Who's The Syrian Group Allegedly Behind The New York Times Cyber Attack?
Syrian Electronic Army claims responsibility for attacks, denies gov't ties.
Aug. 28, 2013 — -- They say they're the ones responsible for knocking The New York Times website offline for hours beginning Tuesday and into today. They say they're the ones who kicked the Dow down nearly 150 points a few months ago with a single tweet. They say they're the ones who made E! tweet that Justin Bieber is gay.
They call themselves the Syrian Electronic Army and someone who claims to be a member of the group said they're doing all this to support the Syrian government as it fights a bloody, two-year-long civil war and to counter what they see as the lies of the Western media. Bieber prank notwithstanding.
In its most recent alleged attack, SEA was apparently able to use what's called a spear phishing attack to gain access to the Australia-based domain registrar for The New York Times website, meaning the hackers should have been capable of altering where a computer user lands when they type nytimes.com into their browser, experts said. But instead of sending users to another site, The New York Times site just went down.
On Twitter, SEA claimed it had also taken over Twitter.com and the website of The Huffington Post U.K. – both customers of the same domain registrar -- though those pages appeared to be functioning normally for a number of ABC News users. Others around the world online, however, mentioned problems with those sites as well.
"We placed twitter in darkness as a sign of respect for all the dead Syria-ns due to the lies tweeted it [sic]," said a recent tweet from an account allegedly belonging SEA. A tweet just minutes before that said that the New York Times hack was originally going to send users to an "anti-war message" but the SEA's server failed.
READ: New York Times Hacked, Syrian Electronic Army Appears to Take Credit
According to its website – which was unavailable as of this report -- SEA came together in 2011 as Syria began to descend into a civil war that would go on to claim more than 100,000 lives. A self-described leader of the group, who goes by SEA The Shadow on Twitter, has said in printed interviews that the group came together organically to combat what they saw as fabrications and false reports in the Western press.
"We want to [show] the world the truth about what is happening in Syria," the member told The Daily Beast two weeks ago, after the group claimed to have briefly taken over The Washington Post's website. "There is no revolution in Syria, but terrorist groups killing people [and] accusing the Syrian Arab Army."
READ: UN Seeks More Time for Syria Chemical Probe Before U.S. Strike
Despite suspicions from industry analysts, SEA The Shadow has said the group is not directly supported by, and receives no funding from the embattled Syrian government. The Twitter user did not immediately respond to a request for an interview over Twitter.
As The Washington Post put it Tuesday, "The Syrian Electronic Army actually makes a lot more sense if you think of them as pranksters who also happen to love Assad than as state-aligned hackers in pursuit of concrete goals." Such a description may account for the Bieber tweet, for the defacing of FIFA's Twitter feed as noted in a recent article at The Verge and for the attack on, of all things, the satirical news website The Onion.
Shawn Henry, former Executive Assistant Director for the FBI's Criminal, Cyber, Response and Services Branch, told ABC News another explanation is that other, less-committed actors may have tagged along with the group and claimed affiliation.
Either way, Henry, current President of CrowdStrike Services and CSO, said the claim that the SEA hacked into the domain registrar for the Times, essentially a lesser-known point on a supply chain that gave them access to the Times and others, shows a certain level of sophistication and pre-planning that's more advanced than the average hackivist.
He also warned the tactics could change any time – from the choice of targets to the damage done.
"So far this has been disruptive, but we've also seen groups in the not too distant past be disruptive in a way where they're destroying data," he said. "I think anytime you have access to a network and are able to make changes to it, that's something that people should be concerned about."