The Syrian Electronic Army and the attack of Civilian Systems
A military computer scientist writes about the growing threat of 'hactivism'
By Paulo Shakarian, PhD Posted on 25 September 2013
In recent weeks, in the wake of the alleged use of chemical weapons by the Assad regime and the US response, another type of attack took place originating from Syria – cyber-attacks. Victims included The New York Times, the US Marine Corps' recruitment page, the Huffington Post and Twitter.
The group responsible is known as the Syrian Electronic Army (SEA) and is making itself known as the most prominent pro-government Syrian hacking group in the conflict.
The attacks by the SEA highlight the importance of cyber-warfare to a community that not only includes military and government organizations but security professionals in the civilian sector. Understanding the motives, capabilities and tactics of groups like the SEA during a time of conflict is important so that corporations such as the Times can better adjust their security posture.
This article originally appeared on SciTech Connect, Elsevier's blog for the Science and Technology Books community.
- Read more about computer security on SciTech Connect, including Dr. Shakarian's article "The Dragon and the Computer: Chinese Cyber-Warfare."
Read more about cyberwar and security issues on Elsevier Connect.[/note]","sans-serif";>
What is the Syrian Electronic Army?
The SEA is thought to have its roots in an older organization known as the Syrian Computer Society – which was previously headed by current Syrian President Bashar al-Assad.
Though their precise relationship to the Syrian government is unknown they have taken a strong pro-regime stance. Specifically, the recent attacks were directed against western targets over the recent investigation into the use of chemical weapons. Their political stance has also put them in direct conflict with the hacking group Anonymous, who is in the process of conducting OpSyria – a cyber-campaign directed at toppling the Assad regime.
The threat of 'Hactivist' groups
In many ways, groups like the Syrian Electronic Army are common among nations and non-state actors embroiled in a modern conflict who lack a more formal organization for the conduct of cyber-operations during a war. In our research for Introduction to Cyber-Warfare, we have come across similar groups such as the Nashi in Russia, the pro-Hamas "Team Hell" and the Iranian Cyber Army.
Like the Syrian Electronic Army, all of these groups consist of politically motivated hackers – often referred to as "hacktivists." We have noticed that, in general, such groups are formed with a few technically-savvy members as a core cadre and a larger number of politically motivated, but less proficient cyber-warriors. Some security researchers have already critiqued their attacks as rudimentary, and the recent hack of an alleged SEA server (thought to involve Anonymous) and subsequent release of member data is also indicative of a lack of sophistication.
[caption align="alignright"] Paulo Shakarian's new book Introduction to Cyber-Warfare: A Multidisciplinary Approachis now available for purchase at a 25% discount in the Elsevier Store.[/caption]
However, we shouldn't discount the SEA as a threat. They still have obtained quite a measure of success. Their hacks of major websites (mostly completed through DNS hijacking) did succeed in gaining headlines.
Further, it would not be surprising if such attacks were leveraged to compromise systems – as the Iranian Cyber Army has previously done to build a botnet. We also note that previous compromise of the Associated Press's Twitter site in April proved highly effective. Once the SEA compromised this account, they posted a fake message of a terrorist attack on the White House, which caused a temporary plunge in the markets.
Hacktivist groups like the SEA that support a given nation or non-state actor will remain an important feature in the landscape of cyber-war – one that we must account for during a conflict. Understanding their capabilities, motives and tactics are important as the battlefield in a cyber-conflict has no boundaries. Security professionals need to consider these groups, as the compromise of a corporate system by a hacktivist group to make a political statement or launch an attack reflects poorly on a firm and could result in loss of revenue.
The opinions in this article are solely those of the author and do not necessarily reflect the opinions of the US Military Academy, the US Army or the Department of Defense.[divider]