Sorry to disappoint you all. But I couldn’t track down the Syrian Electronic Army down, not on a 5-hour deadline.
But neither have tech security experts. So I don’t feel too bad.
“They appear to be a group of hackers in Syria trying to draw media attention to supporting Bashar al-Assad,” says Chester Wisniewski, senior security advisor at Sophos. And, he says, we know they aren’t the world’s most sophisticated hackers. Take today's attack on the New York Times: “They tricked someone into disclosing their password so they could gain access to a system," Wisniewski says, "and that’s been their modus operandi in many of their attacks, attacking human frailty rather than technology,” says Wisniewski.
It seems the Syrian Electronic Army sent fake emails to people at a company that registers domain names (basically publishers of a phone book for the Internet). Someone fell for it, and the Army “was effectively able to rewrite the white pages for the Internet, pointing sites that should have gone to one location to sites that the Syrian Electronic Army controlled,” says Matthew Prince, CEO of the web services company CloudFlare.
It seems like if you’re in the Internet industry, you should know better? Then falling for a fake email?
Prince says we might not want to be too quick to judge. “The challenge is that the Internet and something like email has been built in such a way that’s really hard to authenticate when a message is actually coming from someone.”
And when it’s being faked.