Experts Assess Syrian Hackers’ Capabilities

Emelie Rutherford, Global Security Newswire
See more stories about...
Emelie Rutherford, Global Security Newswire
Oct. 23, 2013, 11:02 a.m.

WASH­ING­TON — A Syr­i­an hack­ing group’s re­por­ted de­fa­cing of Qatari gov­ern­ment webpages over the week­end could sig­nal a new dir­ec­tion for the or­gan­iz­a­tion that has in­filt­rated West­ern news web­sites and is loy­al to Bashar As­sad, the civil-war-torn coun­try’s em­battled pres­id­ent.

Still, U.S. cy­ber­se­cur­ity ex­perts said they don’t ex­pect the so-called Syr­i­an Elec­tron­ic Army to take steps as drastic as com­prom­ising U.S. nuc­le­ar fa­cil­it­ies or crip­pling the crit­ic­al in­fra­struc­ture of a ma­jor world power through a cy­ber at­tack — at least not in the near fu­ture, and not without help from oth­er coun­tries.

The Syr­i­an Elec­tron­ic Army is loy­al to As­sad, though U.S. ana­lysts say its spe­cif­ic ties to the re­gime are not clear. The group in re­cent months has tar­geted news and com­mu­nic­a­tions web­sites in and out of the United States, with sus­pec­ted ac­tions in­clud­ing dis­abling the New York Times’ page in Au­gust and post­ing pro-As­sad mes­sages on a U.S. Mar­ines Corps page in Septem­ber. It in­fam­ously caused U.S. stock mar­kets to dip in April after post­ing a fake news alert about a White House bomb­ing on the As­so­ci­ated Press’ Twit­ter page.

This past Sunday, Qatari of­fi­cials said they re­covered gov­ern­ment web­sites tar­geted by the Syr­i­an Elec­tron­ic Army, in­clud­ing the Qatari in­teri­or min­istry’s site, ac­cord­ing to Middle East­ern news re­ports.

“It’s pretty in­ter­est­ing that (the Syr­i­an Elec­tron­ic Army) went to Qatar,” said Chris­toph­er Ahl­berg, CEO and cofounder of Re­cor­ded Fu­ture in Cam­bridge, Mass., a com­pany that tracks com­puter in­filt­ra­tions around the world. The Syr­i­an Elec­tron­ic Army re­portedly said it tar­geted Qatar be­cause it sup­ports Syr­i­an rebels. In an in­ter­view with Glob­al Se­cur­ity News­wire, Ahl­berg also poin­ted to an­oth­er pos­sible mo­tiv­a­tion: “Maybe it’s be­cause the at­tract­ive tar­gets in the U.S. and the U.K. are now locked down now, so they have to go else­where.”

If that is the case, more coun­tries could be sub­ject to the Syr­i­an Elec­tron­ic Army’s tac­tics, which are de­scribed in re­cent re­ports by net­work-se­cur­ity com­pany Fire Eye, in­ter­net-con­tent-de­liv­ery firm Akamai and Wash­ing­ton think tank the Cen­ter for Stra­tegic and In­ter­na­tion­al Stud­ies. Those ac­tions in­clude web­site de­fa­cings, deni­al-of-ser­vice at­tacks, “phish­ing” cam­paigns to trick com­puter users to re­veal pass­words and sens­it­ive codes, and e-mail spam­ming of gov­ern­ments, me­dia out­lets and on­line ser­vices.

Pre­vi­ously, the Syr­i­an hack­ing group had been tied to some at­tacks of gov­ern­ment web­sites — in­clud­ing a re­portedly failed at­tempt to dis­rupt the wa­ter sup­ply in the Is­raeli city of Haifa and a po­ten­tially suc­cess­ful breach of the Saudi Ar­a­bi­an Min­istry of De­fense email sys­tem, both in May. However, the valid­ity of those re­ports has been ques­tioned, ac­cord­ing to U.S. ana­lysts. Akamai’s Oct. 16 re­port also says the Syr­i­an Elec­tron­ic Army “has been as­so­ci­ated with the post­ing of pro-Syr­i­an pro­pa­ganda” to the Face­book pages of the U.S. Em­bassy in Dam­as­cus, U.S. De­part­ment of State, U.S. De­part­ment of Treas­ury, the White House and Pres­id­ent Obama.

The U.S. Na­tion­al Se­cur­ity Agency is be­lieved to be in­vest­ig­at­ing the Syr­i­an Elec­tron­ic Army, by ac­cess­ing some mem­bers’ com­puters and net­works to un­der­stand if they have the cap­ab­il­ity to launch a lar­ger at­tack, ac­cord­ing to Mat­thew Rhoades, the dir­ect­or of the Cy­ber­space & Se­cur­ity Pro­gram at the Cen­ter for Na­tion­al Policy & Tru­man Na­tion­al Se­cur­ity Pro­ject in Wash­ing­ton. A worst-case scen­ario could be a cata­stroph­ic cy­ber at­tack on U.S. crit­ic­al in­fra­struc­ture, in­clud­ing nuc­le­ar re­act­ors.

Rhoades, though, in an in­ter­view with GSN said he doesn’t “know that there is a cap­ab­il­ity or an in­tent with­in these Syr­i­an groups as of today to pur­sue and suc­cess­fully com­plete one of those at­tacks.”

“As far as cap­ab­il­it­ies, they’re con­sidered to be on the lower end of the spec­trum,” he said. “They’re mo­tiv­ated by polit­ic­al reas­ons right now. So that’s why they go after me­dia out­lets. That’s why they go after some gov­ern­ment or­gan­iz­a­tions. That’s why they go after anti-As­sad groups. They do not ap­pre­ci­ate the cov­er­age … [of the] sort of pro-West, anti-As­sad news me­dia.”

