSE found no suspicious trading patterns.
The attacks are basic, not what you would expect from a state sponsored group, for example recent attacks attributed to the Chinese government against large US organisations involved zero day attacks, custom code and advanced command and control communication. The successful SEA attacks against the BBC, Associated Press, CBS, France24, The Guardian and FIFA President Sepp Blatter were all using standard phishing attacks, where SEA sent targeted emails to the individuals and organisations requesting a password reset or verification. Effective, yes, state sponsored, not so much.
Not to say that a state sponsored attack cannot be simple, but if it were truly a well funded state attack you would expect to see a variety of attack techniques, rather than relying on a single attack vector.
Our recommendation to high profile media organisations? Teach your users about “phishing” and make your usernames and passwords hard to guess, for example if you were Associated Press Marketing department in charge of one of the most followed Twitter accounts on the planet you should not set your password to : APm@rketing.