Three Syrian nationals have been charged by U.S. authorities with being members of a notorious hacking group that launched high-profile attacks on U.S. government and media targets, including one in 2013 that briefly sent stock markets tumbling.
The three men are allegedly part of the Syrian Electronic Army, which the FBI described in affidavits as a consortium of “computer hackers responsible for computer intrusions intended to punish perceived detractors” of the Syrian government and its embattled president, Bashar Assad.
In court papers unsealed Tuesday morning in federal court, FBI agents said two of the men — whom they identified as Ahmad Umar Agha, 22, known online as “The Pro,” and Firas Dardar, 27, known as “The Shadow” — were accused of hacking computer systems belonging to several companies and institutions, including Harvard University, CNN, the Associated Press, Reuters, NPR and Human Rights Watch during a two-year span beginning in 2011.
The hackers, both believed to be at large in Syria, deployed a common tactic known as “spear phishing,” which involves emails containing malware, to gain access to attack the organizations’ websites. In September 2011, for example, they penetrated Harvard’s security and altered the university’s homepage to say, “Syrian Electronic Army Were Here.”
A month later, the two men created a false post on the Washington Post’s website, and a year later, they took over Reuters’ Twitter account to publish false information about the conflict in Syria, the FBI said.
In its most well-known attack, the hackers took over AP’s Twitter feed and published an alert saying the White House had been bombed. The tweet caused the U.S. stock market to briefly drop by 150 points.
Dardar and Peter Romar, 36, who U.S. officials said resided in Germany, were accused of hacking U.S. companies for personal profit. As part of their scheme, U.S. officials said, the pair penetrated the computer systems of online businesses and then threatened to destroy data or sell stolen information unless they were paid thousands of dollars.
“While some of the activity sought to harm the economic and national security of the United States in the name of Syria, these detailed allegations reveal that the members also used extortion to try to line their own pockets at the expense of law-abiding people all over the world.”
Carlin added that the case demonstrated “that the line between ordinary criminal hackers and potential national security threats is increasingly blurry.”
Because of the conflict in Syria, U.S. authorities said, it will be difficult to capture Agha and Dardar. Peter Carr, a spokesman for the Justice Department, said U.S. authorities would “seek to bring Romar to justice here in the United States.” He declined to elaborate further.
The FBI separately announced Tuesday that it has added Agha and Dardar to its list of Cyber Most Wanted fugitives and is offering a reward of $100,000 for information leading to their capture.