The Zapatistas started off traditionally — with a militia a few thousand deep, homemade weapons, and AK-47s. On New Year’s Day 1994, the leftist group took control of several towns in Chiapas, a region in southern Mexico. The rebels, fueled by anger over the recently authorized North American Free Trade Agreement, stormed the towns at midnight in what was described as “as a jovial spectacle.”
Mexico, in turn, responded traditionally — with 15,000 soldiers. They drove the Zapatistas back into the jungles, killing about 150 of them. But here’s where the story breaks from tradition. When the revolutionaries mounted a comeback, it wasn’t back on the streets of Mexico, it was on the Web, forgoing weapons or violence for message proliferation and “hacktivism.” By today’s standards, they organized simple things: They used listservs to get their messages out and staged Internet “sit-ins” by flooding servers. But they got big attention. They marked the beginning of the age of Internet activists.
It was the first “netwar” — as a 1998 Rand report described it — a militant-yet peaceful brand of social activism that lives in shifty tangles on the Internet, which can be just as visible as 1,000 revolutionaries on the ground. “It is inspiring radical activists around the world to begin thinking that old models of struggle — ones that call for building ‘parties’ and ‘fronts’ … to ‘crush the state’ and ‘seize power’ — are not the way to go in the information age,” the authors of that report wrote.
Led by Sub-Comandante Marcos (foreground), about 3,000 members of the Zapatista Army for National Liberation fire their weapons into the air in the southern Mexican state of Chiapas on Oct. 15, 1994. (AP Photo/Marco Ugarte)
But in the 15 years since that paper was published, Internet activism obviously hasn’t replaced physical rebellion. It just happens alongside of it.
“When Georgia and Russia had a military conflict, hackers and hacktivists, they all banded together,” says John Bumgarner, the chief technology officer of the U.S. Cyber Consequences Institute, a nonprofit. “And as that attack increased on the ground, the hackers in cyberspace increased their activity and more people from other countries, Ukraine, and the United States, came together.”
And that acceleration, he says, is likely to happen in Syria as the United States inches toward a strike.
Who are the SEA?
They hacked the Marines. And The New York Times. And The Washington Post. And while they’ve been called unsophisticated in their tactics, the members of the Syrian Electronic Army have been awfully disruptive.
We don’t know much about these cyberactivists, other than that they strongly support the Assad regime, and deface websites and redirect readers to their propaganda. According to Adam Meyers, the vice president of intelligence at CrowdStrike, an Internet security firm, there could be as few as a dozen people actively working in the SEA. “At least some of the members that we are tracking we have some good indications they are operating out of Syria,” he says, but it’s hard to know. Their initial server was hosted on the Syrian Computer Society, which Bashar al-Assad was in charge of before becoming president of Syria. It’s also unknown if there’s any connection between the electronic army and the actual Syrian forces.
A few of these hackers have been identified by Internet pseudonyms and have spoken to the media, but then, it’s tough to confirm if they are who they say they are. In August, Vice‘s Motherboard connected an Internet paper trail to identify an SEA member named Hatem Deeb (he’s known around the Internet as “ThePro.” This is his personal site, where he declares he’s “proud to be a pro-Assad hacker.”) The SEA wrote to Motherboard saying Deeb was not one of “the names of SEA members lol,” which seemed to underscore a sense of amateurism (also notable is the SEA’s fluid sense of English and webspeak. They have a Pinterest account).
Deeb, or “ThePro,” or whoever this person really is, previously told Vice about the origins of the SEA:
… We’re all Syrian youths who each have our specialised computer skills, such as hacking and graphic design. Our mission is to defend our proud and beloved country Syria against a bloody media war that has been waged against her. The controlled media of certain countries continues to publish lies and fabricated news about Syria.
According to Meyers, the SEA started out two years ago operating more simply than it does now, attacking “targets of opportunity,” easy security flaws on websites. Then, starting this summer, its members seemed to get a boost in capabilities. They started going after messaging sites such as tango.me, stealing e-mail messages and contacts, among whom, it is possible, include Syrian dissidents and rebels. Then, after the tango.me hack, the SEA went back to interfering with media outlets. (The Guardian has a comprehensive timeline of their activities.) In late August, the group took out The New York Times for the better part of a day. Meyers likened this move to watching a golfer who had just learned a new swing from a pro. “And all of a sudden you look like a different shooter,” he says. He suspects they may have gotten some outside help.
