Today the FBI unsealed documents charging three hackers of the Syrian Electronic Army with everything from extortion to hacking a US Marines website. Remember when the Associated Press Twitter account got hacked in 2013 and said that the White House had been bombed, injuring the President? It sent the stock market into a nosedive. And these are the guys who allegedly did it.
Two of the hackers, Ahmad Umar Agha and Firas Dardar have been added to the FBI’s Cyber Most Wanted list. The FBI is offering a $100,000 reward for any information that leads to their arrest.
The accused hackers got into the various Twitter accounts of a surprisingly large number of news organizations from 2011 to 2013—including Reuters, the Associated Press, E! Online, Time, The Daily Dot, Vice, and even The Onion. The alleged hackers “posted false information on the accounts,” though in fairness, that’s kind of The Onion’s business model.
The hackers’ main source of credentials for the media outlets was sending what appeared to be official requests for information to employees. The employees of the different media orgs would then click on a link and enter their information, which provided the hackers access credentials.
In 2013 they also hacked Outbrain, a service that redirects web traffic to other media outlets, which was used by CNN, The Washington Post, and Time. They also hacked Marines.com and redirected it to a Syrian Electronic Army page. The hackers attempted to phish NASA employees but were successfully shut down from accessing any critical NASA information. They also successfully phished Microsoft and defaced a blog and Twitter account run by Microsoft.
In addition to the hacked Twitter accounts and homepages, the FBI alleges that the hackers took over the email accounts of various private individuals and demanded money for their return.
“The Syrian Electronic Army publicly claims that its hacking activities are conducted in support of the embattled regime of Syrian President Bashar al-Assad,” Assistant Attorney General Carlin said in a statement. “While some of the activity sought to harm the economic and national security of the United States in the name of Syria, these detailed allegations reveal that the members also used extortion to try to line their own pockets at the expense of law-abiding people all over the world. The allegations in the complaint demonstrate that the line between ordinary criminal hackers and potential national security threats is increasingly blurry.”
All three hackers, including Agha, who goes by the handle The Pro, and Dardar, who goes by the name The Shadow, are believed to be in Syria.