Experts Assess Syrian Hackers’ Capabilities

Emelie Rutherford, Global Security Newswire
See more stories about...
Emelie Rutherford, Global Security Newswire
Oct. 23, 2013, 11:02 a.m.

WASH­ING­TON — A Syr­i­an hack­ing group’s re­por­ted de­fa­cing of Qatari gov­ern­ment webpages over the week­end could sig­nal a new dir­ec­tion for the or­gan­iz­a­tion that has in­filt­rated West­ern news web­sites and is loy­al to Bashar As­sad, the civil-war-torn coun­try’s em­battled pres­id­ent.

Still, U.S. cy­ber­se­cur­ity ex­perts said they don’t ex­pect the so-called Syr­i­an Elec­tron­ic Army to take steps as drastic as com­prom­ising U.S. nuc­le­ar fa­cil­it­ies or crip­pling the crit­ic­al in­fra­struc­ture of a ma­jor world power through a cy­ber at­tack — at least not in the near fu­ture, and not without help from oth­er coun­tries.

The Syr­i­an Elec­tron­ic Army is loy­al to As­sad, though U.S. ana­lysts say its spe­cif­ic ties to the re­gime are not clear. The group in re­cent months has tar­geted news and com­mu­nic­a­tions web­sites in and out of the United States, with sus­pec­ted ac­tions in­clud­ing dis­abling the New York Times’ page in Au­gust and post­ing pro-As­sad mes­sages on a U.S. Mar­ines Corps page in Septem­ber. It in­fam­ously caused U.S. stock mar­kets to dip in April after post­ing a fake news alert about a White House bomb­ing on the As­so­ci­ated Press’ Twit­ter page.

This past Sunday, Qatari of­fi­cials said they re­covered gov­ern­ment web­sites tar­geted by the Syr­i­an Elec­tron­ic Army, in­clud­ing the Qatari in­teri­or min­istry’s site, ac­cord­ing to Middle East­ern news re­ports.

“It’s pretty in­ter­est­ing that (the Syr­i­an Elec­tron­ic Army) went to Qatar,” said Chris­toph­er Ahl­berg, CEO and cofounder of Re­cor­ded Fu­ture in Cam­bridge, Mass., a com­pany that tracks com­puter in­filt­ra­tions around the world. The Syr­i­an Elec­tron­ic Army re­portedly said it tar­geted Qatar be­cause it sup­ports Syr­i­an rebels. In an in­ter­view with Glob­al Se­cur­ity News­wire, Ahl­berg also poin­ted to an­oth­er pos­sible mo­tiv­a­tion: “Maybe it’s be­cause the at­tract­ive tar­gets in the U.S. and the U.K. are now locked down now, so they have to go else­where.”

If that is the case, more coun­tries could be sub­ject to the Syr­i­an Elec­tron­ic Army’s tac­tics, which are de­scribed in re­cent re­ports by net­work-se­cur­ity com­pany Fire Eye, in­ter­net-con­tent-de­liv­ery firm Akamai and Wash­ing­ton think tank the Cen­ter for Stra­tegic and In­ter­na­tion­al Stud­ies. Those ac­tions in­clude web­site de­fa­cings, deni­al-of-ser­vice at­tacks, “phish­ing” cam­paigns to trick com­puter users to re­veal pass­words and sens­it­ive codes, and e-mail spam­ming of gov­ern­ments, me­dia out­lets and on­line ser­vices.

Pre­vi­ously, the Syr­i­an hack­ing group had been tied to some at­tacks of gov­ern­ment web­sites — in­clud­ing a re­portedly failed at­tempt to dis­rupt the wa­ter sup­ply in the Is­raeli city of Haifa and a po­ten­tially suc­cess­ful breach of the Saudi Ar­a­bi­an Min­istry of De­fense email sys­tem, both in May. However, the valid­ity of those re­ports has been ques­tioned, ac­cord­ing to U.S. ana­lysts. Akamai’s Oct. 16 re­port also says the Syr­i­an Elec­tron­ic Army “has been as­so­ci­ated with the post­ing of pro-Syr­i­an pro­pa­ganda” to the Face­book pages of the U.S. Em­bassy in Dam­as­cus, U.S. De­part­ment of State, U.S. De­part­ment of Treas­ury, the White House and Pres­id­ent Obama.

