Syrian, Egyptian Electronic Armies take Aim at ISISDecember 4, 2014 in Egypt, ISIS, Syria
The Syrian Electronic Army has returned, and a copycat army of hackers has sprung up in Egypt.
The Syrian Electronic Army (SEA) is a group of hacktivists that support the Syrian government and its president, Bashar al Assad. On 27 November, the group targeted Gigya, a company which manages online comment platforms and Identity and Access Management for nearly 700 clients. The SEA breached Gigya’s account and redirected visitors to an SEA website.
The hack impacted 21 major websites including media outlets Aljazeera, the Chicago Tribune, CNBC, CNN Money, the Evening Standard, the Los Angeles Times, Microsoft, National Geographic, NBC, the New York Daily News, the Guardian, and the Independent. The breach also impacted tech companies including Dell, DirecTV, Logitech, Microsoft, and Verizon Wireless. For three and a half hours, visitors to the hacked sites received a message stating, “You’ve been hacked by the Syrian Electronic Army (SEA),” and were then redirected to an image of the SEA’s logo and a Syrian flag.
In response to the attack, Gigya CEO Patrick Salyer said, “To be absolutely clear: neither Gigya’s platform itself, nor any user, administrator nor operational data has been compromised and was never at risk of being compromised.”
On the SEA’s website, the pro-Assad hacktivists said the attack was launched in response to reports that Syrian airstrikes in Raqqa hit civilians, “while the truth the strikes hit the ISIS terrorists.” Raqqa, a city in northern Syria, is the headquarters for terrorist group Islamic State in Iraq and the Sham. On Twitter, the group messaged, “Happy thanks giving, hope you didn’t miss us. The press: Please don’t pretend #ISIS are civilians.”
In a second Tweet, the SEA provided users with information on how to prevent hacking: “We’re the good guys so this was harmless but just in case the bad guys copy us, use NoScript with Firefox: noscript.net.”
Since their emergence on the hactivist scene in 2011, the SEA has caused disruption to numerous websites, but they are best known for hacking Twitter account of the Associated Press’ in April 2013. The group posted a tweet claiming that Barack Obama had been injured, causing Dow Jones Industrial Average to immediately plunge 143 points in response.
Meanwhile in Egypt, a copycat group has risen and is targeting ISIS and its online propaganda. In late November, less than 24 hours after ISIS social media accounts posted a threatening message from the group’s leader, Abu Bakr al Baghdadi, the Egyptian Electronic Army (EEA) replaced the audio recording with a song, and replaced the ISIS transcript with a logo resembling that of the Egyptian military, accompanied by a writing in Arabic that read “Egyptian Cyber Army.”
The modus-operandi was nearly identical to the methods used by the Syrian Electronic Army, which has inspired the group. However the hacktivists do not have any connection to one another. According to a spokesman for the group, a man claiming to be a 37-year-old former Cairo police officer who goes by the name “Khaled Abubakr”, the EEA group’s members are all Egyptian. Many come from a military or police background, and all support the Egyptian government led by President Abdel Fattah el-Sisi. It is unclear whether the group is state sanctioned.
The EEA seeks to defend al-Sisi’s governments against opponent such as the Muslim Brotherhood or ISIS. The broad anti-ISIS perspective in the nation has brought a mass of hacktivists to the group who want to counter the terrorist group’s influence on the Internet. The spokesman said that Baghdadi “was delivering a message to all extremists all over the Middle East and my country that you have to use your weapons in the faces of the government and our people, so we took it down and replaced it with a very popular song. All the people instead of hearing this pig heard our song and laughed.”
The group has also claimed to have infiltrated top ISIS web forums, and American pro-democracy websites including the Open Society Foundation and the U.S.-Middle East Partnership Initiative, however there is no solid evidence of these activities. A security researcher says that some of the EAA’s supporters appear to have highly capable technical background.
The EAA has refused to disclose how the attack was conducted. A spokesman for the Internet Archive said that no outside account “made any modifications” to the files other than the original uploader. But that doesn’t rule out the possibility that the account was taken over by the hackers. The group claims they will continue to conduct hacktivist activities. The EAA spokesman said, “We have our people spying on al-Furqan, [the media arm of ISIS] which is the media of the terrorists and this will not be the last thing we are going to do. They must expect us any time.”