Syrian Electronic Army: Disruptive Attacks and Hyped Targets

The Information Warfare Monitor just released a new blog report, “Syrian Electronic Army: Disruptive Attacks and Hyped Targets.” The report analyzes the ongoing computer network exploitation activities of the Syrian Electronic Army (SEA).

The report is a follow on to a prior report released last month: The Emergence of Open and Organized Pro-Government Cyber Attacks in the Middle East: The Case of the Syrian Electronic Army ( In that prior report, the Information Warfare Monitor’s Helmi Noman started documenting the activities of the Syrian Electronic Army (SEA), which appears to be a case of an open and organized pro-government computer attack group that is actively targeting political opposition and Western websites. That report documented how Syria has become the first Arab country to have a public Internet Army hosted on its national networks to openly launch cyber attacks on its enemies.

In our new report, the Information Warfare Monitor continues to examine the Army’s activities, their online targets, and the impact of their attacks.

Some key findings:

* After a 4-day countdown meant to build anticipation, the SEA announced the defacement of over 130 websites and has continued to release the URLs of more defaced pages every few days. Although we verified that most of the websites were indeed defaced, the vast majority of the affected pages were online businesses and blogs with no apparent political content.

* Many of these defaced sites share IP addresses, indicating that far fewer compromises actually occurred than what appears to be the case upon first glance.

* The group and its affiliates continue to disseminate denial of service (DoS) software that targets websites of media organizations, including the websites of Al Jazeera, BBC News, Syrian broadcaster Orient TV, and Dubai-based al-Arabia TV. A group calling itself the “Syrian Hackers School” has a Facebook page that promotes the DoS tool, recruits members, and provides links to resources for learning how to compromise vulnerable websites. We have acquired and analyzed the software.

* On June 20, 2011, the president of Syria, Bashar al-Assad, stated his appreciation for the SEA’s efforts and described it as “a real army in virtual reality” in a televised speech to the nation. Although we have no concrete evidence linking the SEA to the Syrian regime, the President’s statement, and the fact that the group is able to operate with impunity over Syrian networks, shows at least tacit support for their activities.

The SEA’s actions, undertaken with the endorsement and tacit support of the Syrian regime, raise questions about the legal responsibility and international consequences of activities that manipulate and disrupt online businesses and personal websites in foreign jurisdictions.

The full report can be found here: