Syrian Electronic Army
The Syrian Electronic Army (SEA), is a group of computer hackers supervised by the Syrian Assad regime. Using spamming, defacement, malware (including the Blackworm tool), phishing, and denial of service attacks, it mainly targets political opposition groups and western websites including news organizations and human rights groups. The Syrian Electronic Army claims to be "a group of enthusiastic Syrian youths who could not stay passive towards the massive distortion of facts about the recent uprising in Syria", however the SEA is believed by experts to be "a state-supervised operation" that is linked to the Assad regime. The SEA is thought to be the first public, virtual army in the Arab world to openly launch cyber attacks on its opponents.
The SEA's tone and style vary widely from the serious and openly political to ironic statements intended as often critical or pointed humor: SEA had "Exclusive: Terror is striking the #USA and #Obama is Shamelessly in Bed with Al-Qaeda" tweeted from the Twitter account of 60 Minutes, and in July 2012 posted "Do you think Saudi and Qatar should keep funding armed gangs in Syria in order to topple the regime? #Syria," from Al Jazeera's Twitter account before the message was removed. In another attack, members of SEA used the BBC Weather Channel Twitter account to post the headline, "Saudi weather station down due to head on-collision with camel." One commentator notes that "[SEA] volunteers might include Syrian diaspora; some of their hacks have used colloquial English and reddit memes. After Washington Post reporter Max Fisher called their jokes unfunny, one hacker associated with the group told a Vice interview 'haters gonna hate.'"
The SEA claims responsibility for defacing or otherwise compromising hundreds of websites that it contends spread news hostile to the Syrian government. These include news websites such as BBC News, the Associated Press, National Public Radio, Al Jazeera, Financial Times, The Daily Telegraph, The Washington Post, Syrian satellite broadcaster Orient TV, and Dubai-based al-Arabia TV, as well as rights organizations such as Human Rights Watch. Other SEA targets include VoIP apps, such as Viber, and Tango.
It also posts pro-government messages on Facebook, and launches spamming campaigns to spread its messages. The Facebook pages of President Barack Obama and former French President Nicolas Sarkozy are among those that have been targeted by spam campaigns.
An attack on the Associated Press news agency, in which tweets falsely claimed the White House had been bombed and President Barack Obama injured, led to a US$136.5 billion dip on the S&P 500 index on 23 April 2013.
In addition to the high-profile defacement and attacks on public targets, the SEA also carries out surveillance to discover the identities and location of Syrian rebels. This electronic monitoring also reportedly extends to foreign aid workers.
Timeline of notable attacks
- July 2011: University of California Los Angeles website defaced by SEA hacker "The Pro".
- September 2011: Harvard University website defaced in what was called the work of a "sophisticated group or individual". The Harvard homepage was replaced with an image of Syrian president Bashar al-Assad, with a message saying "Syrian Electronic Army Were Here".
- April 2012: The Syrian Electronic Army took down the official blog of social media website LinkedIn. The page was redirected instead to a site supporting Bashar al-Assad.
- August 2012: The Twitter account of the Reuters news agency was hacked by the SEA. 22 tweets were sent with false information on the conflict in Syria. In addition, the Reuters news website was compromised, and a false report was posted about the conflict to a Reuters journalist's blog.
- 23 April 2013: The SEA hijacked the Associated Press Twitter account and falsely claimed the White House had been bombed and President Barack Obama injured.
- May 2013: The Twitter account of The Onion was compromised by the SEA, by phishing Google Apps accounts of The Onion 's employees.
- May 2013: The ITV news London Twitter account was hacked on the 24th May 2013 by the SEA. The Android applications of British Broadcaster Sky News were also hacked on 26 May 2013 on Google Play Store.
- 17 July 2013, Truecaller servers were allegedly hacked into by the Syrian Electronic Army. The group claimed on its Twitter handle to have recovered 459 GiBs of database, primarily due to an older version of Wordpress installed on the servers. The hackers also released TrueCaller's alleged database host ID, username, and password via another tweet. On 18 July 2013, Truecaller issued a statement on its blog stating that their servers were indeed hacked, but claiming that the attack did not disclose any passwords or credit card information.
