Industry News

USA offers $100,000 bounty for alleged Syrian Electronic Army members

rsz_6757882889_f95aa48a6b_o

The US Department of Justice believes it has identified three members of the notorious Syrian Electronic Army, who have in recent years made a name for themselves with their high profile hacks against media organisations, targeted spear-phishing attacks, and redirecting well-known websites to display propaganda in support of the Syrian Government and President Bashar al-Assad.

In a press release, the US government has announced that it is offering a $100,000 reward for information which leads to the arrest of two of the individuals, who are believed to be based in Syria.

According to the department of justice, 22-year-old Ahmad Umar Agha, who goes by the online handle of â”The Pro,” and Firas Dardar, 27, also known as “The Shadow,” began their activities in the Syrian Electronic Army (SEA) in approximately 2011.

In most cases, the SEA’s activities were not that sophisticated – stealing usernames and passwords through simple phishing attacks, and then using those credentials to hack into email systems, social media accounts, and domain registrars to redirect websites.

According to the US Department of Justice, the group repeatedly targeted the computers and employees of the Executive Office of the President, but never successfully compromised systems there – perhaps because they used less than convincing email addresses such as whitehouse-online@hotmail.com.

That’s not to say that the pro-Assad hackers were not successful on many other occasions, however.

sea-reuters

Their many past victims included Reuters (whose readers were redirected to a webpage under the SEA’s control, after the group poisoned ads provided by third-party service Taboola), the Washington Post (on more than one occasion) and even Facebook on Mark Zuckerberg’s birthday.

sea-washington-post

sea-facebook

But perhaps one of the group’s most incendiary attacks came on 23 April 2013, when the Syrian Electronic Army managed to compromise the Twitter account of Associated Press.

The message tweeted by the hackers may have only been 12 words long, but when Associated Press’s two million followers read it the impact was dramatic.

The tweet read:

“Breaking: Two explosions in the White House and Barack Obama is injured”

sea-associated-press

It wasn’t true, of course, but that didn’t stop the Dow Jones Industrial average temporarily plummeting, and wiping a staggering $136 billion off the stock market.

Fortunately, in just a few minutes, people realised that the news alert was bogus – and the stock market recovered. But it’s one of the clearest examples ever of how even a simple phishing attack against a trusted source of information can result in mayhem.

It is little wonder then that the FBI added the Syrian Electronic Army to its “wanted list”, and experts in the computer security industry began to show an interest in unmasking their true identities.

sea-wanted-poster

What I found particularly interesting is how the American authorities appear to have identified Agha and his cronies.

The FBI raised search warrants for two Gmail accounts used by the group – th3pr0123[at]gmail.com and seatheshadow[at]gmail.com – as well as social media accounts such as LinkedIn, Twitter and Facebook.

Foolishly, but fortunately for the authorities, on April 28 2013 an email was sent from the th3pr0123 Gmail account containing images of ID documents. The name on the document was Ahmad Umar Agha and it helpfully had his photograph on it too.

A few weeks before he had used the same account to send images of himself at a wedding.

Additionally, on a number of occasions it appears that messages were sent by alleged members of the Syrian Electronic Army without taking proper precautions to keep their IP address private.

Further digging by the authorities uncovered similar emails sent by “The Shadow”, including ID documents and images of Firas Dardar, amongst other pieces of evidence that pointedt the finger of suspicion towards the alleged hackers.

A third alleged member of the Syrian Electronic Army, 36-year-old Peter Romar, has been charged with more hacking offences alongside Dardar, alongside accusations that he was involved in wire fraud, and extorting money from hacking victims.

It seems that hackers are just as capable of making mistakes regarding maintaining their privacy online as the rest of us. Perhaps there is a lesson for those of us who are law-abiding to learn from the mistakes made by others.

Of course, whether US law enforcement will ever be able to collar the suspected members of the Syrian Electronic Army is another matter entirely… It’s hardly likely at the moment that Syria is going to feel comfortable allowing American agents to grab the alleged hackers.

Tags

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

2 Comments

Click here to post a comment

Your email address will not be published. Required fields are marked *

  • ‘ It’s hardly likely at the moment that Syria is going to feel comfortable allowing American agents to grab the alleged hackers.’

    True. But of course it would probably be more like (but more extreme) the UK and US extradition agreement: US expects far more than the UK and the US then complains loudly about those times it doesn’t get those they want. Meanwhile, I seriously doubt the US would ever allow an American to be extradited to Syria. So why should Syria allow for the Americans to extradite these people? Why should America expect it? Because they have no problem with hypocrisy, that’s why. Whatever these people did it isn’t up to America to punish them. But unfortunately there is a lack of responsibility in America (in this regard and others) and the global police claim isn’t far off the mark (in many ways it’s on the mark).