Experts Assess Syrian Hackers’ Capabilities

Emelie Rutherford, Global Security Newswire
Add to Briefcase
See more stories about...
Emelie Rutherford, Global Security Newswire
Oct. 23, 2013, 11:02 a.m.

WASH­ING­TON — A Syr­i­an hack­ing group’s re­por­ted de­fa­cing of Qatari gov­ern­ment webpages over the week­end could sig­nal a new dir­ec­tion for the or­gan­iz­a­tion that has in­filt­rated West­ern news web­sites and is loy­al to Bashar As­sad, the civil-war-torn coun­try’s em­battled pres­id­ent.

Still, U.S. cy­ber­se­cur­ity ex­perts said they don’t ex­pect the so-called Syr­i­an Elec­tron­ic Army to take steps as drastic as com­prom­ising U.S. nuc­le­ar fa­cil­it­ies or crip­pling the crit­ic­al in­fra­struc­ture of a ma­jor world power through a cy­ber at­tack — at least not in the near fu­ture, and not without help from oth­er coun­tries.

The Syr­i­an Elec­tron­ic Army is loy­al to As­sad, though U.S. ana­lysts say its spe­cif­ic ties to the re­gime are not clear. The group in re­cent months has tar­geted news and com­mu­nic­a­tions web­sites in and out of the United States, with sus­pec­ted ac­tions in­clud­ing dis­abling the New York Times’ page in Au­gust and post­ing pro-As­sad mes­sages on a U.S. Mar­ines Corps page in Septem­ber. It in­fam­ously caused U.S. stock mar­kets to dip in April after post­ing a fake news alert about a White House bomb­ing on the As­so­ci­ated Press’ Twit­ter page.

This past Sunday, Qatari of­fi­cials said they re­covered gov­ern­ment web­sites tar­geted by the Syr­i­an Elec­tron­ic Army, in­clud­ing the Qatari in­teri­or min­istry’s site, ac­cord­ing to Middle East­ern news re­ports.

“It’s pretty in­ter­est­ing that (the Syr­i­an Elec­tron­ic Army) went to Qatar,” said Chris­toph­er Ahl­berg, CEO and cofounder of Re­cor­ded Fu­ture in Cam­bridge, Mass., a com­pany that tracks com­puter in­filt­ra­tions around the world. The Syr­i­an Elec­tron­ic Army re­portedly said it tar­geted Qatar be­cause it sup­ports Syr­i­an rebels. In an in­ter­view with Glob­al Se­cur­ity News­wire, Ahl­berg also poin­ted to an­oth­er pos­sible mo­tiv­a­tion: “Maybe it’s be­cause the at­tract­ive tar­gets in the U.S. and the U.K. are now locked down now, so they have to go else­where.”

If that is the case, more coun­tries could be sub­ject to the Syr­i­an Elec­tron­ic Army’s tac­tics, which are de­scribed in re­cent re­ports by net­work-se­cur­ity com­pany Fire Eye, in­ter­net-con­tent-de­liv­ery firm Akamai and Wash­ing­ton think tank the Cen­ter for Stra­tegic and In­ter­na­tion­al Stud­ies. Those ac­tions in­clude web­site de­fa­cings, deni­al-of-ser­vice at­tacks, “phish­ing” cam­paigns to trick com­puter users to re­veal pass­words and sens­it­ive codes, and e-mail spam­ming of gov­ern­ments, me­dia out­lets and on­line ser­vices.

Pre­vi­ously, the Syr­i­an hack­ing group had been tied to some at­tacks of gov­ern­ment web­sites — in­clud­ing a re­portedly failed at­tempt to dis­rupt the wa­ter sup­ply in the Is­raeli city of Haifa and a po­ten­tially suc­cess­ful breach of the Saudi Ar­a­bi­an Min­istry of De­fense email sys­tem, both in May. However, the valid­ity of those re­ports has been ques­tioned, ac­cord­ing to U.S. ana­lysts. Akamai’s Oct. 16 re­port also says the Syr­i­an Elec­tron­ic Army “has been as­so­ci­ated with the post­ing of pro-Syr­i­an pro­pa­ganda” to the Face­book pages of the U.S. Em­bassy in Dam­as­cus, U.S. De­part­ment of State, U.S. De­part­ment of Treas­ury, the White House and Pres­id­ent Obama.

