This story is over 5 years old.


The US Has Indicted Three Alleged Syrian Electronic Army Hackers for Cyber Crimes

The trio is accused of being associated with a hacking group that supports Syrian President Bashar al-Assad that has claimed responsibility for hacks targeting the media, human rights organizations, and the US government.
Imagen vía FBI

On Tuesday, US authorities charged three members of the Syrian Electronic Army — a hacking group that supports Syrian President Bashar al-Assad — with a series of cyber crimes targeting media organizations, private companies, and the US government.

A statement from the Department of Justice said the trio faces a range of conspiracy charges, including "participating in a hoax regarding a terrorist attack" and "attempting to cause mutiny in the US armed forces," as well as counts of wire fraud and money laundering. Arrest warrants have been issued for each of them.


The problem is that the FBI doesn't really know where the three men are.

Ahmed al-Agha, a 22-year-old who is also known as Ahmad Umar Agha and "Th3 Pr0," and Firas Dardar, a 27-year-old who calls himself "The Shadow," are believed to be in Syria. The FBI has put both men on their Cyber's Most Wanted list, and are offering $100,000 for any information that could help authorities arrest either of them. The third suspect, Peter "Pierre" Romar, 36, is a Syrian national who is believed to be in Germany.

— FBI Washington Field (@FBIWFO)March 22, 2016

Prosecutors from the US District Court in Virginia said that the hackers used spear fishing, a popular hacking technique in which they lure their victims by sending emails purporting to be a trusted source. Those emails contain a link. If the recipient unwittingly clicks on the link in the email, malware is downloaded onto their server. Through those malicious spyware programs, a hacker can learn secret log-ins and passwords needed to access a normally private account.

Their victims tended to be critics of Assad's regime. The alleged hackers would gain access to the servers of prominent news and human rights organizations and infiltrate it with pro-Assad propaganda.

The Syrian Electronic Army was behind a notorious hack into the Associated Press Twitter account in April 2013. It generated a fake tweet that read: "Breaking: Two explosions in the White House and Barack Obama is injured." Social media went nuts and the stock market had a momentary heart attack. The Dow Jones Industrial Average plummeted almost 143 points in just three minutes after the news broke, but rebounded after the Associated Press released a statement saying it had been hacked.


Stocks Plunged & Quickly Recovered on Fake — Brian Hauer (@MavenTraders)May 1, 2013

The Syrian Electronic Army soon claimed responsibility for the hack, tweeting, "Ops! @AP get owned by Syrian Electronic Army! #SEA #Syria #ByeByeObama," from an account that has since been suspended.

The complaint against Agha and Dardar reels off a litany of successful hacks. The first occurred in September 2011. The two suspects, who are referred to in the complaint as "The Conspiracy," are accused of hacking into the Harvard University server and uploading a picture of Assad to the university's homepage along with a banner reading "Syrian Electronic Army Were Here."

A number of other hacks into the servers of the Washington Post, VICE, NPR, and the like rerouted the URLs of online stories so that readers visiting the page would be redirected to the hacking group's website.

In March 2013, a "member of the Conspiracy" used credentials belonging to employees of Human Rights Watch and posted multiple messages on their homepage, including one that read, "Syrian Electronic Army were here. All your reports are FALSE." In the year before the hack, HRW had published a series of damning reports detailing atrocities committed by Assad's forces against Syrian civilians.

The group also targeted UNICEF, the UN's children agency.

For who missed the — SyrianElectronicArmy (@Official_SEA16)October 2, 2014

And Microsoft.


— SyrianElectronicArmy (@Official_SEA16)January 11, 2014

The alleged hackers were also accused of making repeated, unsuccessful attempts to crack the White House internal server.

A second complaint alleges that Dardar "conducted computer intrusions from his location in Syria and sent threats and demands for payment to each victim." If a victim couldn't make extortion payments directly to the group's accounts in Syria due to sanctions, the complaint alleges, Romar functioned as a sort of intermediary. Stationed in Germany, he allegedly received and attempted to transfer extorted funds to the Syrian Electronic Army.

"The tireless efforts of US prosecutors and our investigative partners have allowed us to identify individuals who have been responsible for inflicting damage on US government and private entities through computer intrusions," US Attorney Dana Boente said in a statement. "Today's announcement demonstrates that we will continue to pursue these individuals no matter where they are in the world."

"These three members of the Syrian Electronic Army targeted and compromised computer systems in order to provide support to the Assad regime as well as for their own personal monetary gain through extortion," said Paul Abbate, the FBI's assistant director in charge.

Assistant Attorney General John Carlin said that the alleged hackers sought to destabilize economic and national security while operating for their own financial gain.

"The allegations in the complaint demonstrate that the line between ordinary criminal hackers and potential national security threats is increasingly blurry," he added.