Cold Open
The following presentation is not suitable for young children. Listener discretion is advised.
On Tuesday April 23, 2013, the stock market whirred with activity.
SFX: TRADE BELL RINGING
Every second, traders bought and sold tens of thousands of shares. Being late to buy or sell by a matter of seconds could mean the difference between a fortune and bankruptcy.
So every trader was looking to get an edge. Just two and a half weeks before this particular day, the Bloomberg terminals on the New York Stock Exchange floor had added Twitter accounts from trusted news sources to their machines, so traders could get real-time notifications about real world events.
SFX: NOTIFICATION DING.
And at 1:07pm Eastern Time, something really big came through those Bloomberg terminals.
SFX: A LOT OF DINGS
The Associated Press newswire, one of the most trusted news sources in the world, had just tweeted something catastrophic:
SFX: TWITTER BIRD SOUND
“Breaking: Two Explosions in the White House and Barack Obama is injured”
SFX: PHONE NOTIFICATION DING.
And within moments on the floor of the New York stock exchange, chaos unfolded.
SFX: SHOUTING AND TRADE SOUNDS
At 1:08pm, stock traders started a mass frenzied sell-off. By 1:09pm the Dow Jones average had dropped 150 points.
SFX: SHOUTING AND TRADE BELLS
Then, at 1:10pm, more tweets started to come in:
SFX: TWITTER BIRD SOUND
The White House was fine. Obama hadn’t been injured. The original tweet was wrong.
SFX: CALMER MARKET SOUNDS
At the undamaged White House, press secretary Jay Carney called a press conference, and drily showed reporters that there had been no explosion.
SFX: CAMERAS GOING OFF, REPORTERS YELLING.
By 1:13pm, 6 minutes after the sell-off had started, it was over. But before the hoax was found out, it had cost traders nearly $140 billion.
What went wrong at the AP Twitter account?
SFX: TWITTER BIRD SOUND
Well if you followed the Twitter account for a group called the Syrian Electronic Army, you might have a good idea. Within the hour it posted: “O[o]ps! @AP g[o]t owned by Syrian Electronic Army!”
This was the sixth prominent Twitter account they’d hacked in the last few months. They weren’t here to prank, they were an army. But instead of attacks on the ground, they attacked information and infrastructure.
On this episode: nationalism, high-stakes ransom, and the future of warfare. I’m Keith Korneluk and this is Modem Mischief.
Introduction
You're listening to Modem Mischief. In this series we explore the darkest reaches of the internet. We'll take you into the minds of the world's most notorious hackers and the lives affected by them. We'll also show you places you won't find on Google and what goes on down there. This is the story of the Syrian Electronic Army.
Act 1
When we think about armies, we usually think about battlefields, tanks, barracks, ships, and jets:
SFX: MARCHING TROOPS, CAVALRY TRUMPETS
Big groups of soldiers who attack each other using weapons.
SFX: HELICOPTER CHOPPERS THEN EXPLOSION
But in the era where everything is online—from electrical grids and banks, to defense systems—a country wouldn’t have to drop a bomb or send in troops to incapacitate an enemy. Power plants? Public transit? All could be taken out without using a single conventional weapon.
SFX: TAPPING KEYBOARD, POWER GOING OUT SOUND.
In a few clicks of a keyboard, a few people in an office building could cripple a country just as effectively as an invading army of thousands. Maybe even more effectively.
The new frontier of warfare isn’t on the ground, it’s online. In 2022 computer networks are now battlefields.
Already over the last few years, hackers working for governments around the world have taken down electrical grids in Ukraine, and destroyed nuclear facilities in Iran. (For more information on that, listen to Episode 9 of Modem Mischief where we talk about Stuxnet!)
This is the story of one such cyber army: The Syrian Electronic Army. They’re participants in an ongoing war, so much of what they do and who they are is shrouded in mystery. The government of Syria denies they have anything to do with it. But here’s what we do know…
SFX: AIR RAID SIREN
Syria, on the northern end of the Arab world, sandwiched between Turkey, Israel, and Iraq, has been an independent country since 1945, when it got its freedom from France.
