Four members of what is known as the Syrian Electronic Army (SEA) are facing U.S. federal charges related to computer hacking and terror hoaxes. The indictments of the four Syrians were unsealed on Tuesday in Virginia.
Assistant Attorney General for National Security John Carlin joined with U.S. Attorney Dana Boente, Assistant FBI Director James Trainor with the Cyber Division, and FBI Assistant Director in Charge Paul Abbate in announcing the criminal complaints, a statement from the Department of Justice revealed.
Ahmad Umar Agha, 22, known online as “The Pro,” and Firas Dardar, 27, known online as “The Shadow,” are being charged with criminal conspiracy relating to:
- engaging in a hoax regarding a terrorist attack; attempting to cause mutiny of the U.S. armed forces
- illicit possession of authentication features
- access device fraud; unauthorized access to, and damage of, computers
- unlawful access to stored communications
Additionally, Dardar and Peter Romar, 36, also known as Pierre Romar, have been separately charged with multiple conspiracies including:
- unauthorized access to, and damage of, computers and related extortionate activities
- receiving the proceeds of extortion
- money laundering; wire fraud
- violations of the Syrian Sanctions Regulations
- unlawful interstate communications
The affidavit supporting the criminal complaint is attached below. The allegations state that beginning in about 2011, Agha and Dardar began an on-going conspiracy under the name of the “Syrian Electronic Army.” This was developed to support the Syrian Government and President Bashar al-Assad. The objective of the conspiracy was speak-phishing and compromising computers systems belonging to the U.S. government and other international organizations. It also included plans to attack media organizations and private sector groups that the SEA determined to be hostile towards the Syrian government, the affidavit revealed.
The two men would allegedly use the tactic to gain usernames and passwords to websites. They would then deface the websites. One of the targets of the attack is reported to be the Executive Office of the President (EOP). The attacks on the EOP website were detected but were not successful, according to the statement released by the DOJ.
Attacks were made against the Twitter accounts of prominent members of the media. In one of those attacks, a tweet was sent out claiming a bomb had exploded in the White House and the President had been injured. In another successful attack, the alleged cyber-terrorists took over a U.S. Marine Corps recruiting website and defaced the site with messages encouraging Marines to “refuse [their] orders.”
Arrest warrants have been issued for the four men and the FBI is offering a $100,000 reward for information leading to their arrest.
In another allegation, Dardar and Romar attacked the sites of online businesses and extorted the business owners threatening damage to computers, deletion of data and or they would steal the data and sell it unless the owner provided a payment to stop them.
“The Syrian Electronic Army publicly claims that its hacking activities are conducted in support of the embattled regime of Syrian President Bashar al-Assad,” said Assistant Attorney General Carlin in his statement. “While some of the activity sought to harm the economic and national security of the United States in the name of Syria, these detailed allegations reveal that the members also used extortion to try to line their own pockets at the expense of law-abiding people all over the world. The allegations in the complaint demonstrate that the line between ordinary criminal hackers and potential national security threats is increasingly blurry.”
“These three members of the Syrian Electronic Army targeted and compromised computer systems in order to provide support to the Assad regime as well as for their own personal monetary gain through extortion,” Assistant Director in Charge Abbate said in his statement. “As a result of a thorough cyber investigation, FBI agents and analysts identified the perpetrators and now continue to work with our domestic and international partners to ensure these individuals face justice in the United States. I want to thank the dedicated FBI personnel, federal prosecutors, and our law enforcement partners for their tremendous efforts to ensure on-line criminal activity is countered, U.S. cyber infrastructure is safeguarded, and violators are held accountable under the law.”
In May 2015, Breitbart National Security reporter John Hayward reported on another successful attack by the SEA. This one on the Washington Post. Hayward reported that visitor to the Washington Post’s website were greeted with popup messages containing anti-U.S. and anti-Saudi propaganda messages including: “US govt is training the terrorists to kill more Syrians,” and, “Saudi Arabia and its allies are killing hundreds of Yemens people everyday!”
Also attacked by the SEA were five web hosting services that the SEA claimed were supporting terrorist websites. Forbes, the Chicago Tribune, the Boston Globe, the UK Telegraph, Italy’s La Repubblica, and CNBC were also attacked, in 2014.
“Cybercriminals cause significant damage and disruption around the world, often under the veil of anonymity,” Assistant Director Trainor concluded. “As this case shows, we will continue to work closely with our partners to identify these individuals and bring them to justice, regardless of where they are.”
Arrest warrants have been issued for the arrest of the four alleged conspirators.