The U.S. Na­tion­al Se­cur­ity Agency is be­lieved to be in­vest­ig­at­ing the Syr­i­an Elec­tron­ic Army, by ac­cess­ing some mem­bers’ com­puters and net­works to un­der­stand if they have the cap­ab­il­ity to launch a lar­ger at­tack, ac­cord­ing to Mat­thew Rhoades, the dir­ect­or of the Cy­ber­space & Se­cur­ity Pro­gram at the Cen­ter for Na­tion­al Policy & Tru­man Na­tion­al Se­cur­ity Pro­ject in Wash­ing­ton. A worst-case scen­ario could be a cata­stroph­ic cy­ber at­tack on U.S. crit­ic­al in­fra­struc­ture, in­clud­ing nuc­le­ar re­act­ors.

Rhoades, though, in an in­ter­view with GSN said he doesn’t “know that there is a cap­ab­il­ity or an in­tent with­in these Syr­i­an groups as of today to pur­sue and suc­cess­fully com­plete one of those at­tacks.”

“As far as cap­ab­il­it­ies, they’re con­sidered to be on the lower end of the spec­trum,” he said. “They’re mo­tiv­ated by polit­ic­al reas­ons right now. So that’s why they go after me­dia out­lets. That’s why they go after some gov­ern­ment or­gan­iz­a­tions. That’s why they go after anti-As­sad groups. They do not ap­pre­ci­ate the cov­er­age … [of the] sort of pro-West, anti-As­sad news me­dia.”

Ahl­berg said the Syr­i­an Elec­tron­ic Army is “not the most soph­ist­ic­ated” group of hack­ers, when com­pared to their coun­ter­parts in Rus­sia, who have tar­geted for­eign banks, and in China, who have sought mil­it­ary secrets.

It is un­clear if the Syr­i­an Elec­tron­ic Army has con­nec­tions to more-ad­vanced hack­ing groups from oth­er na­tions that are crit­ic­al of U.S. policy, Rhoades said.

“Ir­an and Rus­sia would worry me the most, and for two sep­ar­ate reas­ons,” he said. “Rus­sia, be­cause they’re highly soph­ist­ic­ated, and so if there’s some sort of edu­ca­tion­al com­pon­ent between the two, that could greatly ex­pand Syr­i­an cap­ab­il­it­ies. … (And) If any­body was mo­tiv­ated to do something on the cy­ber-at­tack side of the scale, from a na­tion-state per­spect­ive, you would ima­gine it would be Ir­an.”

While U.S.-Ir­a­ni­an re­la­tions are im­prov­ing, Rhoades noted they still are tenu­ous.

Ken­neth Geers, a seni­or glob­al threat ana­lyst for Mil­pitas, Cal­if.-based Fir­eEye, said the United States “ab­so­lutely” should be con­cerned about Rus­si­an and Ir­a­ni­an hack­ers train­ing and aid­ing the Syr­i­an Elec­tron­ic Army.

“Cy­ber­space is a re­flec­tion of tra­di­tion­al so­cial, polit­ic­al, and mil­it­ary af­fairs,” he said in an emailed re­sponse to ques­tions. “Rus­sia and Ir­an are Syr­ia’s al­lies in tra­di­tion­al space, so they are Syr­ia’s al­lies in cy­ber­space.”

Geers, whose past gov­ern­ment roles in­clude stints at the Na­tion­al Se­cur­ity Agency and NATO, said he be­lieves two factors sug­gest the Syr­i­an Elec­tron­ic Army pos­sesses an “ad­vanced per­sist­ent threat,” which he defines as hav­ing the dir­ect or in­dir­ect sup­port of a na­tion state: “First, the dur­a­tion of SEA’s at­tacks: over two years; second, their grav­ity: with­in a week in Ju­ly 2013, SEA com­prom­ised in­ter­na­tion­al com­mu­nic­a­tions web­sites used by hun­dreds of mil­lions of users around the world,” he said.

A U.S. De­part­ment of De­fense spokes­man de­clined to talk spe­cific­ally about what the United States is do­ing to mon­it­or and de­fend against cy­ber at­tacks from Syr­ia.

Air Force Lt. Col. Dami­en Pick­art, though, in an emailed re­sponse to ques­tions noted: “We’ve seen a series of at­tacks claimed by the Syr­i­an Elec­tron­ic Army over the past sev­er­al years, so the re­cent at­tacks were not a new phe­nomen­on.”

