Syria's Cyber-Propaganda Hacks a Form of Psychological Warfare

Concomittant Hacks Could Follow a U.S. Attack on Syria
By on

A Syrian hacker group has claimed responsibility for disrupting and halting U.S. based websites, including the New York Times.

This comes as no surprise after threats by United States President Barack Obama to attack Syria. News reports had mentioned that the stealth bomber was one option that the U.S. military would have taken against Syrian President Bashar al- Asaad, who had launched chemical attack on Syria’s civilians. This is the second time that the New York Times Web site has been hacked in August. The recent attack came from a pro-Syrian group known as the Syrian Electronic Army.

At 3:17am, New York Time, the Eyewitness News Web site of WABC-TV reported that the New York Times is reporting that its website has been hacked. The VP of Corporate Communications tweeted that the disruption was due to malicious activity from an external source. The Times said it was on resolving the problem. As soon as the source of the attack was known, the New York Times set up alternate Web sites to rebut with articles on the chemical attacks in Syria; One headline read, "Not Easy to Hide a Chemical Attack, Experts Say."

MIT Technology Review’s Tom Simonite’s gave his analysis of the cyberspace disruption saying, “The Syrian Electronic Army (SEA) has made high profile attacks in the past, taking over the Twitter accounts of the Associated Press and The Onion, and redirecting visitors to the Washington Post. But the timing of today’s attack shows how an Internet gadfly like the SEA can punch far above its weight,” the reported. Simonite added, “President Obama’s decision about whether to use force in Syria won’t hang on the actions of the SEA, but the group can hardly be ignored altogether. By bringing down high profile US web sites the SEA can surely affect how the US response is perceived, both domestically and overseas. In the event of a US strike against Syria in the coming days, a second wave of successful attacks against American websites in response could even be embarrassing to Obama.”

Melbourne IT, the domain firm hosts some of the biggest names in the business like Microsoft and Yahoo and the security breach could have been disastrous. "This could've been one of the biggest attacks we've ever seen, if they were more subtle and more efficient about it," said Rapid7’s chief research officer at HD Moore, a cyber security firm.

The SEA has previously packed the U.K.’s Guardian, the Washington Post, and the Associated Press. The current attack affected The Huffington Post and Twitter as well.

The SEA was able to take down the Web sites by manipulating its domain names with the hosting firm, Melbourne IT in Australia, according to The Washington Post.

Alien Vault’s researcher Jaime Blasco noted, "They (SEA) don't seem to be interested in infecting end users, which is a good thing." Hackers who successfully break into MelbourneIT's systems could potentially redirect and intercept emails sent to addresses under certain domains, researchers said. And users of sites that don't begin with "https" could have been fooled into entering passwords that could have been captured.”

Media firms ignored hackers until 2011. These hacks are preventable if nothing is downloaded from the Net, say experts: "As this incident illustrates, any time you integrate third-party code into your site, it presents a new attack vector for hackers. You must not only ensure your own code is secure, but you must also rely upon third parties' security practices," said a privacy officer and attorney Aaron Titus, Identity Finder in an Associated Press report. Santa Clara, Calif.-based based security firm, McAffee said that cyber attacks are expected as long as there are media organizations playing a leading role as critics and commentators on the Internet, Business Week reports.

The head of technology at Intel Corp's McAfee security division Michael Fey at McAfee security division described the incident by saying, "They changed just a few sites, but if they had actually gone all out, they could've had most of the Internet watching them run the show."

Timeline of SEA Hacks (Source: Wikepedia)

  • 23 April 2013: The SEA hijacked the Associated Press Twitter account and falsely claimed the White House had been bombed and President Barack Obama injured.
  • May 2013: The Twitter account of The Onion was compromised by the SEA, by phishing Google Apps accounts of The Onion's employees.
  • May 2013: The ITV news London Twitter account was hacked on the 24th May 2013 by the SEA. The Android applications of British Broadcaster Sky News were also hacked on 26 May 2013 on Google Play Store.
  • 17 July 2013, Truecaller servers were allegedly hacked into by the Syrian Electronic Army.The group claimed on its twitter handle to have recovered 459 GiBs of database, primarily due to an older version of Wordpress installed on the servers. The hackers also releasedTrueCaller's alleged database host ID, username, and password via another tweet. On 18 July 2013, Truecaller issued a statement on its blog stating that their servers were indeed hacked, but claiming that the attack did not disclose any passwords or credit card information.
  • 23 July 2013: Viber servers were allegedly hacked into by SEA as well. The Viber support website was replaced with a message and a supposed screenshot of data that was obtained during the intrusion.
  • 15 August 2013: Advertising service Outbrain was hacked by the SEA via a spearphishing attack. This allowed them to place redirects into the websites of The Washington Post, Time, and CNN.
  • 27 August 2013: has its DNS redirected to a page that displays the message "Hacked by SEA" and Twitter's domain registrar was changed.
Join the Discussion