The Syrian Army Obama Can’t Bomb

If the U.S attacks, the Syrian Electronic Army is sure to step up its hacks. But is it any real threat?

National Journal
Brian Resnick
Sept. 10, 2013, 8:46 a.m.

The Za­patis­tas star­ted off tra­di­tion­ally — with a mi­li­tia a few thou­sand deep, homemade weapons, and AK-47s. On New Year’s Day 1994, the left­ist group took con­trol of sev­er­al towns in Chiapas, a re­gion in south­ern Mex­ico. The rebels, fueled by an­ger over the re­cently au­thor­ized North Amer­ic­an Free Trade Agree­ment, stormed the towns at mid­night in what was de­scribed as “as a jovi­al spec­tacle.”

Mex­ico, in turn, re­spon­ded tra­di­tion­ally — with 15,000 sol­diers. They drove the Za­patis­tas back in­to the jungles, killing about 150 of them. But here’s where the story breaks from tra­di­tion. When the re­volu­tion­ar­ies moun­ted a comeback, it wasn’t back on the streets of Mex­ico, it was on the Web, for­go­ing weapons or vi­ol­ence for mes­sage pro­lif­er­a­tion and “hackt­iv­ism.” By today’s stand­ards, they or­gan­ized simple things: They used list­servs to get their mes­sages out and staged In­ter­net “sit-ins” by flood­ing serv­ers. But they got big at­ten­tion. They marked the be­gin­ning of the age of In­ter­net act­iv­ists.

It was the first “net­war” — as a 1998 Rand re­port de­scribed it — a mil­it­ant-yet peace­ful brand of so­cial act­iv­ism that lives in shifty tangles on the In­ter­net, which can be just as vis­ible as 1,000 re­volu­tion­ar­ies on the ground. “It is in­spir­ing rad­ic­al act­iv­ists around the world to be­gin think­ing that old mod­els of struggle — ones that call for build­ing ‘parties’ and ‘fronts’ … to ‘crush the state’ and ‘seize power’ — are not the way to go in the in­form­a­tion age,” the au­thors of that re­port wrote.

Led by Sub-Comand­ante Mar­cos (fore­ground), about 3,000 mem­bers of the Za­patista Army for Na­tion­al Lib­er­a­tion fire their weapons in­to the air in the south­ern Mex­ic­an state of Chiapas on Oct. 15, 1994. (AP Photo/Marco Ugarte)

But in the 15 years since that pa­per was pub­lished, In­ter­net act­iv­ism ob­vi­ously hasn’t re­placed phys­ic­al re­bel­lion. It just hap­pens along­side of it.

“When Geor­gia and Rus­sia had a mil­it­ary con­flict, hack­ers and hackt­iv­ists, they all ban­ded to­geth­er,” says John Bumgarner, the chief tech­no­logy of­ficer of the U.S. Cy­ber Con­sequences In­sti­tute, a non­profit. “And as that at­tack in­creased on the ground, the hack­ers in cy­ber­space in­creased their activ­ity and more people from oth­er coun­tries, Ukraine, and the United States, came to­geth­er.”

And that ac­cel­er­a­tion, he says, is likely to hap­pen in Syr­ia as the United States inches to­ward a strike.

Who are the SEA?

They hacked the Mar­ines. And The New York Times. And The Wash­ing­ton Post. And while they’ve been called un­soph­ist­ic­ated in their tac­tics, the mem­bers of the Syr­i­an Elec­tron­ic Army have been aw­fully dis­rupt­ive.

