Pro-Assad Syrian hackers launching cyber-attacks on western media

Syrian Electronic Army claims responsibility for attack on Guardian and other organisations

The Guardian has come under a cyber-attack from Syrian hackers who have targeted a series of western media organisations in an apparent effort to cause disruption and spread support for President Bashar al-Assad's regime.

The Syrian Electronic Army (SEA) claimed responsibility for the weekend Twitter attack on the Guardian, having previously targeted the BBC, France 24 TV, and National Public Radio in the United States.

Other recent victims have included the broadcaster al-Jazeera, the government of Qatar, and Sepp Blatter, the president of football's governing body Fifa, whose Twitter account was hacked.

Last week the SEA successfully attacked the Associated Press news agency, whose Twitter account was temporarily breached, allowing the group to send bogus messages which wreaked havoc on stock exchanges. The hackers tweeted that President Obama had been injured in a bomb attack at the White House, causing a temporary 143-point drop on the Dow Jones industrial average.

Cybersecurity experts say the SEA attacks are designed to disrupt and embarrass, and the group will likely target any site that might give it an opportunity to spread propaganda for Assad.

Analysts and western intelligence agencies are increasingly sure the SEA, which emerged two years ago, is essentially a proxy for an administration that has been widely condemned over its brutal efforts to quell an internal uprising.

Though many of the SEA's victims appear to have been chosen randomly, the group appears to have prioritised western media organisations in recent weeks.

"The aim of the SEA is to generate publicity," said one analyst. Last month the SEA hacked into the Twitter accounts associated with BBC weather, BBC Arabic Online and BBC Radio Ulster accounts.

Nine bogus tweets were broadcast in an hour, including some with anti-Israeli sentiments, and others saying "Long Live Syria", and the "Syrian Electronic Army Was Here".

Guardian journalists have reported from inside Syria over the last two years, highlighting the terrible toll the civil war has had on the country's people, and atrocities blamed on the regime as it attempts to quell a rebellion. It also published a number of leaked emails from the Assads and their inner circle.

Hours after the cyber-attack began, the SEA said it has targeted the Guardian for spreading "lies and slander about Syria" and said it was in a "state of war with the security team of Twitter".

The Guardian first recognised it was being targeted over the weekend when spoof emails were sent to staff encouraging them to click on links that could compromise some of the company's email and social media accounts. Later, several of the Guardian's Twitter feeds – including GuardianBooks, GuardianTravel and guardianfilm – were broken into.

The technique is regarded as a classic, if crude, "phishing" attack – where individuals are tricked into giving away details that might allow hackers to gain access to sensitive information or allow them to control systems such as Twitter feeds.

The attack was quickly identified and is in the process of being dealt with. The Guardian has since discovered the attack originated from Internet Protocol (IP) addresses within Syria.

Syrian opposition activists say Assad's cousin Rami Makhlouf bankrolls the SEA, which recently moved from Syria to a secret office in Dubai.

Makhlouf pays the pro-regime hackers for their activities, and they typically earn $500-$1,000 for a successful attack. They also get free accommodation and food. Sometimes Syrian government officials tell the SEA which western sites to hack; on other occasions the SEA selects its own targets.

A Guardian News & Media spokesperson said on Monday: "We are aware that a number of Guardian Twitter accounts have been compromised and we are working actively to resolve this."


Nick Hopkins and Luke Harding

The GuardianTramp

Related Content

Article image
Syrian Electronic Army: Assad's cyber warriors

Phishing attack is latest by pro-Assad hackers operating out of Dubai, who target sites with views opposed to their own

Luke Harding and Charles Arthur

30, Apr, 2013 @11:12 AM

Article image
Syrian activists killed in Paul Conroy rescue mission
Up to 13 activists died smuggling the Sunday Times photographer out of the country, it has emerged

Peter Beaumont

28, Feb, 2012 @10:00 PM

Article image
Early steps to trace and block the trolls who spread fake news | Open door | Paul Chadwick
Open door: For those journalists who seek truth and take seriously their role to facilitate democracy, it is imperative to expose deception and masquerading voices

Paul Chadwick

26, Nov, 2017 @4:25 PM

Article image
Guardian website wins five prizes at online media awards

Site wins website of the year, best national news site and best use of social media, with Paul Lewis also honoured

22, Jun, 2012 @12:28 AM

Article image
Guardian told it was target of Saudi hacking unit after Khashoggi killing
Cybersecurity team ordered to access journalists’ email accounts, document suggests

Guardian staff reporter

19, Jun, 2019 @1:45 PM

Open door: The authentication of anonymous bloggers

Chris Elliott: The readers' editor on... the facts and faces behind anonymous blogs

Chris Elliott

12, Jun, 2011 @11:02 PM

Article image
Rupert Murdoch says Chinese hackers are still targeting Wall Street Journal
Media mogul tweets: 'Chinese still hacking us' as Communist newspaper accuses US of fanning fear of China

Tania Branigan in Beijing

06, Feb, 2013 @10:31 AM

Article image
How do we know the Assad emails are genuine?

It is impossible to rule out the possibility of fakes in the email cache, but several pieces of evidence suggest they are authentic

Robert Booth, Luke Harding, Angelique Chrisafis and Matthew Taylor

14, Mar, 2012 @6:07 PM

Article image
Anonymous hackers jailed for cyber attacks
Two men jailed for carrying out cyber attacks, including one online assault that cost payments giant PayPal at least £3.5m. By Josh Halliday

Josh Halliday

24, Jan, 2013 @5:22 PM

Article image
Hackers have breached top secret MoD systems, cyber-security chief admits
Major General Jonathan Shaw says 'it was a surprise to people quite how vulnerable we are'

Nick Hopkins

03, May, 2012 @3:29 PM