The U.S. Na­tion­al Se­cur­ity Agency is be­lieved to be in­vest­ig­at­ing the Syr­i­an Elec­tron­ic Army, by ac­cess­ing some mem­bers’ com­puters and net­works to un­der­stand if they have the cap­ab­il­ity to launch a lar­ger at­tack, ac­cord­ing to Mat­thew Rhoades, the dir­ect­or of the Cy­ber­space & Se­cur­ity Pro­gram at the Cen­ter for Na­tion­al Policy & Tru­man Na­tion­al Se­cur­ity Pro­ject in Wash­ing­ton. A worst-case scen­ario could be a cata­stroph­ic cy­ber at­tack on U.S. crit­ic­al in­fra­struc­ture, in­clud­ing nuc­le­ar re­act­ors.

Rhoades, though, in an in­ter­view with GSN said he doesn’t “know that there is a cap­ab­il­ity or an in­tent with­in these Syr­i­an groups as of today to pur­sue and suc­cess­fully com­plete one of those at­tacks.”

“As far as cap­ab­il­it­ies, they’re con­sidered to be on the lower end of the spec­trum,” he said. “They’re mo­tiv­ated by polit­ic­al reas­ons right now. So that’s why they go after me­dia out­lets. That’s why they go after some gov­ern­ment or­gan­iz­a­tions. That’s why they go after anti-As­sad groups. They do not ap­pre­ci­ate the cov­er­age … [of the] sort of pro-West, anti-As­sad news me­dia.”

Ahl­berg said the Syr­i­an Elec­tron­ic Army is “not the most soph­ist­ic­ated” group of hack­ers, when com­pared to their coun­ter­parts in Rus­sia, who have tar­geted for­eign banks, and in China, who have sought mil­it­ary secrets.

It is un­clear if the Syr­i­an Elec­tron­ic Army has con­nec­tions to more-ad­vanced hack­ing groups from oth­er na­tions that are crit­ic­al of U.S. policy, Rhoades said.

“Ir­an and Rus­sia would worry me the most, and for two sep­ar­ate reas­ons,” he said. “Rus­sia, be­cause they’re highly soph­ist­ic­ated, and so if there’s some sort of edu­ca­tion­al com­pon­ent between the two, that could greatly ex­pand Syr­i­an cap­ab­il­it­ies. … (And) If any­body was mo­tiv­ated to do something on the cy­ber-at­tack side of the scale, from a na­tion-state per­spect­ive, you would ima­gine it would be Ir­an.”

While U.S.-Ir­a­ni­an re­la­tions are im­prov­ing, Rhoades noted they still are tenu­ous.

Ken­neth Geers, a seni­or glob­al threat ana­lyst for Mil­pitas, Cal­if.-based Fir­eEye, said the United States “ab­so­lutely” should be con­cerned about Rus­si­an and Ir­a­ni­an hack­ers train­ing and aid­ing the Syr­i­an Elec­tron­ic Army.

“Cy­ber­space is a re­flec­tion of tra­di­tion­al so­cial, polit­ic­al, and mil­it­ary af­fairs,” he said in an emailed re­sponse to ques­tions. “Rus­sia and Ir­an are Syr­ia’s al­lies in tra­di­tion­al space, so they are Syr­ia’s al­lies in cy­ber­space.”