We don’t know much about these cy­ber­act­iv­ists, oth­er than that they strongly sup­port the As­sad re­gime, and de­face web­sites and re­dir­ect read­ers to their pro­pa­ganda. Ac­cord­ing to Adam Mey­ers, the vice pres­id­ent of in­tel­li­gence at Crowd­Strike, an In­ter­net se­cur­ity firm, there could be as few as a dozen people act­ively work­ing in the SEA. “At least some of the mem­bers that we are track­ing we have some good in­dic­a­tions they are op­er­at­ing out of Syr­ia,” he says, but it’s hard to know. Their ini­tial serv­er was hos­ted on the Syr­i­an Com­puter So­ci­ety, which Bashar al-As­sad was in charge of be­fore be­com­ing pres­id­ent of Syr­ia. It’s also un­known if there’s any con­nec­tion between the elec­tron­ic army and the ac­tu­al Syr­i­an forces.

A few of these hack­ers have been iden­ti­fied by In­ter­net pseud­onyms and have spoken to the me­dia, but then, it’s tough to con­firm if they are who they say they are. In Au­gust, Vice‘s Mother­board con­nec­ted an In­ter­net pa­per trail to identi­fy an SEA mem­ber named Hatem Deeb (he’s known around the In­ter­net as “ThePro.” This is his per­son­al site, where he de­clares he’s “proud to be a pro-As­sad hack­er.”) The SEA wrote to Mother­board say­ing Deeb was not one of “the names of SEA mem­bers lol,” which seemed to un­der­score a sense of am­a­teur­ism (also not­able is the SEA’s flu­id sense of Eng­lish and web­speak. They have a Pin­terest ac­count).

Deeb, or “ThePro,” or who­ever this per­son really is, pre­vi­ously told Vice about the ori­gins of the SEA:

… We’re all Syr­i­an youths who each have our spe­cial­ised com­puter skills, such as hack­ing and graph­ic design. Our mis­sion is to de­fend our proud and be­loved coun­try Syr­ia against a bloody me­dia war that has been waged against her. The con­trolled me­dia of cer­tain coun­tries con­tin­ues to pub­lish lies and fab­ric­ated news about Syr­ia.

Ac­cord­ing to Mey­ers, the SEA star­ted out two years ago op­er­at­ing more simply than it does now, at­tack­ing “tar­gets of op­por­tun­ity,” easy se­cur­ity flaws on web­sites. Then, start­ing this sum­mer, its mem­bers seemed to get a boost in cap­ab­il­it­ies. They star­ted go­ing after mes­saging sites such as, steal­ing e-mail mes­sages and con­tacts, among whom, it is pos­sible, in­clude Syr­i­an dis­sid­ents and rebels. Then, after the hack, the SEA went back to in­ter­fer­ing with me­dia out­lets. (The Guard­i­an has a com­pre­hens­ive timeline of their activ­it­ies.) In late Au­gust, the group took out The New York Times for the bet­ter part of a day. Mey­ers likened this move to watch­ing a golfer who had just learned a new swing from a pro. “And all of a sud­den you look like a dif­fer­ent shoot­er,” he says. He sus­pects they may have got­ten some out­side help.

Though sev­er­al head­lines last week pro­claimed that the SEA is now on the FBI’s “Most Wanted” list, an FBI spokes­per­son said that wasn’t true (the FBI does have a pub­lic most wanted list for cy­ber bad guys) and wouldn’t com­ment on wheth­er there was a fed­er­al in­vest­ig­a­tion in­to the group. The FBI did, however, re­lease an ad­vis­ory on them, but it was tame, in­struct­ing the agency to “main­tain heightened aware­ness of your net­work traffic and take ap­pro­pri­ate steps to main­tain your net­work se­cur­ity.”

How to Fight an Elec­tron­ic Army

The Syr­i­an Elec­tron­ic Army pos­ted this let­ter to the front of a Mar­ine Corps re­cruit­ment web­site, with pic­tures of sup­posed Mar­ines pledging not to in­ter­fere in Syr­ia. (Screen­shot Via Wall Street Journ­al)

Des­pite its abil­ity to hack big cor­por­a­tions and ma­jor news out­lets, the SEA’s tac­tics are re­garded by se­cur­ity ex­perts to be un­soph­ist­ic­ated. They say that be­cause the SEA largely uses a simple tac­tic called spearph­ish­ing — a gam­bit that baits people with au­then­t­ic-look­ing e-mails to give over their user names and pass­words. Here’s the ana­logy: You can have all the se­cur­ity in the world, but if you have the key to the gate, none of that mat­ters.