But it’s been ruled by an authoritarian regime for most of that time. The country’s been led by members of the repressive Assad family, starting with Hafez al-Assad, known as the Lion of Damascus since 1970.
SFX: MARCHING TROOP SOUNDS
Freedom of the press, and any opposition has been steadily stifled over the years, leaving the Assad family in near-complete control of the nation.
Hafez’s second son Bashar, born in 1965 shortly before Hafez took power, seemed more like a lion cub than a lion. His older brother Bassel was the one who was groomed to succeed Hafez, leaving Bashar to pursue other interests.
Young Bashar was quiet, didn’t like to make eye contact, and would fold his tall frame down in a permanent slouch to avoid attention. Unlike his father, or his showboating older brother, he showed no interest in politics or the military. Instead he studied medicine in London, and planned on becoming an opthamologist.
SFX: LONDON CITY SOUNDS
He spent his early 20s living in a flat on Sloane Street in West London, head-over-heels in love with a British-Syrian woman Asma al-Akhras, and went online using computers that were difficult to find in his father’s authoritarian regime.
SFX: AOL LOGIN SOUNDS
Every morning, his friends remembered the first thing he’d do would be to check the online top 40 billboard charts to learn everything he could about what was popular in his new country. He loved the internet and western pop culture, and his computer was a proud symbol of his newfound identity.
SFX: TIRES SQUEAL
In the early 90s though, his brother Bassel died in a car crash, and all of a sudden this computer-savvy, ophthalmologist was called back home. He would have to take over as next in line to rule Syria.
His aging father Hafez groomed Bashar to take over after he was gone. Bashar was enrolled in the Homs Military Academy, and given a crash course in military strategy, rising in the ranks as a colonel in the Syrian Army. The Cub was going to give up his dreams of being a London ophthalmologist.
SFX: MARCHING STEPS
Bashar was able to bring back some of what he had learned in London though. He married Asma, and in-between his military training, asked his father to be appointed head of the small Syrian Computer Society based in a drab gray office building in the Syrian capital of Damascus.
SFX: A DOT-MATRIX PRINTER CHURNS
The Computer Society didn’t do much when Bashar joined—it had a few decade-old machines, and was largely shunned by Hafez’s generals as a waste of time. It was where unpopular officers were sent when they got in trouble. Bashar could do whatever he wanted with the little group, just so long as he learned real military strategy in the meantime.
SFX: MODEM SOUNDS
During the 90s, Bashar used his time to lead the Syrian Computer Society to slowly but surely bring Syria into the modern era. Internet cafes started to launch around Damascus, and computers were installed into the major universities.
SFX: AOL LOGIN SOUNDS MIXED WITH CAFE NOISES
By 2000, while Syria wasn’t exactly Silicon Valley, a lot had changed. His work with computers had brought some computer infrastructure into the Syrian public sphere. Reformers could have some hope that maybe the young Bashar could be a breath of fresh air for the repressive nation.
And on June 10, 2000, the 69-year old Lion of Damascus, Hafez, was on the phone with the prime minister of Lebanon when he suffered a massive heart attack—dying instantly.
SFX: FUNERAL SOUNDS
The country went into 40 days of mourning, and at the end of it, Bashar was in charge. Was he going to bring the same spirit of liberalization to the country he brought to the computer society?
MUSIC CUE: UPBEAT SYNTHS
In heartening news for reformers, he brought along members of the computer society into the government. For the next seven months, he seemed to modernize the country: he released political prisoners, eased up rules on criticism of the regime, and closed Mezzah, one of his father’s most infamous prisons.
SFX: CHEERS
For a while, it seemed this fresh-faced lanky man might bring hope to the authoritarian nation…
MUSIC: SLOWS DOWN AND TURNS MORE OMINOUS.
