The Syrian Army Obama Can’t Bomb

If the U.S attacks, the Syrian Electronic Army is sure to step up its hacks. But is it any real threat?

National Journal
Brian Resnick
Add to Briefcase
Brian Resnick
Sept. 10, 2013, 8:46 a.m.

The Za­patis­tas star­ted off tra­di­tion­ally — with a mi­li­tia a few thou­sand deep, homemade weapons, and AK-47s. On New Year’s Day 1994, the left­ist group took con­trol of sev­er­al towns in Chiapas, a re­gion in south­ern Mex­ico. The rebels, fueled by an­ger over the re­cently au­thor­ized North Amer­ic­an Free Trade Agree­ment, stormed the towns at mid­night in what was de­scribed as “as a jovi­al spec­tacle.”

Mex­ico, in turn, re­spon­ded tra­di­tion­ally — with 15,000 sol­diers. They drove the Za­patis­tas back in­to the jungles, killing about 150 of them. But here’s where the story breaks from tra­di­tion. When the re­volu­tion­ar­ies moun­ted a comeback, it wasn’t back on the streets of Mex­ico, it was on the Web, for­go­ing weapons or vi­ol­ence for mes­sage pro­lif­er­a­tion and “hackt­iv­ism.” By today’s stand­ards, they or­gan­ized simple things: They used list­servs to get their mes­sages out and staged In­ter­net “sit-ins” by flood­ing serv­ers. But they got big at­ten­tion. They marked the be­gin­ning of the age of In­ter­net act­iv­ists.

It was the first “net­war” — as a 1998 Rand re­port de­scribed it — a mil­it­ant-yet peace­ful brand of so­cial act­iv­ism that lives in shifty tangles on the In­ter­net, which can be just as vis­ible as 1,000 re­volu­tion­ar­ies on the ground. “It is in­spir­ing rad­ic­al act­iv­ists around the world to be­gin think­ing that old mod­els of struggle — ones that call for build­ing ‘parties’ and ‘fronts’ … to ‘crush the state’ and ‘seize power’ — are not the way to go in the in­form­a­tion age,” the au­thors of that re­port wrote.

Led by Sub-Comand­ante Mar­cos (fore­ground), about 3,000 mem­bers of the Za­patista Army for Na­tion­al Lib­er­a­tion fire their weapons in­to the air in the south­ern Mex­ic­an state of Chiapas on Oct. 15, 1994. (AP Photo/Marco Ugarte)

But in the 15 years since that pa­per was pub­lished, In­ter­net act­iv­ism ob­vi­ously hasn’t re­placed phys­ic­al re­bel­lion. It just hap­pens along­side of it.

“When Geor­gia and Rus­sia had a mil­it­ary con­flict, hack­ers and hackt­iv­ists, they all ban­ded to­geth­er,” says John Bumgarner, the chief tech­no­logy of­ficer of the U.S. Cy­ber Con­sequences In­sti­tute, a non­profit. “And as that at­tack in­creased on the ground, the hack­ers in cy­ber­space in­creased their activ­ity and more people from oth­er coun­tries, Ukraine, and the United States, came to­geth­er.”

And that ac­cel­er­a­tion, he says, is likely to hap­pen in Syr­ia as the United States inches to­ward a strike.

Who are the SEA?

They hacked the Mar­ines. And The New York Times. And The Wash­ing­ton Post. And while they’ve been called un­soph­ist­ic­ated in their tac­tics, the mem­bers of the Syr­i­an Elec­tron­ic Army have been aw­fully dis­rupt­ive.

We don’t know much about these cy­ber­act­iv­ists, oth­er than that they strongly sup­port the As­sad re­gime, and de­face web­sites and re­dir­ect read­ers to their pro­pa­ganda. Ac­cord­ing to Adam Mey­ers, the vice pres­id­ent of in­tel­li­gence at Crowd­Strike, an In­ter­net se­cur­ity firm, there could be as few as a dozen people act­ively work­ing in the SEA. “At least some of the mem­bers that we are track­ing we have some good in­dic­a­tions they are op­er­at­ing out of Syr­ia,” he says, but it’s hard to know. Their ini­tial serv­er was hos­ted on the Syr­i­an Com­puter So­ci­ety, which Bashar al-As­sad was in charge of be­fore be­com­ing pres­id­ent of Syr­ia. It’s also un­known if there’s any con­nec­tion between the elec­tron­ic army and the ac­tu­al Syr­i­an forces.

