Operating with at least tacit support from the regime, the Syrian Electronic Army uses DDoS attacks, phishing scams, and other tricks to fight opposition activists where they're strongest -- online
As President Bashar al-Assad dispatches tanks against peaceful protesters across Syria, pro-regime forces are launching a parallel effort against the uprising on a very different front: the Internet. A collective of pro-Assad hackers and online activists, calling themselves the Syrian Electronic Army, appears to be targeting dissidents within Syria as well as sympathizers without. Though the nature of the group's connection to the regime remains unclear, their tactics -- the most sophisticated response to online activism of the Arab Spring -- reveal the skill of Assad's forces and their determination to defeat the protest movement that toppled fellow dictators in Egypt, Libya, and Tunisia.
Apart from regular Facebook spamming, the Syrian Electronic Army has engaged in several highly organized denial of service attacks on the main websites of major media organizations. While the Syrian Electronic Army reportedly emerged in April 2011 after anti-regime demonstrations began to increase, the group claimed on May 17 to have attacked over 50 websites in coordination with Arab and Syrian hackers; their past targets include the websites of Al Jazeera, BBC News, and Syrian satellite broadcaster Orient TV.
The Syrian Electronic Army coordinates hacking attempts from their own Facebook page, and has defaced or disabled a number of websites with remarkable speed. The group's Facebook page even provides a how-to diagram on leaving pro-Assad comments, complete with ready-made English phrases accusing opposition activists of terrorism and warning the West that it's involvement will create chaos. According to research by the Information Warfare Monitor, a separate Facebook page promotes the DDoS tactics, recruits members, and provides links to resources for learning how to compromise vulnerable websites. Although Facebook has removed a number of the Syrian Electronic Army's pages, Jillian York reported in August that a quick search of the site brings up numerous new ones.
On Monday, The Atlantic's own Facebook page became a target after posting the story of Yusef, a Palestinian activist in Syria tortured by regime soldiers in Damascus. The post and those surrounding it were flooded with hundreds of formulaic comments. Below, the translated call to arms from the Syrian Electronic Army's Facebook page
The Atlantic, the first issue of this magazine was published in the 80's of the 19th century. This magazine has an independent policy, away from any partisan or religious affiliation, i.e. it delivers the voice of public opinion to decision-makers. In the second post of this magazine, there is a letter from a person who calls himself a Syrian opposition member who claims that he was arrested during a peaceful protest. Since it is our first visit to this magazine, it is our duty to explain to them the truth of these peaceful protests.
The Army's most recent attack was on a Facebook page for Columbia University, although the page is neither affiliated with nor administered by the university.The Washington Post suggests that the page was targeted after a Columbia professor "was quoted speaking negatively about the country's relationship with Iran in a Wall Street Journal story Tuesday."*
The group has been particularly aggressive in waging war against Anonymous, the faceless hacker collective that has engaged in it's own brand of cyber warfare during each successive revolution of the Arab Spring. Anonymous took down Tunisian government sites, caused pandemonium in Egyptian administration offices during the January 25th uprising with a flood of faxes, and attacked Libyan state websites, before turning their attention to Nicaraguan and Venezuelan targets after those states' leaders expressed solidarity with Muammar Qaddafi. While the Tunisian and Egyptian governments were primarily on the defensive regarding the sudden wave of cyber attacks, the Syrian Electronic Army struck back against the collective after they hacked a Syrian defense ministry webpage, disabling AnonPlus, Anonymous' own nascent social network.
More recently, the group has engaged in phishing attacks in addition to their regular spamming and hacking activities. The Information Warfare Monitor uncovered an attempt by Syrian hackers to coax pro-revolution Syrian Facebook users into giving up their login info with a phony URL and login page. According to the Monitor, the malicious link -- which describes the content as a "fascinating video clip showing an attack on Syrian regime" -- has been distributed throughout Syrian Twitter communities from several automated accounts. The system resembles the Koobface botnet researched and documented by the Monitor in November 2010. While the scam isn't obviously affiliated with the Syrian Electronic Army, the phishing attack fits with the group's past activities.