But over time, the reforms slowed. Hardline government officials from his father’s regime started to push back. Then with the American invasions of Afghanistan and Iraq, appetite for making the country more Westernized started to sour.
While Bashar was still nearly always photographed with an Apple laptop on his desk, his government soon started to resemble his father’s, despite the computers.
SFX: GATES CLOSE
Political prisoners were put back in their jail cells, dissent started to be punished again. Slowly but surely, the country under Bashar resembled what it was under his father.
The one difference was that the people in charge of the government weren’t just old-school soldiers, they also included his friends in the Syrian Computer Society. Bashar had succeeded in bringing a big part of Syria into the modern era. Unfortunately for reformers, that part was largely the oppressive state.
MUSIC CUE: DOWNRIGHT SCARY
Over the next ten years, the rise of Islamic fundamentalism, a horrific drought, and state repression started to drive the country apart, and test Bashar and his compatriots from the Computer Society’s iron grip.
In late 2010 and early 2011, during a time known as the Arab Spring, people all over the Arab world from Tunisia to Egypt started to protest against repressive regimes, in a series of popular uprisings helped along by Twitter and other tools introduced recently
into the region.
SFX: PROTEST SOUNDS
In the presidential palace in Damascus, Bashar’s officials monitored the unrest in their neighbors with worry.
They could see on social media that the country was full of dissatisfaction. All it would take would be a spark and they could lose control. They decided they would clamp down hard on any possible revolution.
SFX: GRAFFITI SPRAY
So on March 6, 2011, when 15 teenage boys graffitied pro-Arab Spring messages in the small town of Daraa the Syrian police arrested and tortured all of them.
What the Syrian government didn’t expect, was this would be that spark.
SFX: CHANTING
People in the city, then across the country started to protest the brutal regime. The government responded by killing hundreds of demonstrators and imprisoning thousands more. But it wasn’t enough. Every repressive move by the Syrian government caused even more protests.
By July, a group of soldiers resigned and formed what they called the Free Syrian Army. A full-blown civil war had started.
SFX: BATTLE SOUNDS
As Bashar Al-Assad struggled for a way to hold onto power, he found himself facing an unhappy population, united by the power of technology and social media to connect with each other, and backed by powerful forces in the United States and Europe.
He was in a tight spot, and surely old-guard members of his father’s government thought he was too weak: they couldn’t beat the rebels with computers. Or could they?
SFX: COMPUTER STARTUP SOUND
In May 2011, amidst a sea of anti-government chatter on Facebook and Twitter, a group that called itself the Syrian Electronic Army set up a website, Facebook, and twitter account.
They quickly started spamming rebel-friendly social media pages and news stories with pro-government messages.
SFX: POSTING NOTIFICATIONS
In their about page—and yes this shadowy organization had an about page—they proudly proclaimed that wasn’t officially connected to the government, but it was instead:
Founded by a team of young Syrian enthusiasts to fight those who use the Internet and especially Facebook to ‘spread hatred’ and ‘destabilize the security’ in Syria.
Despite what their about page claimed, it didn’t take much digging to find out they weren’t exactly independent. For one thing, their website was registered to… the Syrian Computer Society, aka the group Bashar al-Assad had run in the 90s.
A few weeks later they didn’t even bother claiming they were independent, and cut that reference in their about page. And over the course of the next few months they became ubiquitous presences on social media and news stories about the budding Syrian Civil War. Any criticism of Bashar would cause an outpouring of spam messages on Facebook or in the comments of newspapers saying “we love our president”, or “what about western atrocities?”
And there were a lot of those news stories about Syria. Over the next few months, rebel forces grew fast. They started to take cities, and chatter on social media was overwhelmingly positive. It looked like the Syrian government was in serious trouble.
