Discover PerformanceHP Software's community for IT leaders // July 2013
The SEA: A look at the hactivists’ motives and tactics
HP Security Research’s latest threat intelligence briefing looks at the Syrian Electronic Army and how CISOs can protect themselves against the group’s tactics.
The Syrian Electronic Army (SEA) has been touted in underground circles as one of the 10 most skilled hacking teams in the world. This sophistication has been in clear evidence in 2013, as this politically motivated hacktivist organization has executed a number of successful and high-profile attacks, including the AP Twitter hack that caused dramatic turmoil in financial markets.
While media organizations are particularly at risk, there are broad implications for any organization that could support Western views. HP Security Research (HPSR) has released a threat intelligence briefing on the group, available for free download. Discover Performance offers this quick primer to help you understand the SEA’s tactics and how your organization might be targeted.
The ABCs of the SEA
The stated mission of the SEA is to unleash an onslaught of pro-government propaganda in support of the regime of Syrian President Bashar al-Assad. The SEA claims to support their cause by promoting their views over “Western media that are broadcasting fabricated and false news about what is happening in Syria.”
While the SEA claims to be independent, Assad has publicly supported the group’s efforts, stating that they are a “real army in a virtual reality.” Official financial sponsorship by the Assad regime has not been verified.
Other than the aliases of known members and the preferred attack tactics, little is known about the organization’s size and structure.
Tactics commonly used by the group include:
- Fake social media accounts
- Targeted malware
- DOS attacks
- Website defacements
- Compromising of Twitter and Facebook accounts
- Leaking of sensitive information
- Comment spam
The most active member of the SEA uses the alias “Th3 Pr0”; this actor is credited with hacking Harvard University, Al Jazeera, and Al Arabiya, among others.
Could you be a target?
In April 2013, the SEA successfully hacked the Associated Press, posting fake news that caused the Dow Jones to drop 150 points before a quick recovery. In the days leading up to that event, members of the SEA also attacked CBS News, NPR, and the BBC.
However, it’s important to note that media outlets are not the only businesses that could be targeted. Other organizations, even ones with no obvious political agendas, could be targeted to exploit high-traffic websites, financial assets, or sensitive information about targeted individuals, or as a result of the private political affiliations of executives and other high-profile employees or customers.
For the SEA’s primary targets, which include media outlets and any group that could support Western views, HPSR recommends beefing up efforts in the following areas:
- Monitor corporate Facebook pages for spam comments.
- Monitor Facebook and Twitter accounts for compromise.
- Enforce strong passwords.
- Be particularly vigilant in monitoring for phishing attacks.
- Maintain unique passwords for each social media site; avoid re-using passwords.
- Monitor your infrastructure for DDOS and SQL injection.
- Monitor your corporate websites for any out-of-process changes.
Finally, increased use of contextual security intelligence is strongly encouraged for all organizations. In today’s world of hacktivism and industrial espionage, every organization needs to assume that they could be targeted by a sophisticated and organized adversary. As a result, it makes sense for organizations to consume as much security intelligence as possible.
Applying intelligence adds context to other data points used to measure organizational risk. This heightened situational awareness can reduce risks and help streamline security operations. When credible threats are identified, defense plans can be put in place or altered to best protect against the identified threats.
Download the full HPSR threat intelligence briefing on the Syrian Electronic Army, and hear the related podcast, on the HP Security Research blog.