Ahl­berg said the Syr­i­an Elec­tron­ic Army is “not the most soph­ist­ic­ated” group of hack­ers, when com­pared to their coun­ter­parts in Rus­sia, who have tar­geted for­eign banks, and in China, who have sought mil­it­ary secrets.

It is un­clear if the Syr­i­an Elec­tron­ic Army has con­nec­tions to more-ad­vanced hack­ing groups from oth­er na­tions that are crit­ic­al of U.S. policy, Rhoades said.

“Ir­an and Rus­sia would worry me the most, and for two sep­ar­ate reas­ons,” he said. “Rus­sia, be­cause they’re highly soph­ist­ic­ated, and so if there’s some sort of edu­ca­tion­al com­pon­ent between the two, that could greatly ex­pand Syr­i­an cap­ab­il­it­ies. … (And) If any­body was mo­tiv­ated to do something on the cy­ber-at­tack side of the scale, from a na­tion-state per­spect­ive, you would ima­gine it would be Ir­an.”

While U.S.-Ir­a­ni­an re­la­tions are im­prov­ing, Rhoades noted they still are tenu­ous.

Ken­neth Geers, a seni­or glob­al threat ana­lyst for Mil­pitas, Cal­if.-based Fir­eEye, said the United States “ab­so­lutely” should be con­cerned about Rus­si­an and Ir­a­ni­an hack­ers train­ing and aid­ing the Syr­i­an Elec­tron­ic Army.

“Cy­ber­space is a re­flec­tion of tra­di­tion­al so­cial, polit­ic­al, and mil­it­ary af­fairs,” he said in an emailed re­sponse to ques­tions. “Rus­sia and Ir­an are Syr­ia’s al­lies in tra­di­tion­al space, so they are Syr­ia’s al­lies in cy­ber­space.”

Geers, whose past gov­ern­ment roles in­clude stints at the Na­tion­al Se­cur­ity Agency and NATO, said he be­lieves two factors sug­gest the Syr­i­an Elec­tron­ic Army pos­sesses an “ad­vanced per­sist­ent threat,” which he defines as hav­ing the dir­ect or in­dir­ect sup­port of a na­tion state: “First, the dur­a­tion of SEA’s at­tacks: over two years; second, their grav­ity: with­in a week in Ju­ly 2013, SEA com­prom­ised in­ter­na­tion­al com­mu­nic­a­tions web­sites used by hun­dreds of mil­lions of users around the world,” he said.

A U.S. De­part­ment of De­fense spokes­man de­clined to talk spe­cific­ally about what the United States is do­ing to mon­it­or and de­fend against cy­ber at­tacks from Syr­ia.

Air Force Lt. Col. Dami­en Pick­art, though, in an emailed re­sponse to ques­tions noted: “We’ve seen a series of at­tacks claimed by the Syr­i­an Elec­tron­ic Army over the past sev­er­al years, so the re­cent at­tacks were not a new phe­nomen­on.”

He said the Pentagon “takes ser­i­ously its mis­sion to de­fend the na­tion from any group that at­tempts to use cy­ber­space to threaten U.S. se­cur­ity or na­tion­al in­terests.”

The U.S. gov­ern­ment routinely shares threat in­form­a­tion with the private sec­tor through the De­part­ment of Home­land Se­cur­ity in or­der to “mit­ig­ate much of the threat activ­ity we have seen re­cently,” the Pentagon spokes­man noted.

What We're Following See More »
FRENCH IS A LAWYER, VETERAN
Kristol Recruiting National Review’s David French for Third-Party Run
46 minutes ago
THE LATEST

"Two Republicans intimately familiar with Bill Kristol’s efforts to recruit an independent presidential candidate to challenge Donald Trump and Hillary Clinton have told Bloomberg Politics that the person Kristol has in mind is David French -- whose name the editor of the Weekly Standard floated in the current issue of the magazine.

French is a veteran of Operation Iraqi Freedom. According to the website of National Review, where French is a staff writer, he is a constitutional lawyer, a recipient of the Bronze Star, and an author of several books who lives in Columbia, Tenn., with his wife Nancy and three children."

Source:
CALIFORNIA VOTES IN A WEEK
Jerry Brown Backs Clinton
2 hours ago
THE LATEST

California Gov. Jerry Brown endorsed Hillary Clinton today, calling her "the only path forward to win the presidency and stop the dangerous candidacy of Donald Trump." While praising Sen. Bernie Sanders' campaign, Brown said "Clinton’s lead is insurmountable and Democrats have shown – by millions of votes – that they want her as their nominee. ... This is no time for Democrats to keep fighting each other. The general election has already begun."

Source:
GLASS CEILING STILL HARD TO CRACK
Clinton Says Voters Still Hung Up on Gender
5 hours ago
THE LATEST

In a New York Magazine profile, Hillary Clinton said she still encounters misogyny at her own events: “‘I really admire you, I really like you, I just don’t know if I can vote for a woman to be president.’ I mean, they come to my events and then they say that to me.”

Source:
CHANGE WE CAN’T BELIEVE IN
Trump Vows Not to Change
5 hours ago
THE LATEST
Source:
FILING DEADLINE IS JUNE 24
McConnell Urging Rubio to Run for Reelection
8 hours ago
THE LATEST

Senate Majority Leader Mitch McConnell: "One of the things that I’m hoping, I and my colleagues have been trying to convince Senator Marco Rubio to run again in Florida. He had indicated he was not going to, but we’re all hoping that he’ll reconsider, because poll data indicates that he is the one who can win for us. He would not only save a terrific senator for the Senate, but help save the majority. ... Well, I hope so. We’re all lobbying hard for him to run again."

Source:
×