The Syrian Army Obama Can’t Bomb

If the U.S attacks, the Syrian Electronic Army is sure to step up its hacks. But is it any real threat?

National Journal
Brian Resnick
Sept. 10, 2013, 8:46 a.m.

The Za­patis­tas star­ted off tra­di­tion­ally — with a mi­li­tia a few thou­sand deep, homemade weapons, and AK-47s. On New Year’s Day 1994, the left­ist group took con­trol of sev­er­al towns in Chiapas, a re­gion in south­ern Mex­ico. The rebels, fueled by an­ger over the re­cently au­thor­ized North Amer­ic­an Free Trade Agree­ment, stormed the towns at mid­night in what was de­scribed as “as a jovi­al spec­tacle.”

Mex­ico, in turn, re­spon­ded tra­di­tion­ally — with 15,000 sol­diers. They drove the Za­patis­tas back in­to the jungles, killing about 150 of them. But here’s where the story breaks from tra­di­tion. When the re­volu­tion­ar­ies moun­ted a comeback, it wasn’t back on the streets of Mex­ico, it was on the Web, for­go­ing weapons or vi­ol­ence for mes­sage pro­lif­er­a­tion and “hackt­iv­ism.” By today’s stand­ards, they or­gan­ized simple things: They used list­servs to get their mes­sages out and staged In­ter­net “sit-ins” by flood­ing serv­ers. But they got big at­ten­tion. They marked the be­gin­ning of the age of In­ter­net act­iv­ists.

It was the first “net­war” — as a 1998 Rand re­port de­scribed it — a mil­it­ant-yet peace­ful brand of so­cial act­iv­ism that lives in shifty tangles on the In­ter­net, which can be just as vis­ible as 1,000 re­volu­tion­ar­ies on the ground. “It is in­spir­ing rad­ic­al act­iv­ists around the world to be­gin think­ing that old mod­els of struggle — ones that call for build­ing ‘parties’ and ‘fronts’ … to ‘crush the state’ and ‘seize power’ — are not the way to go in the in­form­a­tion age,” the au­thors of that re­port wrote.

Led by Sub-Comand­ante Mar­cos (fore­ground), about 3,000 mem­bers of the Za­patista Army for Na­tion­al Lib­er­a­tion fire their weapons in­to the air in the south­ern Mex­ic­an state of Chiapas on Oct. 15, 1994. (AP Photo/Marco Ugarte)

But in the 15 years since that pa­per was pub­lished, In­ter­net act­iv­ism ob­vi­ously hasn’t re­placed phys­ic­al re­bel­lion. It just hap­pens along­side of it.

“When Geor­gia and Rus­sia had a mil­it­ary con­flict, hack­ers and hackt­iv­ists, they all ban­ded to­geth­er,” says John Bumgarner, the chief tech­no­logy of­ficer of the U.S. Cy­ber Con­sequences In­sti­tute, a non­profit. “And as that at­tack in­creased on the ground, the hack­ers in cy­ber­space in­creased their activ­ity and more people from oth­er coun­tries, Ukraine, and the United States, came to­geth­er.”

And that ac­cel­er­a­tion, he says, is likely to hap­pen in Syr­ia as the United States inches to­ward a strike.

Who are the SEA?

They hacked the Mar­ines. And The New York Times. And The Wash­ing­ton Post. And while they’ve been called un­soph­ist­ic­ated in their tac­tics, the mem­bers of the Syr­i­an Elec­tron­ic Army have been aw­fully dis­rupt­ive.

We don’t know much about these cy­ber­act­iv­ists, oth­er than that they strongly sup­port the As­sad re­gime, and de­face web­sites and re­dir­ect read­ers to their pro­pa­ganda. Ac­cord­ing to Adam Mey­ers, the vice pres­id­ent of in­tel­li­gence at Crowd­Strike, an In­ter­net se­cur­ity firm, there could be as few as a dozen people act­ively work­ing in the SEA. “At least some of the mem­bers that we are track­ing we have some good in­dic­a­tions they are op­er­at­ing out of Syr­ia,” he says, but it’s hard to know. Their ini­tial serv­er was hos­ted on the Syr­i­an Com­puter So­ci­ety, which Bashar al-As­sad was in charge of be­fore be­com­ing pres­id­ent of Syr­ia. It’s also un­known if there’s any con­nec­tion between the elec­tron­ic army and the ac­tu­al Syr­i­an forces.

