Justice Department Charges Pro-Assad Hackers Over Cyber-Attacks

The Justice Department announced criminal conspiracy charges against three current or former members of the Iran-backed hacking group Syrian Electronic Army (SEA), the Associated Press reported on Tuesday.

Two of the suspects– Ahmad Umar Agha, 22, and Firas Dardar, 27– are believed to be in Syria. They were charged with “spear-phishing,” or using official-looking e-mails to scam recipients into revealing their login details, which allowed them to compromise American and foreign computer systems from 2011 to 2014.

A third man, 36-year-old Pierre Romar of Germany, was charged with helping Dardar with extortion attempts. Using spear-phishing, they demanded a total of $500,000 from targets in the United States and abroad, though often accepted smaller payments. Romar helped move the money to Syria, a process complicated by American sanctions against the direct transfer of funds to the country. In one case, an unidentified California-based web-hosting company paid $1,500 after the group threatened to sell the firm’s user database to other hackers.

Agha and Dardar reportedly used their unauthorized access to compromise the websites of National Public Radio, CNN, The Onion, E! Online, the Daily Dot, New York Post, Time magazine and Vice. They also reportedly shut down the New York Times’ website after infiltrating one of its vendors.

The Department of Justice’s statement on the charges provided other examples of the attacks carried out by Agha and Dardar:

For example, starting in 2011, the conspirators repeatedly targeted computer systems and employees of the Executive Office of the President (EOP). Despite these efforts, at no time was an EOP account or computer system successfully compromised. Additionally, in April 2013, a member of the conspiracy compromised the Twitter account of a prominent media organization and released a tweet claiming that a bomb had exploded at the White House and injured the President. In a later 2013 intrusion, through a third-party vendor, the conspirators gained control over a recruiting website for the U.S. Marine Corps and posted a defacement encouraging U.S. marines to “refuse [their] orders.”

The Justice Department included Agha and Dardar in their Cyber Most Wanted list and announced an award of $100,000 for information leading to their arrests.

Last week, news that a federal indictment would be issued in April over an Iranian cyber-attack against a dam in upstate New York prompted Sen. Chuck Schumer (D – N.Y.) to say that Iran had fired a “shot across the bow” of the United States.

In Iran Has Built an Army of Cyber-Proxies, which was published in the August 2015 issue of The Tower Magazine, Jordan Brunner explained that Iran has fostered a number of international cyber-proxies, including the Syrian Electronic Army:

Iran is adept at building terrorist and other illicit networks around the world. Its cyber-capabilities are no different. It uses the inexpensive method of training and collaborating with proxies in the art of cyber-war. It may also have collaborated with North Korea, which infamously attacked Sony in response to the film The Interview. It is possible that Iran assisted North Korea in developing the cyber-capability necessary to carry out the Sony hack. While acknowledging that there is no definite proof of this, Claudia Rosett of the Foundation for Defense of Democracies raised the question in The Tower earlier this year.

More importantly, Iran is sponsoring the cyber-capabilities of terrorist organizations in Lebanon, Yemen, and Syria. The first indication of this was from Hezbollah. The group’s cyber-activity came to the attention of the U.S. in early 2008, and it has only become more powerful in cyberspace since then. An attack that had “all the markings” of a campaign orchestrated by Hezbollah was carried out against Israeli businesses in 2012.

Lebanon’s neighbor, Syria, is home to the Syrian Electronic Army (SEA), which employs cyber-warfare in support of the Assad regime. There are rumors that indicate it is trained and financed by Iran. The SEA’s mission is to embarrass media organizations in the West that publicize the atrocities of the Assad regime, as well as track down and monitor the activities of Syrian rebels. It has been very successful at both. The SEA has attacked media outlets such as The Washington Post, the Chicago Tribune, the Financial Times, Forbes, and others. It has also hacked the software of companies like Dell, Microsoft, Ferrari, and even the humanitarian program UNICEF.

[Photo: FBI ]