Syrian Hackers Now on FBI's List of Most-Wanted Cybercriminals

Syrian hackers replaced the paypal.co.uk homepage with this image.

Syrian hackers replaced the paypal.co.uk homepage with this image. Syrian Electronic Army/Twitter

The FBI has charged the group with attacking dozens of U.S. companies, media organizations and even the White House.

In late April 2013, a tweet from the Associated Press claimed that a pair of explosions at the White House had injured President Barack Obama. Markets reacted nearly instantly, sending stocks plunging. But when, a short time later, Press Secretary Jay Carney told reporters there was no explosion, the market quickly righted itself.

The news organization’s Twitter account was hacked, it turned out. A group calling itself the Syrian Electronic Army claimed credit. In only a few minutes, their rogue tweet demonstrated the market-moving power of 140 characters sent from a credible source.

The Syrian Electronic Army has also defaced websites belonging to the U.S. Marines, Harvard University, and Human Rights Watch, as well as websites and Twitter feeds of other major news organizations like the BBC, CNN and The Washington Post. The group’s members remained anonymous, going by pseudonyms like “The Shadow” and “The Pro.”

But on Tuesday, the Justice Department revealed the identity of three members of the group, charging them with computer hacking and placing two of them on the FBI’s “Cyber’s Most Wanted” list. The FBI is offering a $100,000 bounty for information leading to their arrest.

The newest additions bring the 3-year-old “Cyber’s Most Wanted” list to 19 members. The list includes five members of China’s People’s Liberation Army and an assortment of hackers from Eastern Europe and Russia.

The most recent inductees are young Syrians: 22-year old Ahmad Umar Agha, known as “The Pro”; 27-year-old Firas Dardar, known as “The Shadow.” The FBI also brought charges against 36-year-old Peter Romar, who it says is based in Germany.

Ahmad Umar Agha, left, and Firas Dardar (FBI)

That Agha and Dadar were able to sow such chaos from behind their laptops in a country in the throes of a civil war illustrates the Internet’s power to democratize conflict. Oceans can’t protect the U.S. from cyberattacks, most of which originate in countries that are (at least technically) at peace with America.

And compared to capers like a massive Chinese heist of personal data from the Office of Personnel Management, the Syrians’ attacks were mild.

FBI agents filed two criminal complaints that implicate the three men in 2014 and 2015, but the charges were only unsealed on Tuesday. They paint a picture of a long-running series of targeted online attacks on the U.S. government, media organizations, and private companies worldwide.

The Syrian Electronic Army says it supports the government of Syrian President Bashar al-Assad, and some of its actions appeared to be retaliation for American support of rebel groups fighting against Assad’s regime. Those included a series of unsuccessful attacks on the White House, where group members posed as White House employees to try and steal login credentials for a White House Twitter account.

In a separate attack, they redirected people attempting to visit the website marines.com to a page that encouraged American soldiers to “refuse [their] orders.” (That particular bit of mischief earned Agha and Dardar a charge of attempting to cause mutiny of the U.S. armed forces.)

But other online attacks were engineered to maximize personal gain, according to the Justice Department complaint. The FBI alleges that Agha and Dardar hacked into companies in Europe, Asia, and U.S., threatening to delete or sell their private data unless paid a ransom. The FBI investigation identified 14 victims, from whom the attackers attempted to extract a total of $500,000. The complaint said the hackers weren’t always paid in full.

The FBI found the hackers’ identities by obtaining search warrants for their Google and Facebook accounts. The men often used Gmail accounts to threaten and extort money from their victims, investigators said.

In a statement issued Tuesday, Assistant Attorney General John Carlin acknowledged the complicated nature of the case his department unsealed.

“The allegations in the complaint demonstrate that the line between ordinary criminal hackers and potential national security threats is increasingly blurry,” Carlin said.

Beyond offering rewards for their capture, the FBI has limited options to bring the Syrian hackers in. But that’s not to say the U.S. takes the threat of hackers abroad lightly. In August, a targeted drone strike killed Junaid Hussain, a British national in his 20s affiliated with the Islamic State who had allegedly hacked U.S. military systems and contributed to the group’s online defenses.

Hussain had attracted the interest of U.S. officials not just for his hacking prowess, but also for his efforts to recruit others and his apparent leadership role in the Islamic State.

The Syrian hackers are less likely to find themselves in the crosshairs of a military drone than an IS operative—and besides, if counterterrorism officials wanted these men dead, they probably wouldn’t wait for the FBI to unseal years-long investigations into their actions.

But there’s no question that hackers abroad who target the U.S. are being closely followed by law enforcement here. Malicious code can be as big a threat as bullets and missiles to national security, and are much more easily delivered.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.