A few of these hack­ers have been iden­ti­fied by In­ter­net pseud­onyms and have spoken to the me­dia, but then, it’s tough to con­firm if they are who they say they are. In Au­gust, Vice‘s Mother­board con­nec­ted an In­ter­net pa­per trail to identi­fy an SEA mem­ber named Hatem Deeb (he’s known around the In­ter­net as “ThePro.” This is his per­son­al site, where he de­clares he’s “proud to be a pro-As­sad hack­er.”) The SEA wrote to Mother­board say­ing Deeb was not one of “the names of SEA mem­bers lol,” which seemed to un­der­score a sense of am­a­teur­ism (also not­able is the SEA’s flu­id sense of Eng­lish and web­speak. They have a Pin­terest ac­count).

Deeb, or “ThePro,” or who­ever this per­son really is, pre­vi­ously told Vice about the ori­gins of the SEA:

… We’re all Syr­i­an youths who each have our spe­cial­ised com­puter skills, such as hack­ing and graph­ic design. Our mis­sion is to de­fend our proud and be­loved coun­try Syr­ia against a bloody me­dia war that has been waged against her. The con­trolled me­dia of cer­tain coun­tries con­tin­ues to pub­lish lies and fab­ric­ated news about Syr­ia.

Ac­cord­ing to Mey­ers, the SEA star­ted out two years ago op­er­at­ing more simply than it does now, at­tack­ing “tar­gets of op­por­tun­ity,” easy se­cur­ity flaws on web­sites. Then, start­ing this sum­mer, its mem­bers seemed to get a boost in cap­ab­il­it­ies. They star­ted go­ing after mes­saging sites such as, steal­ing e-mail mes­sages and con­tacts, among whom, it is pos­sible, in­clude Syr­i­an dis­sid­ents and rebels. Then, after the hack, the SEA went back to in­ter­fer­ing with me­dia out­lets. (The Guard­i­an has a com­pre­hens­ive timeline of their activ­it­ies.) In late Au­gust, the group took out The New York Times for the bet­ter part of a day. Mey­ers likened this move to watch­ing a golfer who had just learned a new swing from a pro. “And all of a sud­den you look like a dif­fer­ent shoot­er,” he says. He sus­pects they may have got­ten some out­side help.

Though sev­er­al head­lines last week pro­claimed that the SEA is now on the FBI’s “Most Wanted” list, an FBI spokes­per­son said that wasn’t true (the FBI does have a pub­lic most wanted list for cy­ber bad guys) and wouldn’t com­ment on wheth­er there was a fed­er­al in­vest­ig­a­tion in­to the group. The FBI did, however, re­lease an ad­vis­ory on them, but it was tame, in­struct­ing the agency to “main­tain heightened aware­ness of your net­work traffic and take ap­pro­pri­ate steps to main­tain your net­work se­cur­ity.”

How to Fight an Elec­tron­ic Army

The Syr­i­an Elec­tron­ic Army pos­ted this let­ter to the front of a Mar­ine Corps re­cruit­ment web­site, with pic­tures of sup­posed Mar­ines pledging not to in­ter­fere in Syr­ia. (Screen­shot Via Wall Street Journ­al)

Des­pite its abil­ity to hack big cor­por­a­tions and ma­jor news out­lets, the SEA’s tac­tics are re­garded by se­cur­ity ex­perts to be un­soph­ist­ic­ated. They say that be­cause the SEA largely uses a simple tac­tic called spearph­ish­ing — a gam­bit that baits people with au­then­t­ic-look­ing e-mails to give over their user names and pass­words. Here’s the ana­logy: You can have all the se­cur­ity in the world, but if you have the key to the gate, none of that mat­ters.

“It is go­ing to be very dif­fi­cult for us, the se­cur­ity com­munity, to ac­tu­ally pre­vent these at­tacks from oc­cur­ring,” Bumgarner says. “In most of these cases the SEA has ac­com­plished, the hu­man has been the weak ele­ment, and you can­not get a patch for stu­pid­ity.”

