FAQs about hacks: Everything you need to know about the Syrian Electronic Army

What is the Syrian Electronic Army? What are they after? Should you be scared? Read on for the answers.

In the past 24 hours, the New York Times went down and Twitter images went wonky, while the Huffington Post dodged a digital bullet. All the chaos comes courtesy of the Syrian Electronic Army, a hacker group in love with Syrian president Bashar al-Assad--and this isn't the first time the cyber boogeymen have lashed out at Western targets.

But what's all the hub-bub about? Should you be worried about the Syrian Electronic Army? Is there a chance you and I could get caught in the crossfire, the way Lulzsec leaked so many passwords a few summers back? Read on to learn everything you need to know about the Syrian Electronic Army.

What is the Syrian Electronic Army?

Nobody knows for sure, but all indications suggest that is a group of pro-al-Assad hackers, rather than an official government group.

The Syrian Electronic Army has been responsible for numerous high-profile hack attacks, including the hijacking of the Twitter accounts across the media spectrum--from venerable outlets like NPR, CBS, and the Associated Press all the way to BBC Weather, The Onion, and E! Online. Yesterday, the group claimed responsibility for the DNS-based troubles fouling the New York Times, Twitter, and the Huffington Post UK.

Are they in it for the lulz?

Unlike Lulzsec, which sowed havoc across the Web for nothing more than giggles (and eventual betrayal and jail time), the Syrian Electronic Army operates with more ideological goals. The hacker collective's targets media entities with large followings, then uses the hijacked Twitter accounts and Websites to spread a pro-al-Assad message.

"There are many targets that were vulnerable that we felt were fair to Syria and had balanced coverage, we did not strike them," a Syrian Electronic Army representative told the Verge in May.

Yesterday's DNS attacks occurred as rumors of a U.S. strike in Syria abound, after the American government said there was "no doubt" that al-Assad deployed chemical weapons to kill hundreds of Syrians.

So they're just glorified script kiddies, right?

Not quite.

Sure, the group's hijackings didn't take much skill beyond adept social engineering, and yes, a lot of the Syrian Electronic Army's shouting has been of the juvenile and meme-filled variety.

"The Syrian Electronic Army actually makes a lot more sense if you think of them as pranksters who also happen to love Assad than as state-aligned hackers in pursuit of concrete goals," the Washington Post recently wrote.

But don't mistake the group's silliness for stupidity!

Melbourne IT, the registrar that was attacked in order to fell the Times and other yesterday, has a reputation for strong security chops, according to CloudFlare. Indeed, after a group of HP researchers studied the Syrian Electronic Army for a number of months, they noted that the SEA is considered "one of the top 10 most skilled hacking teams in the world."

Oh no! Should I be worried?

Yes and no.

Thus far, the Syrian Electronic Army has largely been targeting the digital equivalent of microphones, rather than the masses: It's trying to spread the pro-al-Assad word via hijacked media accounts. Yesterday's attack didn't affect user accounts or data in any way, as far as experts can tell.

But that doesn't mean the group intends to stay mostly harmless. In the midst of Tuesday's attacks, experts from Google, OpenDNS, and Cloudflare found that the Syrian Electronic Army site that replaced the New York Times homepage appeared to be infested with malware.

Oh no! How can I protect myself against that?

You shouldn't have anything to worry about if you take some basic online security precautions--the kind of stuff you should already be doing, anyway. Install an antivirus program and keep it up to date to protect against potential malware infections.

Likewise, you can keep your online accounts buttoned up by activating two-factor authentication wherever possible--Twitter offers both SMS- and app-based two-factor authentication, for example--and, more importantly, by never reusing passwords across multiple sites. It's not as hard as it sounds! Password managers can take a lot of the hassle out of, well, password management, and PCWorld has a guide to building better passwords without losing your mind.

Join the CSO newsletter!

Error: Please check your email address.

Tags hackerssecuritytwitterWebsites

More about BBC Worldwide AustralasiaCBS CorporationGoogleHPMelbourne IT

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Brad Chacos

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts