US charges 3 it ties to Syrian Electronic Army for hacking (Update)

March 22, 2016 by Tami Abdollah
US charges 3 it ties to Syrian Electronic Army for hacking (Update)
This two-picture combo of wanted posters provided by the FBI shows Ahmed al-Agha, left, and Firas Dardar. The Justice Department has indicted current or former members of the Syrian Electronic Army for computer hacking-related conspiracies. Prosecutors allege that 22-year-old Agha and 27-year-old Dardar used spear-phishing to steal usernames and passwords to compromise government, media, and private-sector computer systems. FBI via AP)

Three current or former members of the so-called Syrian Electronic Army have been charged with computer hacking-related conspiracies that targeted the U.S. government, media and private-sector companies, the Justice Department announced Tuesday.

The criminal charges against three Syrians were unsealed in U.S. Eastern District Court of Virginia. None are in custody.

Prosecutors allege that Ahmad Umar Agha, 22, and Firas Dardar, 27, tricked email users into revealing their usernames and passwords to compromise domestic and international computer systems from 2011 through 2014. They used a common technique known as spear-phishing, in which they forged convincing-looking emails baiting the recipient to click on an included link and reveal their passwords.

The government said Agha, known online as "Th3 Pr0," and Dardar, known as "The Shadow," are members of the special operations division of the Syrian Electronic Army, a group of hackers responsible for computer intrusions intended to punish perceived detractors of Syrian President Bashar al-Assad and publish pro-Assad propaganda.

A $100,000 reward is being offered for information leading to their arrests and they're believed to be in Syria.

In April 2013, they allegedly sent a tweet from the Associated Press account on Twitter falsely claiming a bomb had exploded at the White House and injured the president. The message caused the stock market to dip significantly before the tweet was quickly determined to be a hoax.

They allegedly altered Harvard University's website home page, substituting an image of Syrian President Bashar al-Assad, with a message saying "Syrian Electronic Army were Here."

They are accused of creating a false online post on the Washington Post; unsuccessfully targeting members of the Executive Office of the President; defacing a blog and Twitter account belonging to Microsoft; sending false news tweets from Reuters' Twitter account and posting a false report on a journalist's blog; and posting messages on Human Rights Watch criticizing its own reports on Syria as "false."

Other media the two allegedly compromised in spear-phishing efforts include National Public Radio, CNN, The Onion, E! Online, the Daily Dot, New York Post, Time magazine and Vice. They also allegedly managed to take down the New York Times website after compromising its technology vendor.

They also allegedly redirected the U.S. Marine Corps recruiting website to an online page controlled by them encouraging marines to "refuse your orders" and inviting them to fight alongside the Syrian Army and attempted to access NASA's network.

Pierre Romar, 36, was also charged separately for his role in an extortion hacking scheme from 2013 through 2014. He was believed to be in Germany.

Romar allegedly was inspired by the hacking activities perpetrated by Agha and Dardar and wanted to join the Syrian Electronic Army, reaching out to Agha for help with a cyberattack he was planning against targets in Sauidi Arabia, Turkey and Qatar. According to the complaint, Agha connected him with Dardar on Facebook and the two worked together on an extortion scheme targeting U.S. and international computers and send victims threats to pay up after gaining access to their system through a spear-phishing attack.

Romar's location, in Germany, helped facilitate transferring the money to Syrian Electronic Army members in Syria because of U.S. sanctions.

John Carlin, the Justice Department's top national security attorney, said the allegations show the "increasingly blurry" line between criminal hackers and "potential national security threats."

Dardar allegedly demanded more than a total of $500,000 from 14 victims but ultimately accepted smaller amounts in many circumstances. Victims included an online gaming company, an online entertainment service, a Swiss web hosting provider, a United Kingdom-based web hosting company, a Europe-based web hosting company, a California-based web hosting company. In the last case, the company and some of its clients' Internet traffic was redirected to a site that said they had been hacked, alleged to have downloaded all their data and threatened to sell the databases for $100 to other hackers if it failed to comply.

The California-based company, which was not identified, ultimately paid about $1,500 to "Peter Romar in Germany" through Western Union after their bank denied the transfer to Syria—despite an initial demand of 105,000 euros.

Explore further: US Army website hacked: officials

Related Stories

US Army website hacked: officials

June 8, 2015

The US Army's official website was hacked Monday with messages denouncing Washington's training of rebel fighters inside Syria, but no data was stolen, officials said.

Feds: 3 charged in spamming scheme that targeted 60M people

December 15, 2015

Three men were charged Tuesday in a computer hacking and spamming scheme that federal prosecutors in New Jersey said compromised the personal information of 60 million people and netted more than $2 million in profits.

Malaysia arrests hacker linked to Islamic State group

October 16, 2015

A Kosovo citizen has been arrested in Kuala Lumpur for computer hacking and allegedly providing information about U.S. service members to the Islamic State group, Malaysian and U.S. authorities said.

US seeks extradition of British man charged with hacking

July 16, 2015

A British man accused of hacking into U.S. government computer networks and stealing sensitive and confidential information was arrested in England, and U.S. prosecutors said they will attempt to have him transferred to New ...

Recommended for you

Signs of distracted driving—pounding heart, sweaty nose

August 15, 2017

Distracted driving—texting or absent-mindedness—claims thousands of lives a year. Researchers from the University of Houston and the Texas A&M Transportation Institute have produced an extensive dataset examining how ...

Researchers clarify mystery about proposed battery material

August 15, 2017

Battery researchers agree that one of the most promising possibilities for future battery technology is the lithium-air (or lithium-oxygen) battery, which could provide three times as much power for a given weight as today's ...

De-jargonizing program helps decode science speak

August 11, 2017

Science is fascinating to many, but sentences that are full of expert-level terms and description can scare away even the most passionate readers. Can scientists learn to talk about their research without using too many technical ...

AI, crowdsourcing combine to close 'analogy gap'

August 10, 2017

Researchers at Carnegie Mellon University and the Hebrew University of Jerusalem devised a method enabling computers to mine databases of patents, inventions and research papers, identifying ideas that can be repurposed to ...


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.