When SEA mem­bers hacked the AP’s Twit­ter ac­count, they pos­ted a tweet that read “Break­ing: Two Ex­plo­sions in the White House and Barack Obama is in­jured.” Al­most im­me­di­ately the Dow Jones in­dus­tri­al av­er­age dropped 150 points. “They didn’t have to do a stuxnet level at­tack to get that at­ten­tion,” Bumgarner says.

But yet, that’s more of a re­ac­tion to a protest than a group as­sembled on the street could dream of cre­at­ing. When the SEA took out The New York Times, re­dir­ect­ing some users to its own web­site, “that was equi­val­ent to they bombed The New York Times and took it out for the day,” Bumgarner says. But they did it without in­flict­ing any real dam­age or us­ing any­thing more sin­is­ter than a spam email. The les­son here may be for the me­dia: Per­haps their ac­counts should be kept un­der the same pro­tec­tions as, say, the front page of to­mor­row’s pa­per.

With a clev­er enough com­bin­a­tion of let­ters and num­bers, a pass­word can be more or less im­possible for a group with small com­put­ing power to hack. Ac­cord­ing to Pop­u­lar Mech­an­ics, a pass­word with let­ters, num­bers, and seem­ingly ran­domly placed sym­bols like “Aqu57ar$iu3s” would take a com­puter al­gorithm 17,400,000 years to crack. A sim­pler ver­sion, like “Aquar­i­us1” would take just 1.59 days. But then, all of that’s for naught if you give the pass­word away.

Both Bumgarner and Mey­ers agree that the SEA’s cap­ab­il­it­ies are lim­ited. It can’t, for in­stance, take out the United States’ elec­tric grid.

“There’s this de­gree of ‘Well, they might have been suc­cess­ful,’ but, I would not equate suc­cess with soph­ist­ic­a­tion,” Mey­ers says. They can, however, bite at the ankles of Amer­ic­an me­dia. “Which brings us to the next part of the story that I think is about to un­fold, which is if we start lob­bing cruise mis­siles in­to Dam­as­cus, I think we’re go­ing to be see­ing some oth­er in­ter­est­ing activ­ity com­ing out of that re­gion.”

What We're Following See More »
Voters Want Medical Records
8 hours ago

Even though they dislike both of them, the American people want to know that its presidential candidates are healthy. "Nearly two-thirds of registered voters think presidential candidates should release details about their medical histories, according to a new Morning Consult poll." In the new poll, 64 percent of Americans say the candidates should release their medical reports, up nine percent from May.

Yellen Paves Way For Interest Rate Hike
9 hours ago

In a speech Friday at the Federal Reserve's Jackson Hole summit, Fed chair Janet Yellen sounded an optimistic tone about the state of the American economy, before implying that a hike in interest rates is on the horizon. The Fed "continues to anticipate that gradual increases in the federal funds rate will be appropriate over time to achieve and sustain employment and inflation near our statutory objectives," Yellen said in her address.

Study Finds Little Evidence of Voter Fraud
9 hours ago

While politicians argue over whether or not to be worried about potential voter fraud come November, a study tells us it is not a legitimate concern. "A News21 analysis four years ago of 2,068 alleged election-fraud cases in 50 states found that while some fraud had occurred since 2000, the rate was infinitesimal compared with the 146 million registered voters in that 12-year span. The analysis found only 10 cases of voter impersonation, the only kind of fraud that could be prevented by voter ID at the polls."

Donations to DNC Relied on ‘Workaround’
10 hours ago

The Democratic National Committee's "influx of money" in July "owes in part to an unprecedented workaround of political spending limits that lets the party tap into millions of dollars more" from Hillary Clinton’s biggest donors. "At least $7.3 million of the DNC’s July total originated with payments from hundreds of major donors who had already contributed the maximum $33,400 to the national committee." Those payments were "first bundled by the Hillary Victory Fund and then transferred to the state Democratic parties, which effectively stripped the donors’ names and sent the money to the DNC as a lump sum."

Obama Creates World’s Largest Protected Reserve
10 hours ago

President Obama this morning "created the largest protected area on the planet Friday, by expanding a national marine monument off the coast of his native Hawaii to encompass 582,578 square miles of land and sea."