A few of these hack­ers have been iden­ti­fied by In­ter­net pseud­onyms and have spoken to the me­dia, but then, it’s tough to con­firm if they are who they say they are. In Au­gust, Vice‘s Mother­board con­nec­ted an In­ter­net pa­per trail to identi­fy an SEA mem­ber named Hatem Deeb (he’s known around the In­ter­net as “ThePro.” This is his per­son­al site, where he de­clares he’s “proud to be a pro-As­sad hack­er.”) The SEA wrote to Mother­board say­ing Deeb was not one of “the names of SEA mem­bers lol,” which seemed to un­der­score a sense of am­a­teur­ism (also not­able is the SEA’s flu­id sense of Eng­lish and web­speak. They have a Pin­terest ac­count).

Deeb, or “ThePro,” or who­ever this per­son really is, pre­vi­ously told Vice about the ori­gins of the SEA:

… We’re all Syr­i­an youths who each have our spe­cial­ised com­puter skills, such as hack­ing and graph­ic design. Our mis­sion is to de­fend our proud and be­loved coun­try Syr­ia against a bloody me­dia war that has been waged against her. The con­trolled me­dia of cer­tain coun­tries con­tin­ues to pub­lish lies and fab­ric­ated news about Syr­ia.

Ac­cord­ing to Mey­ers, the SEA star­ted out two years ago op­er­at­ing more simply than it does now, at­tack­ing “tar­gets of op­por­tun­ity,” easy se­cur­ity flaws on web­sites. Then, start­ing this sum­mer, its mem­bers seemed to get a boost in cap­ab­il­it­ies. They star­ted go­ing after mes­saging sites such as, steal­ing e-mail mes­sages and con­tacts, among whom, it is pos­sible, in­clude Syr­i­an dis­sid­ents and rebels. Then, after the hack, the SEA went back to in­ter­fer­ing with me­dia out­lets. (The Guard­i­an has a com­pre­hens­ive timeline of their activ­it­ies.) In late Au­gust, the group took out The New York Times for the bet­ter part of a day. Mey­ers likened this move to watch­ing a golfer who had just learned a new swing from a pro. “And all of a sud­den you look like a dif­fer­ent shoot­er,” he says. He sus­pects they may have got­ten some out­side help.

Though sev­er­al head­lines last week pro­claimed that the SEA is now on the FBI’s “Most Wanted” list, an FBI spokes­per­son said that wasn’t true (the FBI does have a pub­lic most wanted list for cy­ber bad guys) and wouldn’t com­ment on wheth­er there was a fed­er­al in­vest­ig­a­tion in­to the group. The FBI did, however, re­lease an ad­vis­ory on them, but it was tame, in­struct­ing the agency to “main­tain heightened aware­ness of your net­work traffic and take ap­pro­pri­ate steps to main­tain your net­work se­cur­ity.”

How to Fight an Elec­tron­ic Army

The Syr­i­an Elec­tron­ic Army pos­ted this let­ter to the front of a Mar­ine Corps re­cruit­ment web­site, with pic­tures of sup­posed Mar­ines pledging not to in­ter­fere in Syr­ia. (Screen­shot Via Wall Street Journ­al)

Des­pite its abil­ity to hack big cor­por­a­tions and ma­jor news out­lets, the SEA’s tac­tics are re­garded by se­cur­ity ex­perts to be un­soph­ist­ic­ated. They say that be­cause the SEA largely uses a simple tac­tic called spearph­ish­ing — a gam­bit that baits people with au­then­t­ic-look­ing e-mails to give over their user names and pass­words. Here’s the ana­logy: You can have all the se­cur­ity in the world, but if you have the key to the gate, none of that mat­ters.

