The Syrian Army Obama Can’t Bomb

If the U.S attacks, the Syrian Electronic Army is sure to step up its hacks. But is it any real threat?

National Journal
Brian Resnick
Add to Briefcase
Brian Resnick
Sept. 10, 2013, 8:46 a.m.

The Za­patis­tas star­ted off tra­di­tion­ally — with a mi­li­tia a few thou­sand deep, homemade weapons, and AK-47s. On New Year’s Day 1994, the left­ist group took con­trol of sev­er­al towns in Chiapas, a re­gion in south­ern Mex­ico. The rebels, fueled by an­ger over the re­cently au­thor­ized North Amer­ic­an Free Trade Agree­ment, stormed the towns at mid­night in what was de­scribed as “as a jovi­al spec­tacle.”

Mex­ico, in turn, re­spon­ded tra­di­tion­ally — with 15,000 sol­diers. They drove the Za­patis­tas back in­to the jungles, killing about 150 of them. But here’s where the story breaks from tra­di­tion. When the re­volu­tion­ar­ies moun­ted a comeback, it wasn’t back on the streets of Mex­ico, it was on the Web, for­go­ing weapons or vi­ol­ence for mes­sage pro­lif­er­a­tion and “hackt­iv­ism.” By today’s stand­ards, they or­gan­ized simple things: They used list­servs to get their mes­sages out and staged In­ter­net “sit-ins” by flood­ing serv­ers. But they got big at­ten­tion. They marked the be­gin­ning of the age of In­ter­net act­iv­ists.

It was the first “net­war” — as a 1998 Rand re­port de­scribed it — a mil­it­ant-yet peace­ful brand of so­cial act­iv­ism that lives in shifty tangles on the In­ter­net, which can be just as vis­ible as 1,000 re­volu­tion­ar­ies on the ground. “It is in­spir­ing rad­ic­al act­iv­ists around the world to be­gin think­ing that old mod­els of struggle — ones that call for build­ing ‘parties’ and ‘fronts’ … to ‘crush the state’ and ‘seize power’ — are not the way to go in the in­form­a­tion age,” the au­thors of that re­port wrote.

Led by Sub-Comand­ante Mar­cos (fore­ground), about 3,000 mem­bers of the Za­patista Army for Na­tion­al Lib­er­a­tion fire their weapons in­to the air in the south­ern Mex­ic­an state of Chiapas on Oct. 15, 1994. (AP Photo/Marco Ugarte)

But in the 15 years since that pa­per was pub­lished, In­ter­net act­iv­ism ob­vi­ously hasn’t re­placed phys­ic­al re­bel­lion. It just hap­pens along­side of it.

“When Geor­gia and Rus­sia had a mil­it­ary con­flict, hack­ers and hackt­iv­ists, they all ban­ded to­geth­er,” says John Bumgarner, the chief tech­no­logy of­ficer of the U.S. Cy­ber Con­sequences In­sti­tute, a non­profit. “And as that at­tack in­creased on the ground, the hack­ers in cy­ber­space in­creased their activ­ity and more people from oth­er coun­tries, Ukraine, and the United States, came to­geth­er.”

And that ac­cel­er­a­tion, he says, is likely to hap­pen in Syr­ia as the United States inches to­ward a strike.

Who are the SEA?

They hacked the Mar­ines. And The New York Times. And The Wash­ing­ton Post. And while they’ve been called un­soph­ist­ic­ated in their tac­tics, the mem­bers of the Syr­i­an Elec­tron­ic Army have been aw­fully dis­rupt­ive.

We don’t know much about these cy­ber­act­iv­ists, oth­er than that they strongly sup­port the As­sad re­gime, and de­face web­sites and re­dir­ect read­ers to their pro­pa­ganda. Ac­cord­ing to Adam Mey­ers, the vice pres­id­ent of in­tel­li­gence at Crowd­Strike, an In­ter­net se­cur­ity firm, there could be as few as a dozen people act­ively work­ing in the SEA. “At least some of the mem­bers that we are track­ing we have some good in­dic­a­tions they are op­er­at­ing out of Syr­ia,” he says, but it’s hard to know. Their ini­tial serv­er was hos­ted on the Syr­i­an Com­puter So­ci­ety, which Bashar al-As­sad was in charge of be­fore be­com­ing pres­id­ent of Syr­ia. It’s also un­known if there’s any con­nec­tion between the elec­tron­ic army and the ac­tu­al Syr­i­an forces.

