After months of cyber attacks against western media organizations, the Federal Bureau of Investigation has finally put the Syrian Electronic Army on its radar.
According to a one-page unclassified memo obtained by The Desk on Wednesday, the FBI’s Cyber Division said the SEA had been responsible for compromising “high profile media (websites) through a new tactic of hacking third party networks.”
The “new tactic” referred to the SEA’s August 27th cyber attack against the New York Times, Huffington Post and Twitter in which the group compromised an online service that sells and maintains web addresses (known as domain names) to the high-profile companies.
When the group hijacked an account associated with Melbourne IT, it was able to gain access to records associated with NYTimes.com, HuffingtonPost.co.uk and Twitter.com. The group changed several records so that the web addresses pointed to the SEA’s own website, which at the time featured pro-Syria messages.
Following the cyber attack, which Melbourne IT later acknowledged, the New York Times temporarily shut down its digital service. The move caused the New York Times website, mobile and tablet apps to be unavailable for hours. Twitter, meanwhile, acknowledged that some of its photo hosting services were briefly affected (the main Twitter service was unaffected), while the Huffington Post chugged along without issue.
Last week’s attack was the group’s most-sophisticated. In months prior, the SEA had compromised social media profiles for western news organizations by sending fake email messages to news staff in an attempt to gain access to login credentials. The process, called “phishing,” has more to do with scamming than it does with hacking — it is the equivalent of a car thief tricking a drunk casino patron into handing over his car keys by pretending to be the valet.
The SEA has been successful in tricking IT managers and newsroom employees at CBS News, Thomson Reuters, Agence France-Presse, ITV News and other media companies into handing over e-mail credentials; those credentials were used to compromise social media profiles associated with the news organizations.
In one high-profile attack outlined in the FBI memo, the SEA used a compromised Associated Press Twitter account to send an erroneous breaking news alert that briefly caused the Dow Jones Industrial Average to lose billions of dollars (the index recovered a few minutes later when it became apparent the information was fake).
While most of the mischief originates with the SEA, the FBI apparently has enough concern that offshoot groups or individuals “sympathetic to the SEA” may target U.S.-based websites and networks.
“Please maintain heightened awareness of your network traffic and take appropriate steps to maintain your network security,” the FBI memo said.
The memo was the FBI’s first public acknowledgement of the hacker group. Lately, news organizations have turned their attention off the group’s hacking activities in an attempt to identify people associated with the SEA. In one case, an article published by VICE’s MotherBoard questioned whether a 19-year-old Syrian man was a hacker called Th3 Pr0, one of the self-identified leaders of the SEA.
In an interview with The Desk, Th3 Pr0 said the VICE report was wrong and threatened to delete the article from VICE’s website if the news organization didn’t do it themselves. While the post is still live on VICE’s website, a Facebook photo used in the article was removed after several people, including hackers with the SEA, questioned its accuracy.
Document: Read the one-page FBI memo on the Syrian Electronic Army
Interview: A conversation with the Syrian Electronic Army
The Desk: Syrian Electronic Army compromises U.S. Marines recruitment website