Hacking, propaganda the main weapons for Syrian Electronic Army

The Syrian Electronic Army has launched a counter-offensive against the online activities of opposition protesters, and its main weapon is hacking

PUBLISHED : Thursday, 02 May, 2013, 12:00am
UPDATED : Thursday, 02 May, 2013, 4:47am


The self-styled Syrian Electronic Army (SEA) has launched hacking attacks in recent weeks on the BBC, the Associated Press and most recently The Guardian.

Last week the pro-government group succeeded in hijacking AP's main Twitter account, with 1.9 million followers. It falsely claimed that US President Barack Obama had been injured in an explosion. AP corrected the message, but not before US$130 billion had been briefly wiped off the value of stocks.

Online pro-revolution activists have been one of the defining features of the Arab spring. In Syria, opposition activists have played a crucial role in the struggle against President Bashar al-Assad. Over the past two years they have uploaded numerous videos of anti-Assad demonstrations to YouTube, posted gruesome footage of victims killed by government forces, and helped shape political perceptions in the West, as European Union leaders inch towards arming Syria's moderate opposition.

But unlike Tunisia, Egypt and Libya - whose former regimes were caught badly off guard - Assad's government is fighting back. It has created an increasingly rambunctious group of counter-revolutionary hackers. These hackers have a twin function: to punish Western news organisations seen as critical of Syria's regime, and to spread Damascus' alternative narrative. This says that the war in Syria isn't a popular uprising against a brutal, despotic family-military dynasty but rather an attempt by Islamist terrorists to turn Syria into a crazy al-Qaeda fiefdom.

The Syrian Electronic Army began in 2011. According to defectors, the group moved last year from Damascus to a secret base in Dubai. The Syrian government is widely believed to be behind the SEA's activities.

The army consists of the brothers of every Syrian citizen ... Young people have an important role to play at this stage, because they have proven themselves to be an active power

In a speech to Damascus university in 2011, Assad likened the online warriors to his frontline troops: "The army consists of the brothers of every Syrian citizen ... Young people have an important role to play at this stage, because they have proven themselves to be an active power. There is the electronic army, which has been a real army in virtual reality."

Opposition activists claim Assad's billionaire cousin, Rami Makhlouf, bankrolls the SEA and masterminded its move out of Syria. The SEA now operates out of one of Makhlouf's shadowy Dubai companies, they add, citing information from a former SEA activist. Makhlouf pays for food and accommodation. Pro-Assad activists earn around US$500-$1,000 for high-profile attacks on Western targets - a huge sum for most Syrians.

The SEA comprises Alawites from Assad's embattled minority Shia sect, but also includes Sunnis - most of whom back the opposition - and Christians.

"There are a lot of [pro-regime] Syrian hackers inside Syria and outside Syria," said Tareq al-Jaza'eere, an opposition cyber-activist. "The Syrian government gives them money to fight an electronic war against the rebels. They are doing hacks. They are doing social media. Their message is there is no revolution. They say there is a terrorist gang fighting the government."

Analysts say the SEA's hacking attacks are crude but effective.

The outfit's official website, hosted in Syria, boasts of its numerous successes and shows activists in military fatigues sitting in front of a bank of computers. Their faces are cropped out. It says that its hackers are organised into battalions, with names such as Wolf, the Pro and the Shadow. The site features two "martyrs": men in T-shirts and sunglasses who are said to have died for the regime's cause. It also links to pro-Assad Facebook pages.

All the SEA attacks have been carried out via "phishing" e-mails which lure recipients into thinking that they are at the login site, so that the hackers can capture e-mail addresses and passwords. The sites used against The Guardian were registered in Cyprus, though they pointed to a site in the US which "hosts a whole load of malware", according to Rik Ferguson of the security company Trend Micro.

Ferguson described the hackers' work as "very visible" and commented: "They aren't terrible at what they do, but you'd have to say from their choice of targets - the GuardianBooks Twitter account, the BBC Weather account - that the hacks aren't serving any great purpose."