SFX: BOMBING SOUNDS
That summer, his back against the metaphorical wall, Bashar al-Assad gave a fiery speech, where he defended the Syrian armies and claimed they could still win. While talking about the various physical armies working for him, he even called out the Syrian Electronic Army. He called it not just a group of hackers, but an:
Electronic army which has been a real army in virtual reality.
SFX: CHEERS
He had an army that could battle for him in cyberspace. But what was he going to do with it?
Act 2
In 2011, the government working for Syrian president Bashar al-Assad was looking for an edge in their brutal civil war. In April of that year, a group called the Syrian Electronic Army was founded on servers owned by the government-run Syrian Computer Society.
They had the tools to wage what Bashar al-Assad called a real war in a virtual reality, but who would enlist in this kind of army? It’s not like they could just bring in every day soldiers. This army required programmers, hackers, people who could use computers like the back of their hands. In short, not your typical soldier.
MUSIC CUE: TH3 PR0 THEME
The first member of the S.E.A. we know about, is an unassuming 18-year old from Damascus, named Ahmad Al Agha. Born January 10, 1994, his floppy dark brown hair and glasses don’t make him look like a hardened military man. Instead he’s a 5’10” thin guy with a wide smile.
Ahmad was a quiet kid, who’d learned to use computers in the internet cafes that Bashar had installed as head of the Computer Society.
SFX: INTERNET CAFE SOUNDS
There, surrounded by cigarette smoke, and fuelled by cheap coffee, he’d learned to build websites. He was good at it. And he’d started hacking too, impersonating people online, and breaking into websites. It was fun, he was a teenager, it’s hard to blame him. But someone from the Computer Society noticed.
One day in fall of 2010, just as Bashar started to worry about the possibility of a revolution in Syria, armed police surrounded Ahmad as he went into an internet cafe.
Oh no. He thought. But I’m a patriot!
They weren’t there to arrest him for his hacking though.
SFX: DRIVING
Instead they drove him to the drab grey building where the Syrian Computer Society was still headquartered, and said he wasn’t in trouble. Instead, he could help his country.
Here was a poor kid who spent his free time trying to escape an unhappy life in a repressive regime. And all of a sudden the most powerful people in his world were offering him a chance to join the ruling class.
He signed up, of course. But he’d have to pick an alias. This was undercover work.
I’ve got just the name he said. A cocky smile on his wide face.
Th3 Pr0. With a “3” and a “0” of course, he wasn’t a n00b.
SFX: EMAIL NOTIFICATIONS
In November 2010 he registered a gmail account to “the pro 0123,” which he would use for hacking, but also for his personal use.
He sent wedding pictures to a friend, he sent identification documents for travel, and he used the Google account to research targets for attack. This was covert, but he was also a teenager. He wasn’t that careful.
And by mid-2011, he was officially the head of special operations for the Syrian Electronic Army.
From a base in Syria, he spearheaded attacks on sources he felt were either critical of the Assad regime, or important-seeming in the west.
SFX: COMPUTER WINDOW OPENS
And by summer of 2011, the army picked their first target. A world away from Syria.
SFX: BIRDS CHIRPING, WAVES LAPPING
On July 6, 2011, anyone who tried to go the UCLA’s website, would get a lesson in respecting Bashar’s government.
SFX: ERROR SOUNDS
HACKED”
A simple text message proclaimed. Below, the message continued:
We are sorry to destroy your sites, but your government’s policies and the interfere[nce] in our interior affairs forced us to hack your official sites so you will be able to listen to our voices live from Syria. We love our country and we love our president Bashar al Assad and we will not allow anyone to interfere in our internal affairs.
Signed, “The Pro”.
The site was only down for a few hours, but it was a surprising turn. Why would the Syrian Civil War intrude into the website of the University of California Los Angeles? And how did they get in?
For UCLA, The Pro tried out a tactic the rest of the Syrian Electronic Army would use time and time again: a phishing technique.
SFX: FISHING LURE GOING IN WATER WITH A POP
Phishing—with a p—is a surprisingly simple hacking technique. Just like fishing with a fishing pole, it involves laying out a bait, and hoping someone bites.
