Discover Performance

HP Software's community for IT leaders // July 2013

The SEA: A look at the hactivists’ motives and tactics

HP Security Research’s latest threat intelligence briefing looks at the Syrian Electronic Army and how CISOs can protect themselves against the group’s tactics.

The Syrian Electronic Army (SEA) has been touted in underground circles as one of the 10 most skilled hacking teams in the world. This sophistication has been in clear evidence in 2013, as this politically motivated hacktivist organization has executed a number of successful and high-profile attacks, including the AP Twitter hack that caused dramatic turmoil in financial markets.

While media organizations are particularly at risk, there are broad implications for any organization that could support Western views. HP Security Research (HPSR) has released a threat intelligence briefing on the group, available for free download. Discover Performance offers this quick primer to help you understand the SEA’s tactics and how your organization might be targeted.

The ABCs of the SEA

The stated mission of the SEA is to unleash an onslaught of pro-government propaganda in support of the regime of Syrian President Bashar al-Assad. The SEA claims to support their cause by promoting their views over “Western media that are broadcasting fabricated and false news about what is happening in Syria.”

While the SEA claims to be independent, Assad has publicly supported the group’s efforts, stating that they are a “real army in a virtual reality.” Official financial sponsorship by the Assad regime has not been verified.

Other than the aliases of known members and the preferred attack tactics, little is known about the organization’s size and structure.

Tactics commonly used by the group include:

  • Fake social media accounts
  • Targeted malware
  • DOS attacks
  • Website defacements
  • Phishing
  • Compromising of Twitter and Facebook accounts
  • Leaking of sensitive information
  • Comment spam

The most active member of the SEA uses the alias “Th3 Pr0”; this actor is credited with hacking Harvard University, Al Jazeera, and Al Arabiya, among others.

Could you be a target?

In April 2013, the SEA successfully hacked the Associated Press, posting fake news that caused the Dow Jones to drop 150 points before a quick recovery. In the days leading up to that event, members of the SEA also attacked CBS News, NPR, and the BBC. 

However, it’s important to note that media outlets are not the only businesses that could be targeted. Other organizations, even ones with no obvious political agendas, could be targeted to exploit high-traffic websites, financial assets, or sensitive information about targeted individuals, or as a result of the private political affiliations of executives and other high-profile employees or customers.

Protect yourself

For the SEA’s primary targets, which include media outlets and any group that could support Western views, HPSR recommends beefing up efforts in the following areas:

  • Monitor corporate Facebook pages for spam comments.
  • Monitor Facebook and Twitter accounts for compromise.
  • Enforce strong passwords.
  • Be particularly vigilant in monitoring for phishing attacks.
  • Maintain unique passwords for each social media site; avoid re-using passwords.
  • Monitor your infrastructure for DDOS and SQL injection.
  • Monitor your corporate websites for any out-of-process changes.

Finally, increased use of contextual security intelligence is strongly encouraged for all organizations. In today’s world of hacktivism and industrial espionage, every organization needs to assume that they could be targeted by a sophisticated and organized adversary. As a result, it makes sense for organizations to consume as much security intelligence as possible.

Applying intelligence adds context to other data points used to measure organizational risk. This heightened situational awareness can reduce risks and help streamline security operations. When credible threats are identified, defense plans can be put in place or altered to best protect against the identified threats.

Download the full HPSR threat intelligence briefing on the Syrian Electronic Army, and hear the related podcast, on the HP Security Research blog


IT leader assessment

This tool evaluates the correlation between IT attributes and business success and, based on how your answers compare with average scores, will advise you where to invest in IT.

It is based on data HP collected from 650 global companies about a range of IT characteristics (server capacities, approach to information management, security, BYOD, etc.) and how they correlate to revenue gain. This assessment will compare your answers to the average scores in that study.

There are 12 questions that will require an estimated 10 minutes of your time. You'll receive a summary of your rating upon completion.

Let's get started

Please select an answer.


Your answer:
Your score:
Average score:
Revenue leaders' score:


Please select an answer.



Your score:
Average score:
Revenue leaders' score:

Get detailed results:

Popular tags


Discover Las Vegas 2014

Register for HP’s premier event for inspiration from industry leaders, the HP inside scoop, and a deep dive into tomorrow’s enterprise IT trends.

HP Software related

Most read articles

Discover Performance


Tweets @ HPSecurity