Geers, whose past gov­ern­ment roles in­clude stints at the Na­tion­al Se­cur­ity Agency and NATO, said he be­lieves two factors sug­gest the Syr­i­an Elec­tron­ic Army pos­sesses an “ad­vanced per­sist­ent threat,” which he defines as hav­ing the dir­ect or in­dir­ect sup­port of a na­tion state: “First, the dur­a­tion of SEA’s at­tacks: over two years; second, their grav­ity: with­in a week in Ju­ly 2013, SEA com­prom­ised in­ter­na­tion­al com­mu­nic­a­tions web­sites used by hun­dreds of mil­lions of users around the world,” he said.

A U.S. De­part­ment of De­fense spokes­man de­clined to talk spe­cific­ally about what the United States is do­ing to mon­it­or and de­fend against cy­ber at­tacks from Syr­ia.

Air Force Lt. Col. Dami­en Pick­art, though, in an emailed re­sponse to ques­tions noted: “We’ve seen a series of at­tacks claimed by the Syr­i­an Elec­tron­ic Army over the past sev­er­al years, so the re­cent at­tacks were not a new phe­nomen­on.”

He said the Pentagon “takes ser­i­ously its mis­sion to de­fend the na­tion from any group that at­tempts to use cy­ber­space to threaten U.S. se­cur­ity or na­tion­al in­terests.”

The U.S. gov­ern­ment routinely shares threat in­form­a­tion with the private sec­tor through the De­part­ment of Home­land Se­cur­ity in or­der to “mit­ig­ate much of the threat activ­ity we have seen re­cently,” the Pentagon spokes­man noted.

What We're Following See More »
BOON TO PROSECUTORS
SCOTUS Rules that Insider Trading Can’t Be “Gifted”
8 hours ago
THE DETAILS

In a unanimous decision, "the Supreme Court on Tuesday said it violates insider-trading laws for a corporate officer to make a “gift” of insider information to a relative, a decision that makes it easier for those who police Wall Street to bring prosecutions."

Source:
EFFORT LIKELY TO DIE IN COMMITTEE
Jordan Can’t Force a Floor Vote on Impeaching Koskinen
9 hours ago
THE LATEST
House Freedom Caucus Chairman Jim Jordan attempted to force a floor vote on impeaching IRS Commissioner John Koskinen, but "the House voted overwhelmingly to refer it to the Judiciary Committee. ... The committee will not be required to take up the resolution." Earlier, House Minority Leader Nancy Pelosi "made a motion to table the resolution, which the House voted against by a 180-235 margin, mostly along party lines."
Source:
AFTER THE VOTE FOR SPEAKER
Ryan: No Committee Assignments Until New Year
14 hours ago
THE DETAILS

House Speaker Paul Ryan has decreed that House members "won’t receive their committee assignments until January — after they cast a public vote on the House floor for speaker. "The move has sparked behind-the-scenes grumbling from a handful of Ryan critics, who say the delay allows him and the Speaker-aligned Steering Committee to dole out committee assignments based on political loyalty rather than merit or expertise." The roll call to elect the speaker is set for Jan. 3, the first vote of the new Congress.

Source:
EXPECTED TO FUND THE GOVERNMENT THROUGH SPRING
Funding Bill To Be Released Tuesday
1 days ago
THE LATEST

House Majority Leader Kevin McCarthy told reporters on Monday that the government funding bill will be released on Tuesday. The bill is the last piece of legislation Congress needs to pass before leaving for the year and is expected to fund the government through the spring. The exact time date the bill would fund the government through is unclear, though it is expected to be in April or May.

Source:
IT’S OFFICIAL
Trump to Nominate Carson to Lead HUD
1 days ago
THE LATEST

As has been rumored for a week, Donald Trump will nominate Ben Carson, his former rival, to lead the Department of Housing and Urban Development. In a statement, Trump said, "We have talked at length about my urban renewal agenda and our message of economic revival, very much including our inner cities. Ben shares my optimism about the future of our country and is part of ensuring that this is a Presidency representing all Americans. He is a tough competitor and never gives up."

Source:
×
×

Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.

Login