- 23 July 2013: Viber servers were allegedly hacked into by SEA as well. The Viber support website was replaced with a message and a supposed screenshot of data that was obtained during the intrusion.
- 15 August 2013: Advertising service Outbrain was hacked by the SEA via a spearphishing attack. This allowed them to place redirects into the websites of The Washington Post, Time, and CNN.
- 27 August 2013: NYTimes.com has its DNS redirected to a page that displays the message "Hacked by SEA" and Twitter's domain registrar was changed
- 28 August 2013: Twitter had its DNS registration hacked to show the SEA as its Admin and Tech contacts, and some users reported that the site's CSS had been compromised
- 29–30 August 2013: The New York Times, The Huffington Post, and Twitter were knocked down by the SEA. A person, who is claiming to speak for the group, has stepped forward to tie these attacks to the increasing likelihood of U.S military action in response to al-Assad using chemical weapons. A self-described operative of the SEA told ABC News in an e-mail exchange: "When we hacked media we do not destroy the site but only publish on it if possible, or publish an article [that] contains the truth of what is happening in Syria. ... So if the USA launch attack on Syria we may use methods of causing harm, both for the U.S. economy or other."
- 2–3 September 2013, Pro-Syria hackers broke into the internet recruiting site for the US Marine Corps, posting a message that urged US soldiers to refuse orders if Washington decides to launch a strike against the Syrian government. The site, www.marines.com, was paralyzed for several hours Monday and redirected to a seven-sentence message "delivered by SEA"—short for the Syrian Electronic Army.
- 30 September 2013: SEA hacked the website of U.S. news company the Global Post, targeting their official Twitter account and website (globalpost.com). SEA officially announced the hack through their Twitter account, reading : "Think twice before you publish untrusted informations [sic] about Syrian Electronic Army" and "This time we hacked your website and your Twitter account, the next time you will start searching for new job"
- 28 October 2013: By gaining access to the Gmail account of an Organizing for Action staffer, the SEA altered shortened URLs on President Obama's Facebook and Twitter accounts to point to a 24-minute propaganda video on YouTube.
- 9 November 2013: SEA hacked the website of VICE, which is a no affiliate news/documentary/blog website which has filmed numerous times in Syria with the side of the Rebel forces. When logging into vice.com you are redirected to what appears to be the homepage of the SEA.
- 12 November 2013: SEA hacked the Facebook page of Matthew VanDyke, a Libyan Civil War veteran and pro-rebel news reporter.
- 1 January 2014: SEA hacked the official Facebook and Twitter pages for Skype as well as the official website's blog, they posted a picture to do with the SEA as well as another post telling users to not use Microsoft's e-mail service Outlook.com—formerly known as Hotmail—claiming that Microsoft sells user information to the government.
- 11 January 2014: SEA hacked the @XboxSupport Twitter pages and directed tweets to the group's website.
- 22 January 2014: SEA continued hacks on Microsoft. Hacking the official Microsoft Office Blog. They posted several images and tweeted about the attack.
- 23 January 2014: SEA hacked CNN's official Twitter account and posted two messages, including photo of Syrian Flag composed of binary code. The Tweets were removed by CNN within 10 minutes.
- 3 February 2014: SEA hacked the websites of eBay and Paypal UK. One source says the hackers said it was just for show and that they took no data.
- 6 February 2014: SEA hacked the DNS of Facebook. Sources say the registrant contact details were restored and Facebook confirmed that no traffic to the website was hijacked, and that no users of the social network were affected.
- 14 February 2014: SEA hacked the Forbes website and their Twitter accounts.
- 26 April 2014: SEA hacked RSA conference website.
- 18 June 2014: SEA hacked The Sun and The Sunday Times of England website.
- 22 June 2014: SEA hacked Reuters website. Readers attempting to reach the website were instead directed to a message by the Syrian Electronic Army condemning Reuters for publishing "false" articles about Syria. Hackers compromised the website corrupting ads served by Taboola.