SFX: LURE GOING UNDER WATER
For the bait The Pro would send out an email that looked like it came from the target’s own organization or a trusted account like Gmail or Twitter, that would take them to a website that looked like it belonged to their normal login page. Something innocuous like “your request timed out, please log back in.”
Sometimes the target wouldn’t bite—they wouldn’t open the email, they would leave before filling out information. It’s a slow process. But sometimes a user wouldn’t pay that much attention, and type in their information.
SFX: STRUGGLING IN WATER, FISHING POLE REELING IN
And then The Pro would have their login information, and their way in. Not very complicated, but surprisingly effective. Not the sort of thing that would require CIA-level hacking skills. Instead the kind of game a smart 18-year old like The Pro could pull off.
Over the next few years, the Syrian Electronic Army never really changed their tactics, because why bother? They didn’t have to develop sophisticated tools, they just had to hope they could find a distracted or careless IT person.
SFX: KEYS CLATTERING, NOTIFICATIONS DING
Why did he start with UCLA? It seems like it was a target The Pro had heard of, and was a place to show off the reach of the Syrian Electronic Army.
And if that doesn’t seem like the most calculated target for a first strike, maybe it’s worth remembering: The Pro wasn’t the youngest member of the S.E.A. Of the roughly half a dozen known members, all of them were in their late teens through early 20s.
So they did what a lot of other young men on the internet who hide behind a fake identity did: they trolled.
MUSIC CUE: UPBEAT SYNTH
Starting in 2011, the Syrian Electronic Army hacked a lot of websites. Like with UCLA they didn’t seem to steal information, they just did the equivalent of spray painting a tag on the side of a wall. When visitors would try to go to the site they’d find a clumsy picture, and the phrase: “Hacked by the Syrian Electronic Army”
SFX: SPRAYPAINT SOUNDS
After UCLA they went after Harvard, and then LinkedIn.
But they seemed like they were getting bored just tagging sites. They moved onto the next level of trolling:
On March 27, 2012, The Pro sent a message to the social media manager at the Saudi Arabian TV network Al Arabiya, that looked like it came from Twitter: but to read it they’d have to log back in.
SFX: TYPING
Once in, the Syrian Electronic Army used the access to get control of both twitter and Facebook accounts. And they did their usual move of changing the Facebook page to show “the Syrian Electronic Army was here”. But then they took it a step further.
SFX: TWITTER SOUNDS
“Explosion at a Qatari natural gas field”
“Qatar Prime Minister resigns”.
In a quick flurry they put out tweets and Facebook posts that mimicked a normal Al Arabiya format, but just… lies.
SFX: TEEN BOYS GIGGLING
While the social media pages were reclaimed quickly, the potential in there for psychological warfare—and trolling—was hard to resist.
On August 5, they hacked Reuters twitter account with a series of pro-Assad messages. On February 26 they hacked the French Press Agency twitter account, on April 21, 2013 they hacked 60 Minutes claiming the US government caused the Boston Marathon Bombing.
SFX: 60 MINUTES-STYLE TICKING CLOCK
They went after dozens of news sources, from the New York Times, to the AP. Some of their tweets seemed designed just to make teen boys laugh, like:
“Chaotic weather forecast for Lebanon as the government decides to distance itself from the Milky Way"
Or:
"Saudi weather station down due to head on-collision with camel".
Maybe it’s no surprise they even targeted the satirical news site The Onion.
SFX: RIM SHOT
The Pro even went after the FC Barcelona soccer club, but just to post tweets taunting Real Madrid. Then both britneyspears.com and selenagomez.com. If this was an army, the only real damage seemed to be to systems administrators' sanity.
MUSIC CUE: ECHO OF THE OMINOUS AUTHORITARIAN THEME FROM ACT 1
But while they were engaged in these high-profile goofs on western pop culture, the Syrian Electronic Army was also involved in attacks close to home with real human consequences.
