FBI Warns Of Syrian Electronic Army Hacking Threat

Recent string of high-profile website and Twitter takedowns leads some security professionals to question whether hackers are getting help from Iran.

(click image for larger view)
The Syrian Electronic Army: 9 Things We Know
The FBI Cyber Division has issued an alert to media outlets to beware compromise by the Syrian Electronic Army (SEA), and urged them to report any suspicious network traffic or behavior to the bureau.
The
advisory
recaps how the pro-regime hacker group that emerged during Syrian anti-government protests in 2011 [...] has been compromising high-profile media outlets in an effort to spread pro-regime propaganda.
The SEAs primary capabilities include spear-phishing, Web defacements, and hijacking social media accounts to spread propaganda, read the advisory. Over the past several months, the SEA has been highly effective in compromising multiple high-profile media outlets.
The alert was issued following the SEAs large disruption of
The New York Times
website and smaller outages at Twitter and
The Huffington Post U.K.
That built on a string of previous defacements, including the Twitter accounts for
Associated Press
, BBC and Reuters, as well as Gmail accounts used by the
White House media team
.
[ Are recent hacks just the beginning of an escalation in cyber-warfare? Read
NY Times
Caught In Syrian Hacker Attack
. ]
Many of those takedowns were accomplished using cheap-and-easy
spear-phishing attacks
, often designed to separate victims from their Google login information, which the hackers then use to seize control of Twitter feeds and send further phishing emails.
In the wake of the FBIs recent advisory, the SEA doesnt appear to be running scared. In fact, the group Friday
tweeted
a link to the advisory from one of its Twitter accounts.
Bravado aside, the SEAs increasingly big -- and sophisticated -- takedowns have lead some security experts to ask if the group isnt getting outside help. I dont think it would be unreasonable to suspect someone more skilled is helping them out, Adam Myers, vice president of intelligence for security firm CrowdStrike, told
The Sydney Morning Herald
in Australia. Notably, the group appears to have graduated from mere Twitter account takeovers to
stealing details on users
of video and voice app Tango, as well as the
Times
and Twitter takedowns, which involved
exploiting a never-before-seen DNS registry
.
Theyve been improving [their methods] over the past couple months. I would not rule out some outside influence giving them pointers, said CrowdStrikes Myers. I think the likely candidate would be Iran.
Other information security professionals have also noticed the SEAs increasing skills. They exposed some world-class exposures in some world-class environments, Carl Herberger, VP of security solutions for Radware, said in a recent phone interview. To take down
The New York Times
website? Pretty impressive. To expose some security problems in Twitter, even if the rest of the world didnt know they were there? Very impressive.
Has that lead to a more concerted effort by the FBI to identify and arrest the SEAs members? No doubt the bureau is working overtime to do so. But some recent press reports have sensationalized those efforts, given that the FBI has remained mum on any related investigations. For example,
International Business Times
reported Thursday that the FBIs advisory said that anyone found to be aiding the SEA will be seen as
terrorists
actively aiding attacks against the U.S. websites. In fact, the FBIs advisory made no such claims.
Russia Today
, which has an editorial slant that strongly favors the policies of President Vladimir Putin, claimed Friday that the FBI had added the SEA
to its list of wanted criminals.
In reality, however, neither the SEA nor its members feature on the bureaus list of
most-wanted cybercriminals
.
If the bureau has
identified the hackers
involved in the SEA, however, the suspects should watch where they travel. Earlier this week, for example, Russia issued a travel advisory warning Russians accused of cybercrimes to beware international travel,
reported

Wired
. The
notice
, issued by Russias Foreign Ministry, warned citizens to refrain from traveling abroad, especially to countries that have signed agreements with the U.S. on mutual extradition, if there is reasonable suspicion that U.S. law enforcement agencies are investigating their activities. That notice was issued in the wake of the June arrest -- based on an Interpol Red Notice -- in the Dominican Republic of Russian Aleksander Panin, an alleged hacker charged in a $5 million online banking heist. Also this year, Russian national Maxim Chuhareva was arrested in Costa Rica as part of the Secret Services
Liberty Reserve crackdown
.
Could some elements of the SEA now be operating from Russia? Interestingly, the SEAs servers were relocated to Russia after Network Solutions seized the groups domain names, apparently acting on a Department of Justice request. In retaliation for that embarrassing turn, the self-described teenage leader of the group, known as Th3 Pr0 (pronounced the pro) hacked APs Twitter feed, issuing a bogus alert that President Obama had been
injured in a bomb blast
. The tweet temporarily erased $200 billion in value from the U.S. stock market.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
FBI Warns Of Syrian Electronic Army Hacking Threat