In June 2011, just a few short months after protests first erupted in Syria, the country’s president, Bashar Al-Assad, made a speech in which he thanked a group called the “Syrian Electronic Army” (SEA). Calling it a “virtual army in cyberspace,” Al-Assad praised the group for its effort in trying to shape the Syrian narrative. Since then, that effort has included taking over the Facebook pages of celebrities from Oprah to Nicolas Sarkozy, hacking the website of Harvard University, and setting up a fake YouTube site to intercept the credentials of users who attempted to log in.
Since its early days, the SEA has used a variety of tactics to gain attention for its cause, but its practice of hacking the Twitter accounts of news organizations, probably by phishing their passwords, seems to have been its biggest success. It has successfully infiltrated the accounts or websites of NPR, BBC Weather, AP, E! News, and, this week, the Onion. But why?
In some cases, like NPR or the AP, the goal may be to counter reporting that the SEA feels put the Syrian uprising in a too-positive light. Still, the impetus behind other hacks—such those targeting E! News or Oprah—is less clear.
Despite Assad’s speech, it’s not even clear exactly how the SEA is related to Assad’s regime. Some have surmised that the SEA is in fact leaderless. If the SEA is leaderless and distributed, like the hacktivist group Anonymous (whose internal motto is “Anonymous is not unanimous”), participants may be free to initiate or take part in hacks that don’t necessarily serve the central goals of the group. But others, such as researcher Helmi Noman, have made connections between the SEA and the Syrian government itself. In a paper released in May 2011, Noman found that the SEA’s original websites were hosted on Syria’s national networks. Noman has also found connections between the SEA and the Syrian Computer Society, which in the 1990s was headed by Al-Assad himself. In a recent BBC interview, however, Noman noted that the connections do not go much beyond “tacit support.” Either way, it may be that the SEA perceives entertainment sites like E! and the Onion to be platforms with sufficient reach to serve their goals. And in this case, the goal may just be getting their name out.
While Facebook has been quick to respond to attacks by the SEA on user pages, and some hosting services have booted them from their networks citing sanctions, Twitter is struggling to grapple with the phishing attacks that have plagued some of its high-profile users. While there are technical strategies Twitter could employ to mitigate the potential of such attacks—such as instituting two-step authentication for its users—the ease with which the SEA seems to have conducted its attacks raises the need for more security training amongst the journalistic community.
News organizations have struggled with the embarrassment of being compromised, and in at least one case, economic fallout: After the AP account—compromised by the SEA—falsely tweeted about an attack on the White House, caused a drop of $136.5 billion for the company on the S&P 500 index. Others have merely apologized for their false tweets, while this week the Onion responded by publishing a biting piece of satire entitled “Syrian Electronic Army Has A Little Fun Before Inevitable Upcoming Deaths At Hands Of Rebels.”
Apart from increased security on sites like Twitter, there seems to be little that can be done to prevent the Syrian Electronic Army’s attacks. Though some members may be located outside of Syria—one Facebook group calls itself the Australian 4th Brigade of the SEA—and could thus be prosecuted under local laws, there is not much that can be done to go after hackers inside of Syria, particularly given the regime’s apparent support.