FAQs about hacks: Everything you need to know about the Syrian Electronic Army

In the past 24 hours, the New York Times went down and Twitter images went wonky, while the Huffington Post dodged a digital bullet. All the chaos comes courtesy of the Syrian Electronic Army, a hacker group in love with Syrian president Bashar al-Assad—and this isn't the first time the cyber boogeymen have lashed out at Western targets.

But what's all the hubbub about? Should you be worried about the Syrian Electronic Army? Is there a chance you and I could get caught in the crossfire, the way Lulzsec leaked so many passwords a few summers back? Read on to learn everything you need to know about the Syrian Electronic Army.

Nobody knows for sure, but all indications suggest that is a group of pro-al-Assad hackers, rather than an official government group.

Syrian Electronic ArmyThe SEA seized control of the DNS records for Twitter's image servers Tuesday. (Click to enlarge.)

The Syrian Electronic Army has been responsible for numerous high-profile hack attacks, including the hijacking of the Twitter accounts across the media spectrum—from venerable outlets like NPR, CBS, and the Associated Press all the way to BBC Weather, The Onion, and E! Online. Yesterday, the group claimed responsibility for the DNS-based troubles fouling the New York Times, Twitter, and the Huffington Post UK.

Unlike Lulzsec, which sowed havoc across the Web for nothing more than giggles (and eventual betrayal and jail time), the Syrian Electronic Army operates with more ideological goals. The hacker collective targets media entities with large followings, then uses the hijacked Twitter accounts and Websites to spread a pro-al-Assad message.

"There are many targets that were vulnerable that we felt were fair to Syria and had balanced coverage, we did not strike them," a Syrian Electronic Army representative told the Verge in May.

Yesterday's DNS attacks occurred as rumors of a U.S. strike in Syria abound, after the American government said there was "no doubt" that al-Assad deployed chemical weapons to kill hundreds of Syrians.

Not quite.

Tweets from the SEA-hijacked E! Online account weren't exactly highbrow. (Click to enlarge.)

Sure, the group's hijackings didn't take much skill beyond adept social engineering, and yes, a lot of the Syrian Electronic Army's shouting has been of the juvenile and meme-filled variety.

"The Syrian Electronic Army actually makes a lot more sense if you think of them as pranksters who also happen to love Assad than as state-aligned hackers in pursuit of concrete goals," the Washington Post recently wrote.

But don't mistake the group's silliness for stupidity!

Melbourne IT, the registrar that was attacked in order to fell the Times and other yesterday, has a reputation for strong security chops, according to CloudFlare. Indeed, after a group of HP researchers studied the Syrian Electronic Army for a number of months, they noted that the SEA is considered "one of the top 10 most skilled hacking teams in the world."

Yes and no.

Thus far, the Syrian Electronic Army has largely been targeting the digital equivalent of microphones, rather than the masses: It's trying to spread the pro-al-Assad word via hijacked media accounts. Yesterday's attack didn't affect user accounts or data in any way, as far as experts can tell.

But that doesn't mean the group intends to stay mostly harmless. In the midst of Tuesday's attacks, experts from Google, OpenDNS, and Cloudflare found that the Syrian Electronic Army site that replaced the New York Times homepage appeared to be infested with malware.

You shouldn't have anything to worry about if you take some basic online security precautions—the kind of stuff you should already be doing, anyway. Install an antivirus program and keep it up to date to protect against potential malware infections.

Likewise, you can keep your online accounts buttoned up by activating two-factor authentication wherever possible—Twitter offers both SMS- and app-based two-factor authentication, for example—and, more importantly, by never reusing passwords across multiple sites. It's not as hard as it sounds! Password managers can take a lot of the hassle out of, well, password management, and PCWorld has a guide to building better passwords without losing your mind.

Brad Chacos spends the days jamming to Spotify, digging through desktop PCs and covering everything from BYOD tablets to DIY tesla coils.
More by Brad Chacos

View the original article here

Hacker points Syrian telecom website to AT&T, T-Mobile

The website of a Syrian telecommunications provider redirected to AT&T's website and then T-Mobile's on Wednesday, an apparent prank by a hacker who has been probing the country's Internet infrastructure for several days.

The hacker apparently found a way to modify the authoritative DNS (Domain Name System) record for the Syrian Telecommunications Establishment (STE), said Doug Madory, senior analyst with Renesys, a company that monitors global Internet activity.

The style of hack is similar to one that affected The New York Times, Twitter, Sharethis and others on Tuesday when certain domain names they controlled were pointed to an IP address controlled by the Syrian Electronic Army (SEA), a group of pro-Syrian government cyberattackers.

DNS is a distributed database that translates domain names, such as twitter.com, into an IP address that can be called up in a browser.

The DNS server used by STE also runs several other Web services "which is quite unusual for high-profile DNS servers," said Andree Toonk, founder of the network monitoring company, BGPmon.net.

"It's not unlikely the attacker gained access to this machine exploiting one of these services," Toonk said.

The attack on STE also modified the organization's mail exchange (MX) records, which are used to route email messages.

At one point, STE's MX record pointed to a domain in Israel. The record was then changed to point to a mail server run by Iran's presidential office, Madory said. Then the hacker changed it once more to "oliver.tucket.boom."

On Wednesday, The Washington Post published an interview with a person going by the pseudonym "Oliver Tucket," who took credit for a series of attacks on the Syrian's government's infrastructure.

The Post identified him as an American white-collar worker who has sought to embarrass President Bashar al-Assad's regime. A Twitter account, @olivertuckedout, showed several tweets on Sunday claiming attacks against Syria. The person running that Twitter account could not immediately be reached.

It's unlikely that the MX record tampering actually allowed the hacker to intercept emails, although that in theory is possible. Emails directed to another server that is not configured correctly to receive mail would be rejected, Madory said.

The MX record tampering is likely designed "more just to embarrass," Madory said.

Syria's government has waged a long-running, bloody campaign against rebels seeking to topple al-Assad's government. In protest of coverage of the conflict, the SEA has conducted a range of cyberattacks against the websites and Twitter accounts of media outlets such as the Financial Times, the Associated Press, The Guardian, BBC and Al Jazeera.

The SEA's attack on Tuesday compromised a reseller of domain name services affiliated with Australia-based Melbourne IT.

Through a spear phishing email, the group gained account credentials that allowed it to modify authoritative DNS records for many websites, redirecting people to a website in Russia that it controlled.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

View the original article here