FAQs about hacks: Everything you need to know about the Syrian Electronic Army

In the past 24 hours, the New York Times went down and Twitter images went wonky, while the Huffington Post dodged a digital bullet. All the chaos comes courtesy of the Syrian Electronic Army, a hacker group in love with Syrian president Bashar al-Assad—and this isn't the first time the cyber boogeymen have lashed out at Western targets.

But what's all the hubbub about? Should you be worried about the Syrian Electronic Army? Is there a chance you and I could get caught in the crossfire, the way Lulzsec leaked so many passwords a few summers back? Read on to learn everything you need to know about the Syrian Electronic Army.

What is the Syrian Electronic Army?

Nobody knows for sure, but all indications suggest that is a group of pro-al-Assad hackers, rather than an official government group.

Syrian Electronic Army
The SEA seized control of the DNS records for Twitter's image servers Tuesday. (Click to enlarge.)

The Syrian Electronic Army has been responsible for numerous high-profile hack attacks, including the hijacking of the Twitter accounts across the media spectrum—from venerable outlets like NPR, CBS, and the Associated Press all the way to BBC Weather, The Onion, and E! Online. Yesterday, the group claimed responsibility for the DNS-based troubles fouling the New York Times, Twitter, and the Huffington Post UK.

Are they in it for the lulz?

Unlike Lulzsec, which sowed havoc across the Web for nothing more than giggles (and eventual betrayal and jail time), the Syrian Electronic Army operates with more ideological goals. The hacker collective targets media entities with large followings, then uses the hijacked Twitter accounts and Websites to spread a pro-al-Assad message.

"There are many targets that were vulnerable that we felt were fair to Syria and had balanced coverage, we did not strike them," a Syrian Electronic Army representative told the Verge in May.

Yesterday's DNS attacks occurred as rumors of a U.S. strike in Syria abound, after the American government said there was "no doubt" that al-Assad deployed chemical weapons to kill hundreds of Syrians.

So they're just glorified script kiddies, right?

Not quite.

Tweets from the SEA-hijacked E! Online account weren't exactly highbrow. (Click to enlarge.)

Sure, the group's hijackings didn't take much skill beyond adept social engineering, and yes, a lot of the Syrian Electronic Army's shouting has been of the juvenile and meme-filled variety.

"The Syrian Electronic Army actually makes a lot more sense if you think of them as pranksters who also happen to love Assad than as state-aligned hackers in pursuit of concrete goals," the Washington Post recently wrote.

But don't mistake the group's silliness for stupidity!

Melbourne IT, the registrar that was attacked in order to fell the Times and other yesterday, has a reputation for strong security chops, according to CloudFlare. Indeed, after a group of HP researchers studied the Syrian Electronic Army for a number of months, they noted that the SEA is considered "one of the top 10 most skilled hacking teams in the world."

Oh no! Should I be worried?

Yes and no.

Thus far, the Syrian Electronic Army has largely been targeting the digital equivalent of microphones, rather than the masses: It's trying to spread the pro-al-Assad word via hijacked media accounts. Yesterday's attack didn't affect user accounts or data in any way, as far as experts can tell.

But that doesn't mean the group intends to stay mostly harmless. In the midst of Tuesday's attacks, experts from Google, OpenDNS, and Cloudflare found that the Syrian Electronic Army site that replaced the New York Times homepage appeared to be infested with malware.

Oh no! How can I protect myself against that?

Malware virus

You shouldn't have anything to worry about if you take some basic online security precautions—the kind of stuff you should already be doing, anyway. Install an antivirus program and keep it up to date to protect against potential malware infections.

Likewise, you can keep your online accounts buttoned up by activating two-factor authentication wherever possible—Twitter offers both SMS- and app-based two-factor authentication, for example—and, more importantly, by never reusing passwords across multiple sites. It's not as hard as it sounds! Password managers can take a lot of the hassle out of, well, password management, and PCWorld has a guide to building better passwords without losing your mind.

Subscribe to the Security Watch Newsletter

Comments