- Advanced persistent threat
- Internet censorship in Syria
- PLA Unit 61398
- Tailored Access Operations
- "Syrian Electronic Army - SEA STORY". Syrian Electronic Army. Retrieved 2 September 2014.
- Fowler, Sarah (April 25, 2013). "Who is the Syrian Electronic Army?". BBC News. Retrieved October 15, 2014.
- Wilhoit, Kyle; Haq, Thoufique (August 29, 2014). "Connecting the Dots: Syrian Malware Team Uses BlackWorm for Attacks". FireEye. Retrieved October 15, 2014.
- Gallagher, Sean (May 8, 2013). "Network Solutions seizes over 700 domains registered to Syrians". Ars Technica. Retrieved October 15, 2014. "The Syrian Computer Society acts as Syria's domain registration authority and regulates the Internet within Syria, and is also believed to be connected to Syria's state security apparatus. The Syrian Computer Society registered .sy domain names for the Syrian Electronic Army's servers, giving the hacker group a national-level domain name (sea.sy) rather than a .com or other non-government address, signifying its status as at least a state-supervised operation."
- Noman, Helmi. "The Emergence of Open and Organized Pro-Government Cyber Attacks in the Middle East: The Case of the Syrian Electronic Army". Open Net Initiative. Retrieved 22 July 2013.
- Schroeder, Audra (2013-05-02). "Is it time to start taking the Syrian Electronic Army seriously?". The Daily Dot. Retrieved 2013-08-28.
- Peterson, Andrea (2013-08-15). "The Post just got hacked by the Syrian Electronic Army. Here's who they are". The Washington Post. Retrieved 2013-08-28.
- "SEANux - a version of Linux from the Syrian Electronic Army". Graham Cluley. Retrieved 14 November 2014.
- https://twitter.com/Official_SEA16/status/528305997513633792. Missing or empty
- Love, Dylan (22 May 2013). "10 Reasons to Worry About the Syrian Electronic Army". Business Insider. Retrieved 22 July 2013.
- "Editor's note". The Washington Post. August 15, 2013. Retrieved August 15, 2013.
- "Syrian Electronic Army: Disruptive Attacks and Hyped Targets", OpenNet Initiative, 25 June 2011
- "NPR.org Hacked; 'Syrian Electronic Army' Takes Responsibility". 2013-04-16. Retrieved 2013-04-16.
- Abbas, Mohammed (June 21, 2012). "Syria activists using U.S. tech to beat curbs". Reuters. Retrieved June 21, 2012.
- Sarah Fowler "Who is the Syrian Electronic Army?", BBC News, 25 April 2013
- Spillus, Alex "Who is the Syrian Electronic Army?", The Telegraph, 24 April 2013
- Peter Foster "'Bogus' AP tweet about explosion at the White House wipes billions off US markets", The Telegraph, 23 April 2013
- "How the Syrian Electronic Army Hacked The Onion", Tech Team, The Onion, 8 May 2013
- Perlroth, Nicole (17 May 2013). "Hunting for Syrian Hackers’ Chain of Command". New York Times. Retrieved 22 July 2013.
- Sterling, Bruce (6 July 2011). "Syrian Electronic Army Invades University of California Los Angeles". Wired. Retrieved 10 September 2013.
- Coughlan, Sean (26 September 2011). "Harvard website hacked by Syria protesters". BBC. Retrieved 10 September 2013.
- Holt, Kris (26 April 2012). "Syrian hackers take down LinkedIn's official blog". The Daily Dot. Retrieved 10 September 2013.
- Howell, Martin (5 August 2012). "Reuters Twitter account hacked, false tweets about Syria sent". Reuters. Retrieved 10 September 2013.
- "Truecaller Database hacked by Syrian Electronic Army", Sabari Selvan, E Hacking News, 17 July 2013.
- "TrueCaller hacked, 1 million Indians’ data at risk", The Times of India, 18 July 2013.