In 2013, a researcher at the University of Toronto discovered spyware with names like “Dark Comet” and “Blackshades” on Syrian dissident’s computers. The spyware was hiding in the background of hundreds of computers, sending personal information like location, emails, and keystrokes, back to the Syrian government.
Hundreds of people critical of the regime were imprisoned with information found this way.
SFX: PRISON GATES CLOSING
The Pro denied he had anything to do with those attacks, but researchers traced them back to IP addresses owned by the Syrian Electronic Army.
It seemed like the army’s outwardly facing attacks were a cover for something more insidious. In late 2012, they hacked a Facebook page of a Syrian opposition leader named Burhan Ghalioun.
It seemed like just their normal graffiti-style attack. But then, even after Burhan reclaimed the page, it started to send out spyware to anyone who visited the site.
SFX: POP-UP WINDOWS
Security researchers started to realize that the army was fighting a two-prong war: one, public and goofy, to raise questions and confusion. And a second more insidious one. They were helping track down rebels for the Syrian government.
That attack on the AP’s twitter feed that caused the brief collapse of the Dow Jones?
SFX: STOCK TRADING PANIC SOUNDS
The same day, the Syrian Electronic Army infiltrated the Qatar armed forces and foreign ministries.
They downloaded hundreds of files, including minutes of classified meetings, government bank statements, and evidence of Qatari support for rebels. This is the sort of information that would have required spies working around the clock to find in a pre-digital age.
SFX: CAMERA FLASH GOES OFF
By early 2013 they had a list of hundreds of rebels that they’d given the government, and had defaced websites around the world. Their mission seemed to be going about as well as it could.
While there aren’t a lot of details about how the organization was structured, it seemed like the roughly half dozen 20-year olds were set up like a military operation.
There was a strict hierarchy, with an offensive officer and intelligence officer sharing responsibility. Each attack would follow roughly the same pattern: 3-5 days of deep surveillance, a fast—less than an hour sometimes—phishing campaign, then a week of monitoring intercepted information before defacing the website. It was efficient.
But already by a year in, there seemed to be cracks in the organization. The government didn’t like the way the army was structured. They didn’t exactly care for the attacks on western pop culture targets, and they certainly didn’t like the constant troll-wars with other hacker groups.
SFX: TYPING INTERMINGLED WITH LAUGHING
Because by summer of 2012, the Syrian Electronic Army was heavily involved in fighting with groups that had nothing to do with the Syrian civil war, from western pop culture to Turkish hacking groups.
The higher-ups talked to the young men in the S.E.A. like the Pro, and told them to focus on domestic targets. But it was hard to get them to stay sharp. They were young guys, who felt like they were on top of the world. They all had cocky undercover names: The Pro, The Tiger, The Shadow.
They picked a fight with the loose hacking group Anonymous. Anonymous posted things critical of the Assad government, but wasn’t exactly a real target for the government. But the S.E.A. kept going after them. On July 24, 2011 a hacker for SEA who called himself Saqer—Falcon in Arabic—took down Anonymous’s network Anonplus.
SFX: STATIC SOUND
And that pissed off the wrong people. In July 2012, the Syrian Electronic Army found an alarming folder on PasteBin:
SFX: NOTIFICATION
Hundreds of their classified files stolen from Syrian dissidents, suddenly out there in the open. Anonymous had broken into the Syrian Electronic Army’s servers.
Shit.
They backed off attacking Anonymous, but it wasn’t over for them.
17 months later in January 2014, The Pro tried to log into the web hosting site, but couldn’t.
SFX: ERROR SOUND
Confused, he opened a new browser window to make sure the site wasn’t down. Which did happen pretty often. It was hosted on Syrian networks, which weren’t the most reliable.
SFX: MOUSE CLICKING
The site took a while to load.
Yep, just down again. Fucking internet
He thought. Before his jaw dropped.
