Israel Awaits Cyberattack From Syrian Electronic Army

The Syrian Electronic Army, related to elements supporting President Assad, intensifies its targeting of government bodies and global media outlets. 

al-monitor An illustration picture shows a projection of binary code on a man holding a laptop computer, June 24, 2013.  Photo by REUTERS/Kacper Pempel.

Topics covered

syrian, syria, israel, barack obama

Sep 4, 2013

Does the Internet invent new phenomena, or just develop and perfect existing phenomena? We find, in most cases, the Internet does not necessarily invent new phenomena, but obviates the physical element — namely, borders and distances in the world we know become superfluous. The Internet then takes terms, phenomena and activities we have known from time immemorial and imbues them with new dimensions. 

This is true for terms such as social networks, espionage, fundraising for various ends and even preparing terrorist activities. Today, the Internet facilitates these and many other activities much faster and more easily than in the past. 

One example is the ability to create an “electronic army” that protects a country in the cyberdomain from its internal and external enemies, such as the Syrian Electronic Army (SEA). 

The identity of this body, which began operating a few months after the beginning of the rebellion, is still obscure. On the organization’s Internet site, its activists claim to be a group of youths who hack sites on their own initiative, without connection to the Syrian government. Yet a study conducted a short time after this organization began to function found links between it and government elements, at least in regard to the organization’s Internet site. Also, President Bashar al-Assad praised these activists (in a speech on June 20, 2011) and called them a “real army in virtual reality.”

The Syrian Electronic Army is prominent in several ways: It's very up-to-date; it reports in Arabic and English simultaneously; it exhibits heavy activity; and it maintains a site (that has changed its appearance and URL address several times). It also maintains a prominent presence on the various social networks with an emphasis on Facebook and Twitter (their accounts are frequently closed by the social networks but are then re-opened by SEA); they are also present on Instagram and elsewhere.

An analysis of the various attacks carried out by the Syrian Electronic Army from the beginning of its existence shows that its goal is to protect Syrian interests while using offensive tools in cyberspace. The group does not protect Syrian Internet sites or computer systems, but carries out various attacks against those perceived as being Syria’s enemies, internal and external.

These various procedures point to two main targets,  government-affiliated groups within regional countries and Arab and Western media. Recently,  even Internet communication applications have been targeted.

The lion’s share of SEA activity is targeted against the Western media, usually through hacking into their Twitter accounts and inserting various messages. Such actions were perpetrated against the Financial Times (the group hacked into 30 Twitter accounts of this journal), The Washington Post, the BBC and Al Jazeera, among others in the Western and Arab world. 

But the most infamous act of all executed by the Syrian Electronic Army (in late April 2013) was the fabricated news item it inserted in The Associated Press' Twitter account. This item falsely reported that there had been two explosions at the White House and that President Barack Obama had been injured. In light of the importance of this news and the integrity of its source, financial markets suffered immediate repercussions.

In addition, the Syrian Electronic Army attacked companies dealing with Internet-based media products and computer systems (mainly email servers) of government sources in countries of the region, and leaked content and correspondence from these servers to embarrass and harm Syria’s enemies. As part of this campaign, the group breached email servers in the office of the Turkish prime minister, the Turkish Interior Ministry, Qatar government ministries, Saudi Arabia’s Defense Ministry, the Arab League and more.. 

The increase in the scope of news reports and rise in tension related to the possible American assault on Syria has led to activity on two levels: On Aug. 27, SEA announced that it succeeded in changing the registration data of Twitter’s domain, and attached a picture testifying to this. The next day, SEA published a list of additional addresses connected to Twitter, addresses that SEA ostensibly breached, including Twitter in the United Arab Emirates and in Great Britain. SEA also breached the domain-name server (DNS) of The New York Times and of the Huffington Post. Simultaneously, SEA publicized that the company that provides it with storage services suspended all its site activities until the morning of Sept. 1.

In addition, links appeared on the Facebook account of the Syrian Electronic Army (during the evening of Aug. 31) to the official Facebook pages of the US Marines, President Obama, CNN and The Associated Press, accompanied by explanations in Arabic. Were these future targets of the Syrian Electronic Army activists? Yes indeed; on Sept. 2, they breached the Facebook page of the Marine Corps.

Yet the Syrian Electronic Army does not only serve as an instrument of attack against Syria’s enemies, both external and internal, but also as a propaganda tool for the benefit of the Syrian government and those who head it. As the reports about an approaching American attack proliferate and as tensions rise, SEA has intensified its propaganda activities and responds to events via Twitter messages in which it states that its activists are planning “many surprises,” and are readied for an attack.

SEA also documents demonstrations against the planned attack; it published an announcement in which the Syrian defense minister stated that his army is ready to grapple with “any type of military aggression.” SEA also publicized various propaganda posters and cries of encouragement for the Syrian army and for Assad.

As part of the psychological warfare being conducted in the online arena, a Twitter account was opened recently, purporting to belong to the SEA, with condemnations of the Syrian leadership and its use of chemical weapons.

The Syrian Electronic Army, operating in cyberspace, is probably not the fruit of independent initiative but, instead, supported by Syrian governmental bodies in order to fight Syria’s enemies, both internal and external, on the cyber front. Its emphasis is on its war against other governments in the region and against the Western media. So far, its attacks have not been high quality and cannot cause real damage to a country’s infrastructure. Instead the attacks have been against Internet sites and email servers; these actions are well reported in the media but cause psychological damage, rather than real harm. 

While action against Israel has been marginal to date, we must be cognizant of this organization, its objectives, capabilities and activities. We must keep tabs on the repercussions and media damage caused by such simple actions as breaching a Twitter account.

Tal Pavel holds a doctorate in Middle Eastern Studies from Bar Ilan University and is an expert on Internet and information technologies in the Middle East and the Islamic world. He lectures at the Communication School of the Netanya Academic College. Pavel is the founder and owner of Middleeasternet company, and is engaged in research, consulting and lecturing in the field of Internet and online threats from the Middle East and the Islamic world.

Continue reading this article by registering at no cost and get unlimited access to:
  • Al-Monitor Archives
  • The Week in Review
  • Exclusive Events
  • Invitation-only Briefings

More from  Tal Pavel