It's unclear whether or not the Syrian Electronic Army has a direct affiliation with Syrian security forces. The Committee to Protect Journalists notes that, in a June 20th speech, Assad made a direct reference to the pro-government hacking group:
The army consists of the brothers of every Syrian citizen, and the army always stands for honour and dignity. Young people have an important role to play at this stage, because they have proven themselves to be an active power. There is the electronic army which has been a real army in virtual reality. There were those who took part in the blood donation campaign, and other initiatives. I met a number of youth delegations from different sections of society and found that Syrian youth enjoy a high sense of patriotism, and this is self-evident because they belong to this country.
On Twitter, the group thanked Assad for the mention, but reiterated on its website that the group was not affiliated with any government agency. However, research by Helmi Noman at the Monitor found that the domain name for the Army's website (syrian-es.com) was registered on May 5, 2011 by the Syrian Computer Society (SCS), an organization that was headed by the Syrian President Bashar al-Assad in 1995 before he assumed the Presidency. Still, it's not obvious as to whether the members of the cabal are employed by the Syrian government, contracted or co-opted by security forces, or simply a band of pro-Assad hackers engaging in some highly aggressive cyber-vigilantism.
Whoever they are, they've led by far the most sophisticated and highly visible online pro-regime effort of the 2011 Arab uprisings. Both Egypt and Libya tried shutting down Internet access outright, extreme steps that slowed communication but failed to stop the more tech-savvy activists from using proxies and special dial-ups to communicate (the blackout also had the unintended effect of angering otherwise uninvolved bystanders). The Syrian Electronic Army shows a surprising ability to move within the same online spaces typically dominated by young activists. Though Tunisians and Egyptians were able to outmaneuver their governments in large part using social media, Syrian activists have not enjoyed the same monopoly over the Web. Syria's government, by treating the Internet as another battleground in the fight for control rather than simply as a set of tools and websites to be disabled, may be the first in the Arab world to understand the potential utility of counter-revolutionary organizing online.
The Syrian Electronic Army is notable for its targets, which are Syrian and non-Syrian alike. Their campaign does not seem to much distinguish between opposition organizers within Syria and sympathetic groups or media outlets outside of it. The digital war isn't just against fellow Syrians, and it doesn't respect national borders. Whether the tools it uses are misdirection, annoyance, or outright attack, it has not hesitated in expanding its focus outside of Syria.
Perhaps most revealingly, the Syrian Electronic Army appears to consist of a number of normal civilians, rather than merely professional hackers or robots made to mimic real people. (There may well be professionals in the group's ranks, however, especially given the effectiveness of some DDoS attacks.) A random selection of the group's Facebook activists appeared to all have real accounts, and hundreds of pro-regime comments showed enough variation that they are unlikely to have been manufactured en masse, although the group's Facebook page does present several boilerplate messages as examples. Each comment, it appears, was individually crafted by someone who wanted to demonstrate their passionate support of Assad and condemnation of protesters. But even if the sentiment is authentic, the specific allegations are unlikely to be sincere. The regime's use of torture is widely known, for example; spreading fear is precisely the reason one runs a torture program in the first place.
Despite the skill of the Syrian Electronic Army, it is the group's mass of apparent volunteers that reveals the most about Syria's ongoing conflict. Reliable opinion polling is difficult, but some reporting from the country suggests that a significant minority of Syrians strongly support Assad; some of them, particularly young, tech-savvy men and women, would be in a position to help their government against online opposition activists. This gives Assad something that his counterparts in Egypt, Tunisia, and Libya mostly lacked: a savvy, aggressive presence online. Such supporters are probably largely comprised of the Alawite sect of which Assad is a member, many of whom fear of reprisals should the regime collapse. But whoever they are and whatever their motivation, the Syrian Electronic Army can challenge activists online, one of the few remaining safe spaces for the country's besieged opposition movement.
*The post originally attributed ownership of the Facebook page to Columbia University. In an e-mail, Columbia University said the page has no affiliation with the school and they have no control over the contents. We regret this error.