SFX: JACK-IN-THE-BOX SOUNDS
The site had been defaced. Just like he had done to a hundred sites, there was a big spraypaint-like tag on it. But this time there was a different group. It said:
You imbecil[e]s will attack our country with fake phishing emails and we’ll accept your lies and don’t do anything ? That is the end you deserve.
And above that a message from a hacking group called TurkSecurity, with the phrase “come to daddy” in Turkish.
The Pro, fingers shaking, called the physical army with the bad news.
The Syrian Electronic Army wasn’t the only cyber-army in town any more.
Act 3
The Syrian Electronic Army was founded to provide hacking support for the Syrian Government of Bashar al-Assad during a brutal civil war. Run loosely by young men in their late teens, it split its time between spying on dissidents and spamming high-profile western websites.
But after some high-profile slip-ups, like their leak to Anonymous, and their own site getting taken down by a rival Turkish group, the Syrian Electronic Army was on thin ice. All their Facebook pages went down for a few days. And when they came back, their attitude was different. A little more careless, almost like the military cared less what they did.
And during this time, one member of the group, known as The Shadow, started taking personal hacking projects, without checking in with the generals first. The army was starting to splinter.
MUSIC CUE: SYNTH IN DARK MINOR KEY
The Shadow—real name Firar Dardas—was a little on the old end of the army members, since he was nearly 21 when he enlisted.
SFX: MARKET SOUNDS
He lived in the city of Homs near the Lebanese border, and had a different energy than some of the other nerdy thin teens like The Pro who made up the rest of the army. With his carefully trimmed beard and a cigarette nearly always hanging from his lip, he looked a little cool… at least compared to The Pro.
He was an intelligence officer who handled work with friendly hackers across the middle east, from Iran to Yemen. He worked on the periphery of the main Syrian Electronic Army actions, so was given a lot of free reign to do what he wanted, while the Pro handled phishing attacks on western news sites, and the government pushed for more invasive attacks on rebels.
At some point during the chaos of 2013, The Shadow started phishing attacks against targets that had nothing to do with Syria. And unlike the high profile news or twitter attacks, he didn’t tell the world. Most likely he didn’t even tell his fellow soldiers.
SFX: ROULETTE WHEEL SPINNING
In July 2013, an employee at a Chinese online gaming company got an email from their mail provider saying they needed to reset their password. The employee didn’t think much of it, and reset it, feeling safe because there was 2-factor authentication set up.
SFX: FISHING SOUND
Little did they know they fell into a classic S.E.A. trap. But this time it was a one-man job.
SFX: KEY UNLOCKING A DOOR
The Shadow took the Chinese gaming employee’s stolen password to get into its network and get information about the game, and the personal information of its players.
A few days later, an IT person at that company received an eerie email from The Shadow:
"[T]his is the last warning. Communicate with me or I will d[o] something you do not like"
Signing it like he was still working for the Syrian Electronic Army, The Shadow demanded money. Inside the company they went back and forth, and after haggling sent him fifteen thousand euros.
SFX: CASH REGISTER
The Shadow had a problem though. He had thousands of euros, but no way to use it. Syria’s banks were cut off from the rest of the world. He needed a way to get that money.
Luckily for the Shadow, just a few months earlier, a Syrian national living abroad had reached out to the S.E.A. to see if there was anything they could do to help.
SFX: EMAIL SOUND
In April 2013, A 34-year-old German man named Peter Romar messaged the Pro on Facebook, seeing if he could help the cause.
The Pro vetted him, decided he was serious, and on April 28, 2013 passed his information along to The Shadow, who was supposed to handle international allies. The Pro probably didn’t think much about this, it made Romar the Shadow’s problem instead of his. The Pro had more important things to do, or at least wanted to go back to trying to break into BritneySpears.com.
The Shadow friended Romar on Facebook, and said he’d be in touch. That’s where it stayed until July, when The Shadow scrolled through his friend list, trying to see if he knew anyone who lived in a country that could accept euros.