He said the Pentagon “takes ser­i­ously its mis­sion to de­fend the na­tion from any group that at­tempts to use cy­ber­space to threaten U.S. se­cur­ity or na­tion­al in­terests.”

The U.S. gov­ern­ment routinely shares threat in­form­a­tion with the private sec­tor through the De­part­ment of Home­land Se­cur­ity in or­der to “mit­ig­ate much of the threat activ­ity we have seen re­cently,” the Pentagon spokes­man noted.

What We're Following See More »
STAFF PICKS
When It Comes to Mining Asteroids, Technology Is Only the First Problem
18 hours ago
WHY WE CARE

Foreign Policy takes a look at the future of mining the estimated "100,000 near-Earth objects—including asteroids and comets—in the neighborhood of our planet. Some of these NEOs, as they’re called, are small. Others are substantial and potentially packed full of water and various important minerals, such as nickel, cobalt, and iron. One day, advocates believe, those objects will be tapped by variations on the equipment used in the coal mines of Kentucky or in the diamond mines of Africa. And for immense gain: According to industry experts, the contents of a single asteroid could be worth trillions of dollars." But the technology to get us there is only the first step. Experts say "a multinational body might emerge" to manage rights to NEOs, as well as a body of law, including an international court.

Source:
STAFF PICKS
Obama Reflects on His Economic Record
19 hours ago
WHY WE CARE

Not to be outdone by Jeffrey Goldberg's recent piece in The Atlantic about President Obama's foreign policy, the New York Times Magazine checks in with a longread on the president's economic legacy. In it, Obama is cognizant that the economic reality--73 straight months of growth--isn't matched by public perceptions. Some of that, he says, is due to a constant drumbeat from the right that "that denies any progress." But he also accepts some blame himself. “I mean, the truth of the matter is that if we had been able to more effectively communicate all the steps we had taken to the swing voter,” he said, “then we might have maintained a majority in the House or the Senate.”

Source:
STAFF PICKS
Reagan Families, Allies Lash Out at Will Ferrell
20 hours ago
WHY WE CARE

Ronald Reagan's children and political allies took to the media and Twitter this week to chide funnyman Will Ferrell for his plans to play a dementia-addled Reagan in his second term in a new comedy entitled Reagan. In an open letter, Reagan's daughter Patti Davis tells Ferrell, who's also a producer on the movie, “Perhaps for your comedy you would like to visit some dementia facilities. I have—I didn’t find anything comedic there, and my hope would be that if you’re a decent human being, you wouldn’t either.” Michael Reagan, the president's son, tweeted, "What an Outrag....Alzheimers is not joke...It kills..You should be ashamed all of you." And former Rep. Joe Walsh called it an example of "Hollywood taking a shot at conservatives again."

Source:
PEAK CONFIDENCE
Clinton No Longer Running Primary Ads
23 hours ago
WHY WE CARE

In a sign that she’s ready to put a longer-than-ex­pec­ted primary battle be­hind her, former Sec­ret­ary of State Hil­lary Clin­ton (D) is no longer go­ing on the air in up­com­ing primary states. “Team Clin­ton hasn’t spent a single cent in … Cali­for­nia, In­di­ana, Ken­tucky, Ore­gon and West Vir­gin­ia, while” Sen. Bernie Sanders’ (I-VT) “cam­paign has spent a little more than $1 mil­lion in those same states.” Meanwhile, Sen. Jeff Merkley (D-OR), Sanders’ "lone back­er in the Sen­ate, said the can­did­ate should end his pres­id­en­tial cam­paign if he’s los­ing to Hil­lary Clin­ton after the primary sea­son con­cludes in June, break­ing sharply with the can­did­ate who is vow­ing to take his in­sur­gent bid to the party con­ven­tion in Phil­adelphia.”

Source:
CITIZENS UNITED PT. 2?
Movie Based on ‘Clinton Cash’ to Debut at Cannes
1 days ago
WHY WE CARE

The team behind the bestselling "Clinton Cash"—author Peter Schweizer and Breitbart's Stephen Bannon—is turning the book into a movie that will have its U.S. premiere just before the Democratic National Convention this summer. The film will get its global debut "next month in Cannes, France, during the Cannes Film Festival. (The movie is not a part of the festival, but will be shown at a screening arranged for distributors)." Bloomberg has a trailer up, pointing out that it's "less Ken Burns than Jerry Bruckheimer, featuring blood-drenched money, radical madrassas, and ominous footage of the Clintons."

Source:
×