The Syrian Electronic Army has made quite a name for itself over the last year. Browse The New Yorker‘s list of its hacks and you can see why. Targets have included a dozen of the world’s best-known media brands — from The Washington Post and The Guardian to Al Jazeera, the BBC, CNN and even The Onion — with steadily increasing technical sophistication and impact.
The media notices when the media itself is the target.
The latest attack was on the New York Times this week, via a security breach at Australian company Melbourne IT. Taking over a media organisation’s Twitter account or temporarily defacing a website isn’t anything new. We’ve seen all that from Anonymous, LulzSec and a bunch of less well-known predecessors. But what the SEA has brought to the table is discipline of a kind that merits the label “army”, rather than “hacktivist” or “collective”.
The SEA has focused on a clear mission: to support embattled Syrian President Bashar al-Assad — and of course it seems to have support from his regime.
The SEA has chosen targets strategically: Western media outlets to grab attention; online tools used by elements the SEA sees as rebels, to disrupt their communications; and, it’s believed, many targets within Syria that outsiders simply aren’t aware of.
The SEA is steadily improved its techniques, and attacks have moved beyond mere website defacements and propaganda tweets. When the SEA took over the Associated Press Twitter feed in April, it issued a false report of explosions at the White House injuring President Barack Obama — causing the Dow Jones to drop 150 points. That could have been engineered into a massive sharemarket fraud, had such a thing been planned in advance. One day it surely will be.
And this week the SEA hit The New York Times — not directly, but by manipulating some of the third-party infrastructure the Times site relies upon. It was down for hours. Given The New York Times Media Group’s annual revenue of a shade under US$1.6 billion, the financial impact must surely be measured in the millions.
The Times‘ chief information officer has characterised that infrastructure attack as “like breaking into Fort Knox”. It isn’t really. Sure, service providers such as domain name registrar Melbourne IT do take security seriously. But if someone logs in with a valid username and password, that person will gain control — and tricking someone into handing over the password (or infecting a computer so you can log every keystroke someone types and learn it that way) through a spearphishing attack targeted at specific individuals is all too easy.
“Will attackers continue to focus on enterprise and government targets, or … focus on the myriad soft targets of individuals?”
But what is clever is choosing to attack via infrastructure providers, because that opens up the potential to disrupt many more organisations at once.
Over the last two years, we’ve heard all about the “cyber-espionage” threat, particularly in relation to a large east Asian nation — slow, covert operations that attempt to avoid detection. We know they’re happening, although there’s still some disagreement about the scope.
We’ve also heard about “cyber-warfare” operations that might take out critical infrastructure such as electricity grids, transport or military targets. We know “cyber-weapons” are being developed, although there’s still some disagreement about their potential effectiveness. We’ve also seen the rise of well-organised transnational cybercrime.
What the SEA represents is something that we haven’t seen before — at least not with this scale and scope — and that’s an overt, coherently run operation that blends propaganda and disruption for political aims. Something well short of warfare, but that’s still “politics by other means” and that causes real pain. And the SEA is probably a mere precursor to much better-funded, more sophisticated and far more dangerous groups to come — run by or in support of national-scale organisations, or maybe something else.
In Sydney last week, IT research and advisory firm Gartner presented its five-year vision for the future of global information security — four potential scenarios that might or might not unfold.
Will attackers continue to focus on enterprise and government targets, or will the development of cheap, automated hacking tools lead them to focus on the myriad soft targets of individuals? Will the defensive response be driven in a centralised, monolithic way, or will it be more fragmented, in a community or even tribal fashion?
The resulting scenarios, Gartner says, range from a massively increased surveillance society cracking down on a criminalised underground “darknet” to a chaotic global battle between self-forming cyber-militias and extreme anarcho-hacktivist groups that governments simply can’t control, and others.
Whichever way things go, one underlying fact will always be true. In the US, there are already more than 100 university degree-level courses in “white hat” hacking techniques, funded by the National Security Agency and the Department of Homeland Security. Similar programs operate in the UK. In Israel, every high school student will get cyber-security training before their compulsory military service. China is also a major player.
Even if 90% of all these professionally trained hackers continue to wear a white hat, it’s clear that there’ll still be plenty of scope for complex global mischief. This is only the beginning.
“Given The New York Times Media Group’s annual revenue of a shade under US$1.6 billion, the financial impact must surely be measured in the millions”
I doubt it…Biggest impact on the website being down is on-line advertising, which only makes up 25% of the advertising revenue for the group.
I calculated it as around $500,000 a day so if the website was down for approx 6 hours, probably only a small financial cost….less than the cost of the IT security manager who is now updating his linkedin profile.
Potential Online Subscribers who may have wanted to subscribe during the outage will just buy the hard copy today and subscribe tomorrow. No biggy.
Reputational damage to the brand is the biggest worry, but as they can blame Melbourne IT, no major issue.
Once again, I think people overestimate the effect of “cyber warfare”, especially these sort of denial of service or propaganda attacks which are more annoying than anything else. The US Government will not be prevented from launching missles at Syria based on a couple of script kiddies who cause a some websites to crash. Just more Gen Y “we think we are more important than we actually are” rubbish.
Interesting article. Thank you.
Interesting and alarming article.
In this scenario do we need a national government lead by someone who regularly uses the “I’m (like most people, you know) not a Tech Head” excuse to disengage from any sensible discussion of such important matters?
And would a such government, antagonistic to the desire of most Australians to have a world class digital communications network, represent a national security risk in itself?
Is this a potential government which is already anticipating with its internet communication policy the suppression forecast in the article?