US investigators used Facebook, Gmail to identify high profile Syrian hackers
March 28, 2016
Shah Sheikh (1294 articles)

US investigators used Facebook, Gmail to identify high profile Syrian hackers

CYBER warfare is the new battleground for world governments, and some foes are simply more formidable than others.

A pair of hackers linked to the Syrian Electronic Army have been undone by using their personal Facebook and Gmail accounts.

The US Department of Justice has unsealed an arrest warrant for Ahmad Umar Agha and Firas Dardar after a string of rookie mistakes led authorities to learn their identities.

The Syrian Electronic Army (SEA) is a group of computer hackers which first surfaced online in 2011 to support the government of Syrian President Bashar al-Assad. The group has been responsible for a number of relatively high-profile hacks, including breaching the Twitter accounts of the Washington Post, Reuters and the Associated Press.

The latter occurred in 2013 and caused $US130 billion in shareholder value to be momentarily wiped off the S&P 500 after the AP’s twitter account reported explosions in the White House.

The dramatic loss of value was largely the result of high-speed trading algorithms that are designed to react to headlines and trade accordingly, but the hack showed the immensely disruptive capability of rogue hacking groups and put the SEA on the map.

The tweet brought the SEA to the attention of many.

The tweet brought the SEA to the attention of many.

According to the arrest warrant, Agha and Dardar were responsible for hacking the Associated Press account.

In the same year they also took control of a recruiting website for the US Marine Corps and encouraged soldiers to “refuse orders”.

The pair targeted computer systems and employees of the USA’s Executive Office of the President, carried out several extortion attacks, including on a gaming company and an online media outlet, and targeted companies and individuals with spear-phishing attacks to steal credit card and bank account information.

“While some of the activity sought to harm the economic and national security of the United States in the name of Syria, these detailed allegations reveal that the members also used extortion to try to line their own pockets at the expense of law-abiding people all over the world,” said Assistant Attorney General, John Carlin, in a statement.

Despite the high-profile targets and sophistication of the attacks, the pair were surprisingly sloppy with covering their tracks.

If done in a sophisticated manner, cyber espionage and rogue hacks are incredibly difficult to trace. But Agha and Dardar left investigators with plenty of clues. Inexplicably, the pair routinely relied on their Gmail and Facebook accounts to conduct their shady business.

According to the DOJ’s complaint, the hackers were caught communicating over Facebook where their conversations were easily accessible to investigators.

Dardar also made a number of extortion demands from his personal Gmail account providing US officers grounds to search it, where they found documents providing personal identification. He also identified himself a number of times in trying to accept payment following online extortion attempts, including one request to a Syrian account in his own name.

For Mr Carlin, the coexistence of the hackers sophistication and amateurishness demonstrates “the line between ordinary criminal hackers and potential national security threats is increasingly blurry.”

Both men are believed to be in Syria and there is now a $133,000 reward for any information leading to their arrest.

Source |