A few of these hack­ers have been iden­ti­fied by In­ter­net pseud­onyms and have spoken to the me­dia, but then, it’s tough to con­firm if they are who they say they are. In Au­gust, Vice‘s Mother­board con­nec­ted an In­ter­net pa­per trail to identi­fy an SEA mem­ber named Hatem Deeb (he’s known around the In­ter­net as “ThePro.” This is his per­son­al site, where he de­clares he’s “proud to be a pro-As­sad hack­er.”) The SEA wrote to Mother­board say­ing Deeb was not one of “the names of SEA mem­bers lol,” which seemed to un­der­score a sense of am­a­teur­ism (also not­able is the SEA’s flu­id sense of Eng­lish and web­speak. They have a Pin­terest ac­count).

Deeb, or “ThePro,” or who­ever this per­son really is, pre­vi­ously told Vice about the ori­gins of the SEA:

… We’re all Syr­i­an youths who each have our spe­cial­ised com­puter skills, such as hack­ing and graph­ic design. Our mis­sion is to de­fend our proud and be­loved coun­try Syr­ia against a bloody me­dia war that has been waged against her. The con­trolled me­dia of cer­tain coun­tries con­tin­ues to pub­lish lies and fab­ric­ated news about Syr­ia.

Ac­cord­ing to Mey­ers, the SEA star­ted out two years ago op­er­at­ing more simply than it does now, at­tack­ing “tar­gets of op­por­tun­ity,” easy se­cur­ity flaws on web­sites. Then, start­ing this sum­mer, its mem­bers seemed to get a boost in cap­ab­il­it­ies. They star­ted go­ing after mes­saging sites such as tango.me, steal­ing e-mail mes­sages and con­tacts, among whom, it is pos­sible, in­clude Syr­i­an dis­sid­ents and rebels. Then, after the tango.me hack, the SEA went back to in­ter­fer­ing with me­dia out­lets. (The Guard­i­an has a com­pre­hens­ive timeline of their activ­it­ies.) In late Au­gust, the group took out The New York Times for the bet­ter part of a day. Mey­ers likened this move to watch­ing a golfer who had just learned a new swing from a pro. “And all of a sud­den you look like a dif­fer­ent shoot­er,” he says. He sus­pects they may have got­ten some out­side help.

Though sev­er­al head­lines last week pro­claimed that the SEA is now on the FBI’s “Most Wanted” list, an FBI spokes­per­son said that wasn’t true (the FBI does have a pub­lic most wanted list for cy­ber bad guys) and wouldn’t com­ment on wheth­er there was a fed­er­al in­vest­ig­a­tion in­to the group. The FBI did, however, re­lease an ad­vis­ory on them, but it was tame, in­struct­ing the agency to “main­tain heightened aware­ness of your net­work traffic and take ap­pro­pri­ate steps to main­tain your net­work se­cur­ity.”

How to Fight an Elec­tron­ic Army

The Syr­i­an Elec­tron­ic Army pos­ted this let­ter to the front of a Mar­ine Corps re­cruit­ment web­site, with pic­tures of sup­posed Mar­ines pledging not to in­ter­fere in Syr­ia. (Screen­shot Via Wall Street Journ­al)

Des­pite its abil­ity to hack big cor­por­a­tions and ma­jor news out­lets, the SEA’s tac­tics are re­garded by se­cur­ity ex­perts to be un­soph­ist­ic­ated. They say that be­cause the SEA largely uses a simple tac­tic called spearph­ish­ing — a gam­bit that baits people with au­then­t­ic-look­ing e-mails to give over their user names and pass­words. Here’s the ana­logy: You can have all the se­cur­ity in the world, but if you have the key to the gate, none of that mat­ters.

“It is go­ing to be very dif­fi­cult for us, the se­cur­ity com­munity, to ac­tu­ally pre­vent these at­tacks from oc­cur­ring,” Bumgarner says. “In most of these cases the SEA has ac­com­plished, the hu­man has been the weak ele­ment, and you can­not get a patch for stu­pid­ity.”

When SEA mem­bers hacked the AP’s Twit­ter ac­count, they pos­ted a tweet that read “Break­ing: Two Ex­plo­sions in the White House and Barack Obama is in­jured.” Al­most im­me­di­ately the Dow Jones in­dus­tri­al av­er­age dropped 150 points. “They didn’t have to do a stuxnet level at­tack to get that at­ten­tion,” Bumgarner says.

