Menu
The Syrian Electronic Army was careless with Gmail, Facebook

The Syrian Electronic Army was careless with Gmail, Facebook

Investigators easily connected alleged SEA members with their real identities

If you're a hacker, it's a good idea to stay away from Facebook and Gmail to communicate with your colleagues.

Three men, who allegedly were part of a multi-year hacking campaign executed by the Syrian Electronic Army (SEA), left a long digital trail that didn't make them hard to identify, according to court documents.

The U.S. Department of Justice unsealed charges on Tuesday against the men, who are accused of hacking companies and defacing websites.

The SEA, which emerged around July 2011, claimed credit for prominent hacks that sought to support Syrian President Bashar al-Assad. The group targeted the White House, Harvard University, Reuters, the Associated Press, NASA and Microsoft, among others.

Those charged are Ahmad Umar Agha, 22, of Damascus, Syria; Firas Dardar, 27, of Homs, Syria, and Peter Romar, 36, of Walterhausen, Germany. They were charged in the U.S. District Court for the Eastern District of Virginia with multiple conspiracies related to computer hacking, prosecutors said in a news release.

Agha and Dardar are believed to be in Syria, which may make it difficult for them to face trial in the U.S. The FBI has added them to its Cyber's Most Wanted list, offering a US$100,000 reward for information that leads to an arrest.

The Washington Post, citing U.S. officials, reported on Tuesday that Romar was arrested in Germany, and the government will seek his extradition.

The group was accused of breaching organizations primarily through targeted emails that sought to trick recipients into divulging account credentials, a scheme known as phishing.

Their attacks were frequently successful. In 2011 and 2012, the SEA posted fraudulent content on the websites of Reuters and the Washington Post.

The SEA also briefly took over the Associated Press' Twitter account in April 2013, posting a bogus tweet that the White House had been bombed and that U.S. President Barack Obama was injured.

Much of their other activity was centered on punishing media outlets for their coverage of the Syrian conflict. The SEA defaced Web pages and at times directed major websites to ones they controlled.

Such high-profile targets brought the group under intense scrutiny, though, and the criminal complaints made public on Tuesday show they took few precautions to mask their identities.

Agha, whom investigators allege is "The Pro," registered a Gmail account in November 2010 with a phone number.

"This email account was used to receive stolen credentials from victims, to register domains used by the conspiracy and to communicate with co-conspirators," the criminal complaint reads.

The Gmail account also contained an email with Agha's real identification documents along with wedding photos.

Dardar, who is believed to have used the nickname "The Shadow," exchanged 218 emails with Agha, also through a Gmail account he registered, prosecutors said.

Peter Romar allegedly maintained a Gmail account under the name "Pierre Romar" and a Facebook account under the same alias. Investigators found a copy of his German passport in his Gmail, job applications and messages to Dardar sent through Facebook, the complaint says.

Law enforcement can get access to online accounts of suspects by obtaining warrants from a court.

Private computer security companies had also been unraveling the digital trail around the same time as law enforcement.

IntelCrawler, a firm now owned by InfoArmor, published an extensive 94-page report on the SEA, which contained detailed technical documentation of The Pro and The Shadow.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments