The Syrian Electronic Army, which has been grabbing headlines in recent days after its attack that disrupted the NY Times and Twitter, says it may retaliate using “methods of causing harm” for the US economy if the US strikes Syria.
From ABC News:
“When we hacked media we do not destroy the site but only publish on it if possible, or publish an article [that] contains the truth of what is happening in Syria,” the alleged member, who goes by SEA The Shadow online, told ABC News in an email exchange late Wednesday. “So if the USA launch attack on Syria we may use methods of causing harm, both for the U.S. economy or other.”
“All American sites will be our targets and we may be more destructive,” the hacker said.
But many are skeptical of the Syrian Electronic Army’s abilities.
To date, the group hasn’t really employed much in the way of sophisticated hacking. Their efforts have largely been that of phishing and social engineering. They’ve also been creative enough to find other sources of dependent weaknesses to exploit, rather than going after the big targets directly. And the SEA’s goal has been more about grabbing attention and getting its pro-Assad message out than it has been about causing any real damage.
The attack earlier this week that disrupted the NY Times and Twitter was actually the result of a successful spearphishing attack that targeted Melbourne IT, the registrar of those companies’ domains.
Many of SEA’s earlier attacks have also been similar, such as one that affected the Washington Post and other news outlets. The target of that attack was actually content recommendation service Outbrain, of which the impacted media outlets are customers. Details later released by Outbrain in the aftermath of the incident revealed that it was also a successful phishing attack by the SEA that compromised its service.
Peruse any number of SEA’s numerous attacks and you’ll find that most have been the result of a combination of creative target selection and phishing.
Given the group’s typical methods, it’s unclear if they’re capable of stepping up their attacks to something more sophisticated. Cybersecurity experts are skeptical, according to ABC News.
“I think they will retaliate and I think they will do some disruption,” former White House counter-terrorism advisor, cyber security expert and ABC News consultant Richard Clarke said. “[But] they haven’t done anything that I’ve seen that involves sophisticated… malware.”
“Of course it depends on whether or not they have stuff in reserve that they’ve been holding, who is helping them and how much money they’re willing to spend to get help,” Clarke said, referring to suspicions that the group could be supported by the Syrian government or by Iran and to the thriving black market for high-level malware. SEA The Shadow has denied his organization is supported or funded by the Syrian or Iranian governments.
Clarke doubted the group, with the capabilities they’ve shown, could significantly damage the U.S. financial system or pose much of a threat to U.S. military operations in the region or critical infrastructure back home.
The majority of experts seem to agree that any retaliation from the SEA would likely be more of a nuisance than a sophisticated attack that could do significant damage to a target.
But as I’ve written previously, it doesn’t necessarily take a sophisticated hacking to cause damage. Sometimes disinformation can be nearly as damaging when disseminated in a strategic fashion (though the US has been lucky in avoiding this for the most part thus far, minus a close call). Whether or not the SEA has that level of vision is a different story and is unknown, but it would certainly behoove media outlets and other institutions to include such precautions in their standard security planning nonetheless.