But yet, that’s more of a re­ac­tion to a protest than a group as­sembled on the street could dream of cre­at­ing. When the SEA took out The New York Times, re­dir­ect­ing some users to its own web­site, “that was equi­val­ent to they bombed The New York Times and took it out for the day,” Bumgarner says. But they did it without in­flict­ing any real dam­age or us­ing any­thing more sin­is­ter than a spam email. The les­son here may be for the me­dia: Per­haps their ac­counts should be kept un­der the same pro­tec­tions as, say, the front page of to­mor­row’s pa­per.

With a clev­er enough com­bin­a­tion of let­ters and num­bers, a pass­word can be more or less im­possible for a group with small com­put­ing power to hack. Ac­cord­ing to Pop­u­lar Mech­an­ics, a pass­word with let­ters, num­bers, and seem­ingly ran­domly placed sym­bols like “Aqu57ar$iu3s” would take a com­puter al­gorithm 17,400,000 years to crack. A sim­pler ver­sion, like “Aquar­i­us1” would take just 1.59 days. But then, all of that’s for naught if you give the pass­word away.

Both Bumgarner and Mey­ers agree that the SEA’s cap­ab­il­it­ies are lim­ited. It can’t, for in­stance, take out the United States’ elec­tric grid.

“There’s this de­gree of ‘Well, they might have been suc­cess­ful,’ but, I would not equate suc­cess with soph­ist­ic­a­tion,” Mey­ers says. They can, however, bite at the ankles of Amer­ic­an me­dia. “Which brings us to the next part of the story that I think is about to un­fold, which is if we start lob­bing cruise mis­siles in­to Dam­as­cus, I think we’re go­ing to be see­ing some oth­er in­ter­est­ing activ­ity com­ing out of that re­gion.”

What We're Following See More »
WITH LIVE BLOGGING
Trump Deposition Video Is Online
1 days ago
STAFF PICKS

The video of Donald Trump's deposition in his case against restaurateur Jeffrey Zakarian is now live. Slate's Jim Newell and Josh Voorhees are live-blogging it while they watch.

Source:
SOUND LEVEL AFFECTED
Debate Commission Admits Issues with Trump’s Mic
1 days ago
THE LATEST

The Commission on Presidential Debates put out a statement today that gives credence to Donald Trump's claims that he had a bad microphone on Monday night. "Regarding the first debate, there were issues regarding Donald Trump's audio that affected the sound level in the debate hall," read the statement in its entirety.

Source:
TRUMP VS. CHEFS
Trump Deposition Video to Be Released
1 days ago
THE LATEST

"A video of Donald Trump testifying under oath about his provocative rhetoric about Mexicans and other Latinos is set to go public" as soon as today. "Trump gave the testimony in June at a law office in Washington in connection with one of two lawsuits he filed last year after prominent chefs reacted to the controversy over his remarks by pulling out of plans to open restaurants at his new D.C. hotel. D.C. Superior Court Judge Brian Holeman said in an order issued Thursday evening that fears the testimony might show up in campaign commercials were no basis to keep the public from seeing the video."

Source:
A CANDIDATE TO BE ‘PROUD’ OF
Chicago Tribune Endorses Gary Johnson
1 days ago
THE LATEST

No matter that his recall of foreign leaders leaves something to be desired, Gary Johnson is the choice of the Chicago Tribune's editorial board. The editors argue that Donald Trump couldn't do the job of president, while hitting Hillary Clinton for "her intent to greatly increase federal spending and taxation, and serious questions about honesty and trust." Which leaves them with Johnson. "Every American who casts a vote for him is standing for principles," they write, "and can be proud of that vote. Yes, proud of a candidate in 2016."

NEVER TRUMP
USA Today Weighs in on Presidential Race for First Time Ever
1 days ago
THE DETAILS

"By all means vote, just not for Donald Trump." That's the message from USA Today editors, who are making the first recommendation on a presidential race in the paper's 34-year history. It's not exactly an endorsement; they make clear that the editorial board "does not have a consensus for a Clinton endorsement." But they state flatly that Donald Trump is, by "unanimous consensus of the editorial board, unfit for the presidency."

Source:
×