Syrian Electronic Army Uses Social Media to Strike Again

The Syrian Electronic Army has struck again. And again and again. They are keeping up with the digital times by using social media to do it, too.

What is the Syrian Electronic Army?

The Syrian Electronic Army (SEA) is a hacktivist group supporting the Syrian president Bashar al-Assad. The group’s goal is to counter the Free Syrian Army by flooding the Internet with propaganda in favor of President al-Assad. They use Internet arenas such as Twitter, YouTube and Facebook pages to post their content and attack people in their digital war.

The SEA commonly uses phishing tactics or Distributed Denial of Service (DDoS or DoS) methods to perform their cyber-attacks, reports Mashable. These types of attacks attempt to either gain sensitive information by posing as an authentic hyperlink, or swamp a network and disrupt its availability, respectively (view our What is a Denial of Service (DoS) Attack? blog to learn more).

Using the tactics mentioned above, the SEA has conducted a number of high-profile attacks. Below we have outlined some of the SEA’s most notorious cyber hacks.

White House

Very recently, the personal email accounts of three White House staff were targeted in a phishing attack, reports Nextgov.com. The compromised individuals were part of the Obama administration’s social media team.

Their accounts were sending phony emails to other White House employees containing illegitimate links designed to obtain Twitter credentials and personal email login information. These fake links looked like authentic news links that required your email or Twitter information to proceed and access additional content. However, those unauthentic links made it possible for hackers to obtain sensitive login information.

Associated Press

This isn’t the first time the SEA has hacked an online news organization’s site. They are also responsible for hacks on CBS News, NPR, BBC, and most recently the media and financial information firm Thomson Reuters. This is also just a small snippet of a long list of news hacks by the SEA.

You may remember that back in April, the SEA went after the Associated Press’s Twitter account, sending out fake tweets about an explosion in the White House and President Obama’s safety. This caused the S&P 500 to drop almost a full percent, costing investors $136.5 billion before recovering three minutes later, reports the Financial Post. Crude oil prices and U.S. gold were also negatively affected.

The Associated Press sent out a tweet following the incident affirming that the first tweet was untrue, but the damage was done. Though the stock market recovered, it shows how critical social media sites, such as Twitter, have become.

Since then, Twitter has updated its authentication process in hopes of avoiding future attacks such as these.

Viber

And it’s not just online news organizations that are in danger; Internet communication systems are also at risk. In July, the SEA hacked an Internet-based communication application called Viber.

Similar to Skype, Viber is an app that lets people call and send text messages for free. (The difference is that Viber allows people to call and send texts on their mobile phones in addition to their computers.) The app was created by Talmon Marco and Igor Magazinik, who were friends in the Israeli Army.

Since Viber’s inception in late 2010, it has snowballed in popularity, especially in Central and Eastern Europe. It currently carries over 2 billion text messages and 1.5 billion voice minutes per month, reports Bloomberg BusinessWeek.

It was developed in Belarus to keep costs down, but the fact that the app is run out of Israel could be a large part of the reason it was hacked. Israel and Syria’s ongoing conflict may have made the Israeli-based Viber app a prime target for the SEA, reports Bloomberg.

Though Viber claims no sensitive user data was compromised, it is still a scary fact that it was even hacked in the first place. Israel’s government computers are attacked several times a day, but luckily they have some of the best protection in the world. The same cannot be said for the private sector.

Gabi Siboni is the program director for military and strategic affairs at the Institute for National Security Studies in Tel Aviv, Israel. He tells Bloomberg that it is much easier for hackers to go after unprotected systems rather than government-protected ones. They can still harm Israel this way, but they don’t run into the same security measures.

It appears the Syrian Electronic Army realized the same thing, hence why they attacked Viber.

Where Does This Leave Us?

The attack on the Associated Press and the White House staff’s emails prove how critical social media has become these days. A growing portion of the world’s population attains news updates through Twitter because it’s faster and more current than a full news story. Putting out 140 characters is certainly faster than writing a full news article and posting it online; and it doesn’t even compare with traditional print media.

The attack on Viber makes us question how safe our online communications can be and wonder who else could be listening. Siboni questions what could happen if all online communication systems and news providers were to get hacked. How would people know what was happening?

To understand more about the effect of cyber-attacks on our critical infrastructures and the voluntary guidelines released by The National Institute of Standards and Technology to increase protection then visit our blog Major Changes in Store for NIST Cyber Security Standards.