The Syrian Electronic Army was careless with Gmail, Facebook

Investigators easily connected alleged SEA members with their real identities

If you're a hacker, it's a good idea to stay away from Facebook and Gmail to communicate with your colleagues.

Three men, who allegedly were part of a multi-year hacking campaign executed by the Syrian Electronic Army (SEA), left a long digital trail that didn't make them hard to identify, according to court documents.

The U.S. Department of Justice unsealed charges on Tuesday against the men, who are accused of hacking companies and defacing websites.

The SEA, which emerged around July 2011, claimed credit for prominent hacks that sought to support Syrian President Bashar al-Assad. The group targeted the White House, Harvard University, Reuters, the Associated Press, NASA and Microsoft, among others.

Those charged are Ahmad Umar Agha, 22, of Damascus, Syria; Firas Dardar, 27, of Homs, Syria, and Peter Romar, 36, of Walterhausen, Germany. They were charged in the U.S. District Court for the Eastern District of Virginia with multiple conspiracies related to computer hacking, prosecutors said in a news release.

Agha and Dardar are believed to be in Syria, which may make it difficult for them to face trial in the U.S. The FBI has added them to its Cyber's Most Wanted list, offering a US$100,000 reward for information that leads to an arrest.

The Washington Post, citing U.S. officials, reported on Tuesday that Romar was arrested in Germany, and the government will seek his extradition.

The group was accused of breaching organizations primarily through targeted emails that sought to trick recipients into divulging account credentials, a scheme known as phishing.

Their attacks were frequently successful. In 2011 and 2012, the SEA posted fraudulent content on the websites of Reuters and the Washington Post.

The SEA also briefly took over the Associated Press' Twitter account in April 2013, posting a bogus tweet that the White House had been bombed and that U.S. President Barack Obama was injured.

Much of their other activity was centered on punishing media outlets for their coverage of the Syrian conflict. The SEA defaced Web pages and at times directed major websites to ones they controlled.

Such high-profile targets brought the group under intense scrutiny, though, and the criminal complaints made public on Tuesday show they took few precautions to mask their identities.

Agha, whom investigators allege is "The Pro," registered a Gmail account in November 2010 with a phone number.

"This email account was used to receive stolen credentials from victims, to register domains used by the conspiracy and to communicate with co-conspirators," the criminal complaint reads.

The Gmail account also contained an email with Agha's real identification documents along with wedding photos.

Dardar, who is believed to have used the nickname "The Shadow," exchanged 218 emails with Agha, also through a Gmail account he registered, prosecutors said.

Peter Romar allegedly maintained a Gmail account under the name "Pierre Romar" and a Facebook account under the same alias. Investigators found a copy of his German passport in his Gmail, job applications and messages to Dardar sent through Facebook, the complaint says.

Law enforcement can get access to online accounts of suspects by obtaining warrants from a court.

Private computer security companies had also been unraveling the digital trail around the same time as law enforcement.

IntelCrawler, a firm now owned by InfoArmor, published an extensive 94-page report on the SEA, which contained detailed technical documentation of The Pro and The Shadow.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Father’s Day Gift Guide

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?