“It is go­ing to be very dif­fi­cult for us, the se­cur­ity com­munity, to ac­tu­ally pre­vent these at­tacks from oc­cur­ring,” Bumgarner says. “In most of these cases the SEA has ac­com­plished, the hu­man has been the weak ele­ment, and you can­not get a patch for stu­pid­ity.”

When SEA mem­bers hacked the AP’s Twit­ter ac­count, they pos­ted a tweet that read “Break­ing: Two Ex­plo­sions in the White House and Barack Obama is in­jured.” Al­most im­me­di­ately the Dow Jones in­dus­tri­al av­er­age dropped 150 points. “They didn’t have to do a stuxnet level at­tack to get that at­ten­tion,” Bumgarner says.

But yet, that’s more of a re­ac­tion to a protest than a group as­sembled on the street could dream of cre­at­ing. When the SEA took out The New York Times, re­dir­ect­ing some users to its own web­site, “that was equi­val­ent to they bombed The New York Times and took it out for the day,” Bumgarner says. But they did it without in­flict­ing any real dam­age or us­ing any­thing more sin­is­ter than a spam email. The les­son here may be for the me­dia: Per­haps their ac­counts should be kept un­der the same pro­tec­tions as, say, the front page of to­mor­row’s pa­per.

With a clev­er enough com­bin­a­tion of let­ters and num­bers, a pass­word can be more or less im­possible for a group with small com­put­ing power to hack. Ac­cord­ing to Pop­u­lar Mech­an­ics, a pass­word with let­ters, num­bers, and seem­ingly ran­domly placed sym­bols like “Aqu57ar$iu3s” would take a com­puter al­gorithm 17,400,000 years to crack. A sim­pler ver­sion, like “Aquar­i­us1” would take just 1.59 days. But then, all of that’s for naught if you give the pass­word away.

Both Bumgarner and Mey­ers agree that the SEA’s cap­ab­il­it­ies are lim­ited. It can’t, for in­stance, take out the United States’ elec­tric grid.

“There’s this de­gree of ‘Well, they might have been suc­cess­ful,’ but, I would not equate suc­cess with soph­ist­ic­a­tion,” Mey­ers says. They can, however, bite at the ankles of Amer­ic­an me­dia. “Which brings us to the next part of the story that I think is about to un­fold, which is if we start lob­bing cruise mis­siles in­to Dam­as­cus, I think we’re go­ing to be see­ing some oth­er in­ter­est­ing activ­ity com­ing out of that re­gion.”

What We're Following See More »
Trump Jr. Meeting with GOP Members
13 hours ago
Ryan Not Endorsing Trump Just Yet
18 hours ago
State Dept. Review Faults Clinton Email Management
20 hours ago

"A State Department audit has faulted Hillary Clinton and previous secretaries of state for poorly managing email and other computer information and slowly responding to new cybersecurity risks. ... It cites 'longstanding, systemic weaknesses' related to communications. These started before Clinton's appointment as secretary of state, but her failures were singled out as more serious."

Trump Rolls in Washington Primary
20 hours ago

Donald Trump "was on course to win more than three-quarters of the vote in Washington's primary" last night. Ted Cruz's defunct candidacy still pulled about 10 percent. "Cruz dropped out of the race on May 3, but won 40 of the state's 41 delegates up for grabs at last weekend's state GOP convention."

Trump Rally Turns Violent in New Mexico
20 hours ago

"What started as a calm protest outside Donald Trump’s rally Tuesday erupted into fiery violence as protesters jumped on police cars, smashed windows and fought with Trump supporters and police. Police faced such an angry crowd that they called in reinforcements from around the state, seeking to double their numbers to counter the protesters, whose numbers swelled beyond 600." Protesters threw rocks and bottles at police, who broke up several fights.