Industry News

Suspected Syrian Electronic Army hackers indicted for conspiracy and identity theft

Two men have been indicted for their alleged involvement in hacking campaigns that targeted critics of Bashar al-Assad’s regime in Syria.

The men – Ahmad Umar Agha (also known by his online handle of “The Pro”) and Firas Dardar (“The Shadow”) – have been named in charges by a Virginia federal grand jury on counts of conspiracy and aggravated identity theft.

Agha and Dardar are both Syrian nationals, and their alleged attacks were perpetrated under the banner of the notorious “Syrian Electronic Army”.

In one of the most notorious hacks conducted by the Syrian Electronic Army, the group broke into the Associated Press’s Twitter account in 2013 and posted a message claiming that there had been an explosion in the White House, and President Barack Obama had been injured.

That bogus news alert caused the stock market to temporarily plummet, wiping $136 billion off the Dow Jones.

Other high profile victims of the Syrian Electronic Army include Forbes, Microsoft, Facebook, CNN, The Guardian, The Telegraph, and the Washington Post, amongst many others.

Although many of the Syrian Electronic Army’s social media hacks appeared to be designed more to be attention-seeking pranks than more dangerous data breaches, that’s not to say that all of their activities were entirely benign.

For instance, the Syrian Electronic Army did not shirk from hacking into the computer systems of international companies to steal information, and – in some cases – extort large sums of money.

In a typical Syrian Electronic Army attack a user at an organisation would be targeted with a carefully-crafted phishing email, with the intention of stealing login credentials.

If the theft of a user’s credentials was successful, the hackers would then use the username and password to login to an organisation, whereupon they could compromise social media accounts, deface websites, meddle with DNS records, or launch further phishing attacks.

Ahmad Umar Agha and Firas Dardar are no stranger to being persons of interest to the FBI having previously been charged in 2014 and put on the FBI’s Cyber Most Wanted list in 2016 when a $100,000 bounty was offered for information which resulted in their arrest.

But don’t imagine that the two suspected hackers will be defending themselves in a US court anytime soon. Both are thought not to be in custody, and residing in Syria.

For now, at least, they seem to be beyond the reach of the US authorities.

If you are responsible for security at your company, ensure that staff who have remote access to email or your website’s CMS are using two-factor authentication to reduce the chances of them being a victim of the type of attack typically perpetrated by the Syrian Electronic Army.

About the author


Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.