Operating with at least tacit support from the regime, the Syrian Electronic Army uses DDoS attacks, phishing scams, and other tricks to fight opposition activists where they're strongest -- online
A Syrian Internet user checks Facebook / AP
As President Bashar al-Assad dispatches tanks against peaceful protesters across Syria, pro-regime forces are launching a parallel effort against the uprising on a very different front: the Internet. A collective of pro-Assad hackers and online activists, calling themselves the Syrian Electronic Army, appears to be targeting dissidents within Syria as well as sympathizers without. Though the nature of the group's connection to the regime remains unclear, their tactics -- the most sophisticated response to online activism of the Arab Spring -- reveal the skill of Assad's forces and their determination to defeat the protest movement that toppled fellow dictators in Egypt, Libya, and Tunisia.
The Syrian Electronic Army has aggressively engaged in a wide range of online activities to punish perceived opponents and to force the online narrative in favor of the Assad regime. Over the past few months, their primary means of attack has been to overload the social networking profiles of government institutions and Western media outlets, flooding the Facebook pages of ABC News, the Telegraph, Oprah Winfrey, and the U.S. Department of Treasury with pro-Assad messages. Their primary method is distributed denial-of-service (DDoS) attacks: by jamming an online portal with messages, the group keeps regular visitors out and forces institutions to remove content unfavorable to the Syrian regime. This screenshot shows a "virtual demonstration" on President Barack Obama's Facebook page:
Apart from regular Facebook spamming, the Syrian Electronic Army has engaged in several highly organized denial of service attacks on the main websites of major media organizations. While the Syrian Electronic Army reportedly emerged in April 2011 after anti-regime demonstrations began to increase, the group claimed on May 17 to have attacked over 50 websites in coordination with Arab and Syrian hackers; their past targets include the websites of Al Jazeera, BBC News, and Syrian satellite broadcaster Orient TV.
The Syrian Electronic Army coordinates hacking attempts from their own Facebook page, and has defaced or disabled a number of websites with remarkable speed. The group's Facebook page even provides a how-to diagram on leaving pro-Assad comments, complete with ready-made English phrases accusing opposition activists of terrorism and warning the West that it's involvement will create chaos. According to research by the Information Warfare Monitor, a separate Facebook page promotes the DDoS tactics, recruits members, and provides links to resources for learning how to compromise vulnerable websites. Although Facebook has removed a number of the Syrian Electronic Army's pages, Jillian York reported in August that a quick search of the site brings up numerous new ones.
On Monday, The Atlantic's own Facebook page became a target after posting the story of Yusef, a Palestinian activist in Syria tortured by regime soldiers in Damascus. The post and those surrounding it were flooded with hundreds of formulaic comments. Below, the translated call to arms from the Syrian Electronic Army's Facebook page
The Atlantic, the first issue of this magazine was published in the 80's of the 19th century. This magazine has an independent policy, away from any partisan or religious affiliation, i.e. it delivers the voice of public opinion to decision-makers. In the second post of this magazine, there is a letter from a person who calls himself a Syrian opposition member who claims that he was arrested during a peaceful protest. Since it is our first visit to this magazine, it is our duty to explain to them the truth of these peaceful protests.
The Army's most recent attack was on a Facebook page for Columbia University, although the page is neither affiliated with nor administered by the university.The Washington Post suggests that the page was targeted after a Columbia professor "was quoted speaking negatively about the country's relationship with Iran in a Wall Street Journal story Tuesday."*
The group has been particularly aggressive in waging war against Anonymous, the faceless hacker collective that has engaged in it's own brand of cyber warfare during each successive revolution of the Arab Spring. Anonymous took down Tunisian government sites, caused pandemonium in Egyptian administration offices during the January 25th uprising with a flood of faxes, and attacked Libyan state websites, before turning their attention to Nicaraguan and Venezuelan targets after those states' leaders expressed solidarity with Muammar Qaddafi. While the Tunisian and Egyptian governments were primarily on the defensive regarding the sudden wave of cyber attacks, the Syrian Electronic Army struck back against the collective after they hacked a Syrian defense ministry webpage, disabling AnonPlus, Anonymous' own nascent social network.
More recently, the group has engaged in phishing attacks in addition to their regular spamming and hacking activities. The Information Warfare Monitor uncovered an attempt by Syrian hackers to coax pro-revolution Syrian Facebook users into giving up their login info with a phony URL and login page. According to the Monitor, the malicious link -- which describes the content as a "fascinating video clip showing an attack on Syrian regime" -- has been distributed throughout Syrian Twitter communities from several automated accounts. The system resembles the Koobface botnet researched and documented by the Monitor in November 2010. While the scam isn't obviously affiliated with the Syrian Electronic Army, the phishing attack fits with the group's past activities.