The below report was written in May of 2013 after the first wave of Syrian Electronic Army attacks. The collective has since claimed responsibility for an attack on Twitter itself and for a hack that took down the website of The New York Times.
On May 4th, a series of odd tweets went out to the 5 million or so followers of the E! News Twitter account. "Exclusive! Justin Bieber to E! online: I’m a gay," read the first one. Then came a tweet about Angelina Jolie commenting on the Syrian revolution, another tweet about Bieber’s homosexuality, then a triumphant admission: "The Syrian Electronic Army was here! Fans of @justinbieber, you have been trolled."
One of the top 10 most skilled hacking teams in the world
That’s a ratio of two gay jokes to one political statement, if anyone’s counting. The Syrian Electronic Army purports to be a collective of political hacktivists defending the Assad regime that has controlled the country for more than 40 years against a revolutionary movement. Researchers at HP who studied the SEA hacker collective for three months noted that it is considered one of the top 10 most skilled hacking teams in the world. Recently, the SEA has claimed responsibility for takeovers of more than a dozen prominent global media outlets, including CBS, NPR, and the BBC.
"The Syrian Electronic Army never attacks for the fun of it. Its aim is to deliver a message and spread truth," a representative of the collective told The Verge in an email interview.
And yet, the SEA frequently departs from its message in order to troll, jest, and mock. In April, the group hacked the Twitter accounts of FIFA, the international body that oversees the World Cup, and fired its president Joseph Blatter. "It was decided that the president Sepp Blatter is to step down due to corruption charges," @FIFA tweeted, referring to bribery charges Blatter was facing at the time. Dozens of sports media outlets picked up the fake story.
The slew of recent attacks has led to a huge amount of media attention for the SEA. But while every article mentions the civil war, the group’s message isn’t really getting through.
"While it may seem a little bit like they’re doing it for the lulz because it is kind of random, it is ideologically motivated in the sense that these are all supporters of the Assad regime," said Eva Galperin, global public policy analyst at the Electronic Frontier Foundation. "And they’re looking to get a message out about what they feel is bias in the media against Assad."
The SEA claims that it targets news sites based on their coverage. "There are many targets that were vulnerable that we felt were fair to Syria and had balanced coverage, we did not strike them," the group said in an email. However, Galperin believes the group is going after "low-hanging fruit," meaning, any news organization that leaves itself vulnerable.
The group’s English-language skills are nearly fluent. But their purported message, that Western media is biased against Assad, doesn’t come through at all. Why is the SEA muddying its message with pop-culture jokes, instead of linking to stories about revolutionaries committing atrocities, for example? Instead, when they gained access to a platform with 2 million followers in the form of the @AP Twitter account, they tweeted that there were explosions in the White House and Barack Obama was injured. The tweet sent the stock market down almost 150 points before bouncing back.
Sarab al-Jijakli, co-founder of the Syrian-American group National Alliance for Syria, believes the SEA’s goal is more complicated. The government has near-total control of the internet inside Syria, he noted, where it monitors citizens, spying on them and sabotaging them; the SEA is merely an extension of this police state mentality.
The SEA is merely an extension of this police state mentality
"If the goal is to exert influence and put people on notice that they have reach everywhere, I think it’s successful," al-Jijakali said. "If it's to change hearts and minds of the revolutionaries or the world at large, I don’t think they achieve that. But I don’t think that’s the goal."
There may be a simpler explanation for the jovial tone on some SEA hacks: they may have all been perpetrated by four mischief-making students, aged 18 to their "young twenties." Those student hackers are nicknamed "Th3Pr0," "Shadow," "SEAHawk," and "Ch3ckM4te." In a conversation with Matthew Keys, the former Reuters social media editor who is facing charges of assisting Anonymous in an attack, these four take credit for at least 12 of the recent news hacks, including the most recent one against the Financial Times.
"They’re just four kids that have decided that this is what they want to do to defend their homeland from who they have decided are their enemies," Keys said.
The four may be behind the recent hacks, but they are likely part of a larger group. HP researchers believe "with a high level of confidence" that the group is about eight core hackers, with another 20 sporadically providing support. However, the researchers said the age range — 18 to early twenties — is on point.
Much of the SEA’s recent activity has consisted of low-skill attacks on Twitter accounts and badly-made websites. However, researchers believe the group is capable of much more. There is reason to believe that members of the SEA widely distributed malware in the past, and that they may be capable of a serious attack against a business or even government in the future. "We’re a little concerned that there may be some more covert campaigns that could be in process right now," said Ted Ross, director of HP security research's field intelligence. "These guys are capable of doing very covert things."
Bashar al-Assad publicly endorsed the SEA as a "virtual army"
The SEA claimed responsibility for recently hacking into the critical infrastructure of the Israeli city Haifa. The group also runs a WikiLeaks-type site and has released documents that some activists and researchers say led to the persecution of revolutionary leaders. Syrian president Bashar al-Assad has publicly endorsed the SEA as a "virtual army" to complement the real army. The HP researchers also found evidence that the government is providing support to the SEA, something both parties deny. In one case, a young man who was targeted for recruitment was told that he could avoid serving in the regular army if he entered the SEA.
It’s hard to take the SEA seriously when it’s hacking into The Onion and the BBC Weather Twitter account. One tweet from the latter read "Saudi weather station down due to head-on collision with camel." However, these attacks are getting the SEA a lot of attention for minimal effort. And if the group is planning something bigger, the juvenile attitude could prove to be the perfect cover. "We don’t have a crystal ball. But we know enough to know that this actor is capable of doing a lot more than what you’re seeing lately," Ross said.