New Report on the Syrian Electronic Army

The OpenNet Initiative is pleased to share a report authored by the Information Warfare Monitor, a sister organization of ONI, on the recent activities of the Syrian Electronic Army (SEA), a group of pro-government computer hackers that openly attack Syrian political opposition and Western websites. Syria is the first Arab country to develop a public Internet army, as discussed in previous research.

On June 20, 2011, the president of Syria, Bashar al-Assad, stated his appreciation for the SEA’s efforts and described it as a real army in virtual reality in a televised speech to the nation. The SEA stated on its website that it was honored by the mention in the Presidential speech but reiterated that it is not affiliated with any government entity. Although we have no concrete evidence linking the SEA to the Syrian regime, the President’s statement, and the fact that the group is able to operate with impunity over Syrian networks, shows at least tacit support for their activities.

The SEA continues to claim responsibility for defacing or otherwise compromising scores of websites that it contends spread news hostile to the Syrian regime. After a 4-day countdown meant to build anticipation, the SEA announced the defacement of over 130 websites and has continued to release the URLs of more defaced pages every few days. Although we verified that most of the websites were indeed defaced, the vast majority of the affected pages were online businesses and blogs with no apparent political content.

The SEA has intensified its efforts to target Israeli websites based on claims that some of these sites contain content that is antagonistic to Syria and Palestine, and also supposedly as revenge on Facebook for continually disabling the SEA’s pages. The SEA did not provide details explaining why they perceive Facebook to be related to Israel. Although one of the targeted sites was associated with an Israeli member of Knesset, the majority had no political content. Many of these defaced sites share IP addresses, indicating that far fewer compromises actually occurred than what appears upon first glance.

A full version of the report is available here: Syrian Electronic Army: Disruptive Attacks and Hyped Targets