Though several headlines last week proclaimed that the SEA is now on the FBI’s “Most Wanted” list, an FBI spokesperson said that wasn’t true (the FBI does have a public most wanted list for cyber bad guys) and wouldn’t comment on whether there was a federal investigation into the group. The FBI did, however, release an advisory on them, but it was tame, instructing the agency to “maintain heightened awareness of your network traffic and take appropriate steps to maintain your network security.”
How to Fight an Electronic Army
The Syrian Electronic Army posted this letter to the front of a Marine Corps recruitment website, with pictures of supposed Marines pledging not to interfere in Syria. (Screenshot Via Wall Street Journal)
Despite its ability to hack big corporations and major news outlets, the SEA’s tactics are regarded by security experts to be unsophisticated. They say that because the SEA largely uses a simple tactic called spearphishing — a gambit that baits people with authentic-looking e-mails to give over their user names and passwords. Here’s the analogy: You can have all the security in the world, but if you have the key to the gate, none of that matters.
“It is going to be very difficult for us, the security community, to actually prevent these attacks from occurring,” Bumgarner says. “In most of these cases the SEA has accomplished, the human has been the weak element, and you cannot get a patch for stupidity.”
When SEA members hacked the AP’s Twitter account, they posted a tweet that read “Breaking: Two Explosions in the White House and Barack Obama is injured.” Almost immediately the Dow Jones industrial average dropped 150 points. “They didn’t have to do a stuxnet level attack to get that attention,” Bumgarner says.
But yet, that’s more of a reaction to a protest than a group assembled on the street could dream of creating. When the SEA took out The New York Times, redirecting some users to its own website, “that was equivalent to they bombed The New York Times and took it out for the day,” Bumgarner says. But they did it without inflicting any real damage or using anything more sinister than a spam email. The lesson here may be for the media: Perhaps their accounts should be kept under the same protections as, say, the front page of tomorrow’s paper.
With a clever enough combination of letters and numbers, a password can be more or less impossible for a group with small computing power to hack. According to Popular Mechanics, a password with letters, numbers, and seemingly randomly placed symbols like “Aqu57ar$iu3s” would take a computer algorithm 17,400,000 years to crack. A simpler version, like “Aquarius1” would take just 1.59 days. But then, all of that’s for naught if you give the password away.
Both Bumgarner and Meyers agree that the SEA’s capabilities are limited. It can’t, for instance, take out the United States’ electric grid.
“There’s this degree of ‘Well, they might have been successful,’ but, I would not equate success with sophistication,” Meyers says. They can, however, bite at the ankles of American media. “Which brings us to the next part of the story that I think is about to unfold, which is if we start lobbing cruise missiles into Damascus, I think we’re going to be seeing some other interesting activity coming out of that region.”
What We're Following See More »
President Obama has called for a "full review" of the hacking that took place during the 2016 election cycle, according to Obama counterterrorism and homeland security adviser Lisa Monaco. Intelligence officials say it is highly likely that Russia was behind the hacking. The results are not necessarily going to be made public, but will be shared with members of Congress.
Sen. Joe Manchin (D-WV) and Sherrod Brown (D-OH) are threatening to block the spending bill—and prevent the Senate from leaving town—"because it would not extend benefits for retired coal miners for a year or pay for their pension plans. The current version of the bill would extend health benefits for four months. ... Senate Majority Leader Mitch McConnell (R-KY) on Thursday afternoon moved to end debate on the continuing resolution to fund the government through April 28. But unless Senate Democrats relent, that vote cannot be held until Saturday at 1 a.m. at the earliest, one hour after the current funding measure expires."
The South Korean parliament voted on Friday morning to impeach President Park Geun-hye over charges of corruption, claiming she allowed undue influence to a close confidante of hers. Ms. Park is now suspended as president for 180 days. South Korea's Constitutional Court will hear the case and decide whether to uphold or overturn the impeachment.
Participants in the women's march on Washington the day after inauguration won't have access to the Lincoln Memorial. The National Park Service has "filed documents securing large swaths of the national mall and Pennsylvania Avenue, the Washington Monument and the Lincoln Memorial for the inauguration festivities. None of these spots will be open for protesters."