How Syrian Electronic Army Hacked Email Accounts of Assad’s Opponents

Uploaded on 2015-04-21 in INTELLIGENCE--International, GOVERNMENT-National, FREE TO VIEW, TECHNOLOGY--Hackers

Syrian-Electronic-Army-Declares-War-on-Twitter-After-Hackers-Accounts-Are-Suspended-372637-2.jpg

On November 19, 2013, Dan Layman received a disconcerting email from a fake address admin@fbi-useless.gov.

The culprit is the Syrian Electronic Army (SEA), the popular group of hackers aligned with Syrian President Bashar al-Assad, which in the past has hacked high-profile targets including Microsoft, eBay and PayPal.
The SEA claims to have also hacked into the email accounts of Louay Sakka, founder of the SSG; Mazen Asbahi, the former president of the SSG; and Oubai Shahbandar, a former Pentagon analyst and an advisor to the Syrian Opposition Coalition.
The motive is the cyber espionage, the members of SEA launched the campaign at the end of 2013 but there was no news about the operation until now. SEA conducted targeted spear phishing attacks against a number of high-profile people in the Syrian opposition, including Salim Idris, the chief of staff of the Supreme Military Council (SMC) of the Free Syrian Army.
The SEA confirmed have hacked seven high-profile people and offered to Motherboard the proof of the attack, but security experts speculate that many other individuals fell victim of the operation.
The SEA has stolen from the victims any information related activities against the government of Syrian President Bashar al-Assad.
According to the revelation of a SEA member, the Layman email account was simply hacked through brute force attack that revealed the use of “easy and weak” passwords made by the political exponent. The SEA tried to compromise the Layman’s network of contacts by controlling the Layman’s email account. Among the targets are members of the Free Syrian Army and of the Syrian Support Group.
Motherboard examined a collection of screenshots provided by SEA as evidence of the attack that report data stolen from the dissidents’ email accounts, including the Idris’s passport and the names of SSG collaborators in Syria.
The SEA member Th3 Pr0 told Motherboard that the group is aware about the plan to subvert the regime, despite no data appears to be related to military secrets.
But SEA confirmed to have access to the victim’s accounts for a long time. The news of hacking operation against dissidents in Syria is not a novelty. In February, security firm FireEye revealed that hackers tapped into Syrian opposition’s computers and have stolen gigabytes of secret communications and battlefield plans.
The hackers infected the machines of Syrian opposition with malware during flirtatious Skype chats. The hackers targeted several exponents of the Syrian Opposition located in Syria, including armed opposition members, humanitarian aid workers, and media activists.
Security Affairs: http://bit.ly/1cyy5Sz

« Russia's Cyber Attacks Grow More Brazen
INTERPOL Targets Cybercrime in Asia »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Hodgson Russ

Hodgson Russ

Hodgson Russ is a US business law firm. Practice areas include Privacy, Data Breach & Cybersecurity.

Baffle

Baffle

Baffle is pioneering a solution that makes data breaches irrelevant by keeping data encrypted from production through processing.

Privitar

Privitar

Privitar is leading the development and adoption of privacy engineering technology enabling our customers to innovate and leverage data with an uncompromising approach to data privacy.

Advanced Systems International SAC

Advanced Systems International SAC

Advanced Systems international is a global company dedicated to data security software design, development, support, and licensing.

LSoft Technologies

LSoft Technologies

LSoft Technologies is a leader in data recovery software technologies.

Prompt

Prompt

Prompt supports the creation of partnerships and the setting up of industrial-institutional applied R&D projects for all ICT sectors.

AngelList

AngelList

AngelList champion startups and the people who empower them. Search tech & startup jobs, find new tech products, and invest in startups.

Yellow Brand Protection

Yellow Brand Protection

Yellow Brand Protection operates 24/7 to protect brands' Intellectual Property (IP) from infringements on all kinds of online distribution channels.

Digital Craftsmen Ltd

Digital Craftsmen Ltd

We're ISO27001 & Cyber Essentials Cybersecurity experts, delivering full cloud security and managed services. We take a bespoke approach for each client from hosting, optimising & securing them online

Boxphish

Boxphish

Boxphish provides a proven solution to reduce Human Error and Cyber Human Risk via automated learning journeys and intelligent phishing simulations.

Paubox

Paubox

Paubox offers secure, HIPAA compliant email and marketing solutions to fit the needs of modern healthcare organizations of every size.

Avocado Consulting

Avocado Consulting

Avocado helps clients deliver with certainty on their complex IT change, with technology services that automate, monitor and optimise.

Lineaje

Lineaje

Lineaje solves critical Software Supply Chain security problems faced by every organization that builds, uses or sells software.

Focus Group

Focus Group

Focus Group are one of the UK’s leading independent providers of essential business technology. Here to take care of all your telecoms, IT and connectivity services.

360 Advanced

360 Advanced

360 Advanced is a relationship-focused cybersecurity and compliance firm offering integrated compliance solutions customized to meet your business’ needs.

RESTIV Technology

RESTIV Technology

RESTIV Compliance Copilot is your partner in continuous compliance. Real-time monitoring, continuous testing, and transparent evidence—no surprises, just peace of mind.