Syrian Electronic Army Takes Down Twitter, Sort Of

syriaThe Syria saga is playing out in cyber space, too. A group that calls itself the Syrian Electronic Army (SEA) claims to have compromised the websites of Twitter, the New York Times, the Huffington Post, and several other organizations. The impact of their actions were not terribly consequential, as the resulting service interruptions were scattered and short-lived.

It appears SEA didn’t attack Twitter’s servers directly. Instead, digital forensics evidence suggests that the attackers actually compromised the Melbourne, Australia-based company through which Twitter registered its web address. When a company registers its web url (also called its domain name), it provides the IP (i.e. Internet) address of the server to which users who surf to the url should be directed. What the SEA appears to have done is hack into the Australian company and change that mapping so that people who directed their browsers to Twitter’s website would instead be connected to a different server. It appears the SEA pulled off similar attacks against its other victims, too.

The effects of the attacks were small and short-lived because Twitter distributes its various services among several, redundant servers worldwide. If just one or a couple name-address mappings are altered, there are still significant portions of Twitter’s content that remain available, and the compromised one can be patched out by correcting the mapping. That was the case with these attacks by the SEA.

It is unclear who or what the SEA actually is. Is it state-sponsored? Does it receive funding and support from Bashar al-Assad and his forces? Or is it a loose confederation of independent hackers who have only the tacit support of the government, or even no government recognition at all? Their identity at this point is completely unclear. These attacks weren’t so sophisticated that they could not have been conducted without state support. Yet, there is certainly a political theme to them, as they attempt to convey very clearly that its participants oppose US intervention in Syrian affairs.

The SEA has waged more damaging attacks in the past, including one that posted a fake headline on the Associated Press’ Twitter feed that the White House had been attacked. That news set off a stir that resulted in temporary losses of $200 Billion in US stocks. Twitter fortified its security posture since that attack, which limited the SEA to take far less dramatic action this time.

Certainly, these kinds of attacks, if left unchecked, can do amazing amounts of damage very, very quickly. With more political groups becoming cyber-active, it is imperative that public and private enterprise learn to detect attacks rapidly at their outset, identify their perpetrators, respond by fortifying defenses, and perhaps attack in kind to deter further action. Fortunately, companies don’t have to learn new techniques to defend against these international hactivists, as the same techniques they use to counteract the more mundane domestic cyber tomfoolery will work against groups like the SEA, too.

 

Ray Klump

About Ray Klump

Professor and chair of Mathematics and Computer Science Director, Master of Science in Information Security Lewis University http://online.lewisu.edu/ms-information-security.asp, http://online.lewisu.edu/resource/engineering-technology/articles.asp, http://cs.lewisu.edu. You can find him on Google+.

Leave a Reply

Your email address will not be published. Required fields are marked *