“It is go­ing to be very dif­fi­cult for us, the se­cur­ity com­munity, to ac­tu­ally pre­vent these at­tacks from oc­cur­ring,” Bumgarner says. “In most of these cases the SEA has ac­com­plished, the hu­man has been the weak ele­ment, and you can­not get a patch for stu­pid­ity.”

When SEA mem­bers hacked the AP’s Twit­ter ac­count, they pos­ted a tweet that read “Break­ing: Two Ex­plo­sions in the White House and Barack Obama is in­jured.” Al­most im­me­di­ately the Dow Jones in­dus­tri­al av­er­age dropped 150 points. “They didn’t have to do a stuxnet level at­tack to get that at­ten­tion,” Bumgarner says.

But yet, that’s more of a re­ac­tion to a protest than a group as­sembled on the street could dream of cre­at­ing. When the SEA took out The New York Times, re­dir­ect­ing some users to its own web­site, “that was equi­val­ent to they bombed The New York Times and took it out for the day,” Bumgarner says. But they did it without in­flict­ing any real dam­age or us­ing any­thing more sin­is­ter than a spam email. The les­son here may be for the me­dia: Per­haps their ac­counts should be kept un­der the same pro­tec­tions as, say, the front page of to­mor­row’s pa­per.

With a clev­er enough com­bin­a­tion of let­ters and num­bers, a pass­word can be more or less im­possible for a group with small com­put­ing power to hack. Ac­cord­ing to Pop­u­lar Mech­an­ics, a pass­word with let­ters, num­bers, and seem­ingly ran­domly placed sym­bols like “Aqu57ar$iu3s” would take a com­puter al­gorithm 17,400,000 years to crack. A sim­pler ver­sion, like “Aquar­i­us1” would take just 1.59 days. But then, all of that’s for naught if you give the pass­word away.

Both Bumgarner and Mey­ers agree that the SEA’s cap­ab­il­it­ies are lim­ited. It can’t, for in­stance, take out the United States’ elec­tric grid.

“There’s this de­gree of ‘Well, they might have been suc­cess­ful,’ but, I would not equate suc­cess with soph­ist­ic­a­tion,” Mey­ers says. They can, however, bite at the ankles of Amer­ic­an me­dia. “Which brings us to the next part of the story that I think is about to un­fold, which is if we start lob­bing cruise mis­siles in­to Dam­as­cus, I think we’re go­ing to be see­ing some oth­er in­ter­est­ing activ­ity com­ing out of that re­gion.”

What We're Following See More »
Charles Manson Dead
3 hours ago

Manson "died Sunday of natural causes, according to the California Department of Corrections. He was 83. ...Manson served nine life terms in California prisons and was denied parole 12 times."

Mueller Seeks Documents from DOJ
11 hours ago

Special counsel Robert Mueller "is now demanding documents from the department overseeing his investigation." A source tells ABC News that "Mueller's investigators are keen to obtain emails related to the firing of FBI Director James Comey and the earlier decision of Attorney General Jeff Sessions to recuse himself from the entire matter."

Trump May Be OK with Dropping Mandate Repeal
13 hours ago

"President Donald Trump would not insist on including repeal of an Obama-era health insurance mandate in a bill intended to enact the biggest overhaul of the tax code since the 1980s, a senior White House aide said on Sunday. The version of tax legislation put forward by Senate Republican leaders would remove a requirement in former President Barack Obama’s signature healthcare law that taxes Americans who decline to buy health insurance."

Media Devoting More Resources to Lawmakers’ Sexual Misconduct
13 hours ago

"Members of Congress with histories of mistreating women should be extremely nervous. Major outlets, including CNN, are dedicating substantial newsroom resources to investigating sexual harassment allegations against numerous lawmakers. A Republican source told me he's gotten calls from well-known D.C. reporters who are gathering stories about sleazy members."

Trump to Begin Covering His Own Legal Bills
2 days ago

Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.