Information Warfare: Syria Attacks The U.S. Army

Archives

June 17, 2015: A group of pro-government Syrian hackers recently defaced the U.S. Army web site. Not a very high-tech operation but it is another example of how a small group of hackers can have a highly visible impact. These hacks have represented many of the rare victories for the beleaguered Syrian government. The Syrian Assad dictatorship is fighting a losing battle against a four year old rebellion by most of its population. The Assads have few friends abroad but their two closest allies; Russia and Iran, have openly supplied cash, weapons and personnel to keep the Assads going. These two allies are also believed largely responsible for the success of a group of Syrian hackers calling themselves the Syrian Electronic Army (SEA). The SEA has been unable to do much damage to Israel, long the main foreign foe of the Assad government. Israel has one of the largest and most successful collection of Internet security firms on the planet and the SEA has found more success at hacking high-profile media sites everywhere but in Israel. This has been going on since early 2011 and the recent U.S. Army hack is fairly typical of their work.

The SEA has been especially effective using spear fishing (attaching hacking software disguised as documents the recipient is urged to look at right away) to hack into media sites. Despite most media companies having in place software and personnel rules to block spear fishing attacks there are so many email accounts to attack and you only have to get one victim to respond for the SEA to get in (using the login data from the compromised account). The automated defenses are supposed to block the actions of the hacker software that is triggered when the victim clicks on the email attachment, but hackers keep finding exploitable vulnerabilities to these defenses and this creates an opening, as least until that vulnerability is recognized and patched.

The SEA apparently has enough cash and expertise to know where in the hacker underground the latest and most effective malware attachments can be found and purchased. With that, it’s just a matter of modifying the malware package, buying the email lists (of people likely to respond to a certain type of message) and the services of an illegal network of hacked PCs (a botnet) to transmit your spear fishing emails.

The SEA has another big advantage; Russia which is where some of the most skilled hackers in the world operate from, and they do this by not attacking Russian targets and doing whatever the Russian government asks them to do. Apparently Russia told the Internet thugs they shelter to do what they can for the SEA and that has made the SEA far more effective than it would be if it just relied on its Syrian and Iranian members. Russia has apparently done this same favor for Iran. The Russians have also been helpful in increasing Internet defenses for the Syrian government. A lot of pro-rebel hackers and foreign intelligence agencies have been trying to use the Internet to spy on the Assad government.

Despite four years of violence and chaos in Syria, the Internet continues to function, especially in major urban areas and those controlled by the government. In 2011 about 20 percent of Syrians were using the Internet. That has declined since then but in government controlled areas the old Internet access is still available while in the rebel controlled areas you have to rely on more expensive and limited Internet sources (usually wireless access via local entrepreneurs).