- "Truecaller Statement", True Software Scandinavia AB, 18 July 2013.
- "Phone and texting app ‘Viber’ hacked by Syrian Electronic Army", Scott Buscemi, 9to5Mac, 23 July 2013. Retrieved 24 July 2013.
- "Free calling app 'Viber' website defaced; database hacked by SEA", Mohit Kumar, The Hacker News, 23 July 2013. Retrieved 24 July 2013.
- "Viber Attacked By Syrian Electronic Army", Jordan Crook, TechCrunch, 23 July 2013. Retrieved 24 July 2013.
- "Syrian Hackers Use Outbrain to Target The Washington Post, Time, and CNN", Philip Bump, The Atlantic Wire, 15 August 2013. Retrieved 15 August 2013.
- Choney, Suzanne (August 28, 2013). "New York Times hacked, Syrian Electronic Army suspected". NBC News. Retrieved 2013-08-28.
- "Syrian Electronic Army Claims It's Taken Over Twitter's Domain (Updated)". Gizmodo. 2013-08-27. Retrieved 2013-08-28.
- Syria's cyber retaliation signals new era of warfare, USA Today
- "US Marines website hacked – Indistan News". Retrieved 14 November 2014.
- "GlobalPost hacked by the Syrian Electronic Army". GlobalPost. Retrieved 14 November 2014.
- Paulson, Amanda (29 October 2013). "Syrian Electronic Army says it hacked Obama accounts". Christian Science Monitor. Retrieved 5 November 2013.
- Mandalia, Ravi (11 January 2014). "SEA hijacks official Xbox Support Twitter account". Techienews.co.uk. Retrieved 12 January 2014.
- Lucian Constantin (21 January 2014). "Syrian Electronic Army hacks Microsoft's Office Blogs site mere hours after redesign". PCWorld. Retrieved 14 November 2014.
- Winograd, David (24 January 2014). "CNN Sites Get Hacked". Time. Retrieved 24 January 2014.
- Catherine E. Shoichet (January 23, 2014). "Some CNN social media accounts hacked". CNN. Retrieved January 23, 2014.
- "Syrian Electronic Army hacks Paypal and eBay websites". Retrieved 14 November 2014.
- Mohit Kumar (6 February 2014). "Facebook domain hacked by Syrian Electronic Army". The Hacker News - Biggest Information Security Channel. Retrieved 14 November 2014.
- Eduard Kovacs (14 February 2014). "Forbes Hacked by Syrian Electronic Army [Updated]". softpedia. Retrieved 14 November 2014.
- Brandon Stosh. "Syrian Electronic Army Hacked and Defaced RSA Conference Website - Freedom Hacker". Freedom Hacker. Retrieved 14 November 2014.
- "SyrianElectronicArmy on Twitter". Twitter. Retrieved 14 November 2014.
- Payne, Samantha (22 June 2014). "Reuters Hacked by Syrian Electronic Army via Taboola Ad". International Business Times. Retrieved 23 June 2014.
- Syrian Electronic Army on Twitter
- Syrian Electronic Army on Facebook
- Syrian Electronic Army on Instagram
- Video on YouTube
- The Emergence of Open and Organized Pro-Government Cyber Attacks in the Middle East: The Case of the Syrian Electronic Army, report by Information Warfare Monitor, a public-private partnership between University of Ottawa and Secdev Group, including screenshots of SEA activities.
- Understanding the Syrian Electronic Army (SEA), HP
- syrianelectronicarmy.com, first website of SEA, which later redirected to its .sy replacement
- sea.sy, SEA's newer website, which SEA stated in late May 2013 it has its access to revoked by the Syrian Computer Society (site displays blank loading page on browser, and wget returns "ERROR 403: Forbidden" as of August 2013)
- A google cache of an SEA website  mentioned in Information Warfare Monitor report cites firstname.lastname@example.org as a contact address and links to a Facebook page called SEA.Vic0r.2 at Vict0r Battalion - Syrian Electronic Army[dead link] The page is no longer available as of September 2013.