Two men have been indicted for their alleged involvement in hacking campaigns that targeted critics of Bashar al-Assad’s regime in Syria.
The men – Ahmad Umar Agha (also known by his online handle of “The Pro”) and Firas Dardar (“The Shadow”) – have been named in charges by a Virginia federal grand jury on counts of conspiracy and aggravated identity theft.
Agha and Dardar are both Syrian nationals, and their alleged attacks were perpetrated under the banner of the notorious “Syrian Electronic Army”.
In one of the most notorious hacks conducted by the Syrian Electronic Army, the group broke into the Associated Press’s Twitter account in 2013 and posted a message claiming that there had been an explosion in the White House, and President Barack Obama had been injured.
That bogus news alert caused the stock market to temporarily plummet, wiping $136 billion off the Dow Jones.
Although many of the Syrian Electronic Army’s social media hacks appeared to be designed more to be attention-seeking pranks than more dangerous data breaches, that’s not to say that all of their activities were entirely benign.
For instance, the Syrian Electronic Army did not shirk from hacking into the computer systems of international companies to steal information, and – in some cases – extort large sums of money.
In a typical Syrian Electronic Army attack a user at an organisation would be targeted with a carefully-crafted phishing email, with the intention of stealing login credentials.
If the theft of a user’s credentials was successful, the hackers would then use the username and password to login to an organisation, whereupon they could compromise social media accounts, deface websites, meddle with DNS records, or launch further phishing attacks.
Ahmad Umar Agha and Firas Dardar are no stranger to being persons of interest to the FBI having previously been charged in 2014 and put on the FBI’s Cyber Most Wanted list in 2016 when a $100,000 bounty was offered for information which resulted in their arrest.
But don’t imagine that the two suspected hackers will be defending themselves in a US court anytime soon. Both are thought not to be in custody, and residing in Syria.
For now, at least, they seem to be beyond the reach of the US authorities.
If you are responsible for security at your company, ensure that staff who have remote access to email or your website’s CMS are using two-factor authentication to reduce the chances of them being a victim of the type of attack typically perpetrated by the Syrian Electronic Army.