The Syrian Electronic Army (SEA) have finally made it into the Federal Bureau of Investigations' (FBI) most wanted list.
The announcement, made jointly by the assistant attorney general for National Security, US attorney for Eastern Virginia and the FBI, comes off the back of the charging of three members of SEA, all Syrian nationals, with multiple crimes related to computer hacking and fraud.
Ahmad “The Pro” Umar Agha, Firas “the Shadow” Dardar and Peter Romar are or were all members of the SEA. Warrants have been issued for their arrest and those three have been lifted from murky obscurity to the FBI's ‘Ten Most Wanted' list.
According to court documents, the suspects were “engaged in a multi-year criminal conspiracy under the name ‘Syrian Electronic Army' in support of the Syrian Government and President Bashar al-Assad. The conspiracy was dedicated to spear-phishing and compromising the computer systems of the U.S. government, as well as international organizations, media organizations and other private-sector entities that the SEA deemed as having been antagonistic toward the Syrian Government.”
From there, the suspects would use stolen credentials to essentially commit e-vandalism, hijacking social media accounts, defacing websites and redirecting users to SEA controlled domains.
The trio would also extort money from online businesses breaching the businesses networks before threatening them selling, deleting or damaging critical data.
Assistant Attorney General Carlin told press that though the SEA's stated mission is to support the regime of Bashar al-Assad, "these detailed allegations reveal that the members also used extortion to try to line their own pockets at the expense of law-abiding people all over the world. The allegations in the complaint demonstrate that the line between ordinary criminal hackers and potential national security threats is increasingly blurry.”
The FBI is offering $100,000 (£70,000) “for information that leads to their arrest”, although at least two of the suspects are believed to be living in Syria.
The FBI's ‘Most Wanted' list goes back to the days of director J. Edgar Hoover, who created the list hoping that the publication of such a list might allow the public to assist the Bureau capture its most pursued at-large criminals. To that end, the list is published in public places and many have been captured in large part due to the assistance of the public.
Many have graced the ranking including Osama Bin Laden and Boston gangland figure Whitey Bulger. It's that public disclosure that may well be at work here according to Ewan Lawson, a Royal United Services Institute fellow in cyber-warfare and veteran of the RAF.
Lawson told SCMagazineUK.com that “I suspect that the most likely reason for the action was to demonstrate that anonymity for hackers is not guaranteed and that the US can and will identify them.”
“At first sight, this could appear an over reaction to what has until now been relatively petty crime. Whilst the actions of the SEA have been an irritant they have not done any significant damage albeit for the regime they demonstrate that it still has friends who have the capacity to have effects outside the country.”
The Syrian Electronic Army has made its presence rudely known since 2011, fighting Bashar Al-Assad's corner of the Syrian civil war online. The group emerged merely days after the first shudder of the Syrian uprisings, posting pro-Assad messages on social media. While the obvious conclusion may be that the SEA are Assad backed, reports have shown the group to have links with regimes from all around the Middle East. According to an article in the New York Times earlier this year which anonymously quoted american intelligence sources, the group is believed to actually hail from Iran.
Lawson added that “A further concern may be the linkage between Syria and Iran with Iranian cyber capability, relatively well regarded although not at the level of Russia/China. There may be a concern that the regime might be able and willing to connect the SEA to these more capable operators thus enhancing their capability.”
Most recently, the SEA DDoSed French newspaper, Le Monde.