Syria’s cyberattack: First wave of a bigger war?

Posted at 9:09 PM, Aug 30, 2013

WASHINGTON (CNN) – “Server Not Found.”

Those three ominous words — especially for an organization in the highly competitive news business — were seen on computer screens nationwide as customers tried to access The New York Times website this week. The newspaper’s site was crippled for more than 20 hours.

A notorious group of hackers called the Syrian Electronic Army claimed responsibility.

Beyond the crippling of one high-profile newspaper website, the incident has people asking broader questions about U.S. cybersecurity: How vulnerable are U.S. websites to attack? Who are our potential cyberenemies? Is there more to come?

The answers aren’t comforting: Computer and homeland security experts now warn of a broader cyberwar if the U.S. launches military strikes on Syria.

Frank Cilluffo, director of the Homeland Security Policy Institute at George Washington University, believes the Syrian Electronic Army will likely strike again — and might have help.

“If they did work with some of their allies — with Iran, if they were to get some support from China and Russia — then the game changes quickly,” Cilluffo said. “It escalates in terms of capability.”

The Syrian Electronic Army might not be the most sophisticated gathering of hackers at the moment, but experts say its shown the ability to wreak plenty of havoc — primarily with media outlets so far.

USS San Antonio now in Mediterranean off coast of Syria

Such attacks can be costly.

In April, the group hacked the Twitter feed operated by the Associated Press and put out a fake message saying “Breaking: Two Explosions in the White House and Barack Obama is injured.”

That caused a brief panic, and stock markets plummeted temporarily.

Helmi Noman, a researcher at the Munk School of Global Affairs’ Citizen Lab at the University of Toronto, predicts these hackers will look for more chances to exploit weaknesses in America’s cybergrids.

“It’s not what they want to do or could do; it’s what are the available vulnerabilities out there,” said Noman.

The Syrian Electronic Army has already ably demonstrated those soft spots — and that’s by a possibly ragtag group that’s not considered particularly sophisticated in the hacking world.

“The Syrian Electronic Army is a murky, underground group that has made a name for itself by plastering pro-regime propaganda across some of the Internet’s most trafficked sites,” a U.S. official told CNN.

“It’s clearly a nuisance, but its tactics aren’t all that sophisticated. And while the regime probably welcomes its efforts, Damascus isn’t necessarily calling the shots.”

“It appears to be a loose collective of a few individuals,” said former hacker Marc Maiffret of the group, which supports Syrian President Bashar al-Assad.

Maiffret, who’s now chief technology officer for the cybersecurity firm Beyond Trust, also says these hackers might not have been in the game for that long.

“There’s been some information put out on the Internet that (some) could be even as young as 19-year-olds.”

Whatever the age of its members, the Syrian Electronic Army has recently escalated its method of attacks.

Previously, cybersecurity experts say, it would only go after the direct managers of the websites it was hacking, using phishing e-mail to attempt to trick those operators into revealing their login credentials. But earlier this month, the group targeted a search engine that directs traffic to CNN and The Washington Post. Security for the and sites were not compromised.

In the case of the Times attack, the Syrian group went after the larger connection chain. It’s called the Domain Name System. It connects you, when you type in “” or any other website, to the specific computer addresses where that content can be found.

Experts say the hackers went after the managers of those connections; in this case, a firm that works with a company called Melbourne IT. The hackers tricked employees of that firm into giving up their passwords.

Once they did that, many people trying to access The New York Times website were steered instead to servers controlled by the Syrian Electronic Army.

That makes more than The New York Times vulnerable.

“You could basically have your computer attacked,” said Maiffret. “By hitting this unknown malicious website, if you had out-of-date software or out-of-date anti-virus, your computer could actually be compromised.”