SFX: SCROLL WHEEL
Damascus, no, same problem. Tehran, even worse. What’s this? Waltershausen Germany? Hmm…
He messaged Romar on Facebook and told him there was an opportunity to help out his country.
SFX: MESSAGE NOTIFICATION
Peter Romar jumped at the chance. The Shadow sent him the money information, and Romar laundered it back to Syria. The Shadow gave him a cut, and told him to keep quiet in case any other members of the S.E.A. asked about it.
And with that, The Shadow had a ransom scheme that let him make serious money off his connections to the Syrian Electronic Army.
In October, The Shadow broke into a UK-based web hosting company and eventually got sixteen thousand euros from them. When it came time to pay, the Shadow put them in touch with Romar, who arranged bank details.
SFX: CHECK CASHING
Wildly, Romar gave them his real name, and a copy of his passport to help arrange the wire transfer. He didn’t care about security, because for him this was war. And maybe he thought they’d be too scared to go after him.
Over the next 6 months, The Shadow and Romar hit 14 targets all over the world asking for more than half a million dollars. They didn’t make that much, but it was enough that they were living well off it.
Maybe the Pro and other members of the S.E.A. knew about it, but if they did, they didn’t seem to care enough to stop them.
Until early 2014, that is, when the hammer fell.
SFX: GAVEL COMES DOWN
That UK web hosting company reached out to their government with all the information they had on Romar. British Intelligence shared it with the FBI.
The high-profile attacks on American news sources hadn’t gone unnoticed. And extortion was a crime the FBI could go after..
FBI started surveillance. Court warrants across the world from the United States, to Germany and the UK started coming in, and law enforcement started going through their Facebook and email accounts.
SFX: NOTIFICATIONS
And the Electronic Army was sloppy. They sent messages to each other that included all sorts of personal information. They joked about the crimes they’d committed on Facebook Messenger.
This wasn’t a buttoned up secretive hacking group like the United States’ Tailored Access Operations Unit, these were a bunch of kids who didn’t think they could get in trouble. And in Syria they really couldn’t. Who was going to go after a wing of a brutal government?
But Peter Romar wasn’t in Syria. In 2014 Peter Romar tried to use his bank info to send money to the Shadwo, but all of a sudden couldn’t any more. His account was frozen.
SFX: ERROR SOUND
Shit.
The Shadow went to log into Google, and his account was frozen too. Google isn’t based in Syria, it follows US laws.
SFX: ERROR SOUND
SHIT!
The Pro logged into Facebook… and of course the same deal. He couldn’t. His account had been disabled for violating terms of service. Assad’s security teams didn’t control tech companies.
SFX: ERROR SOUND
SHIT!!
The jig was up. Over the next year the main members of the S.E.A. were paralyzed.
And in spring 2016 German authorities arrested Peter Romar, and sent him to face trial in the United States.
The FBI put The Pro and the Shadow, now 22 & 27 respectively on their Most Wanted List. For a shadowy group, their business was all out in the open.
The Pro and The Shadow are both still in Syria: it’s not like Bashar al-Assad is going to extradite them to the United States. But their hacking days are over, at least for now. There’s a hundred thousand dollar reward for their capture, and they’ve kept a low profile since mid-2014.
And by 2016, the role of the army was in question. The main members couldn’t operate, people knew about they operated. Ironically they’d forced Syrian rebels to be more sophisticated to avoid the S.E.A. What was the Assad regime going to do with this army?
Act 4
MUSIC CUE: CONTEMPLATIVE WITH SOME OF THE AUTHORITARIAN TONE
By mid-2016, the leaders of the hacker group known as the Syrian Electronic Army were in hiding, cut off from western technology tools.
And the civil war was different now. In 2011, rebel groups were sweeping the country. For an authoritarian leader like Assad, it had felt like doomsday. He marshaled every force he could find, including the Syrian Electronic Army.
But over the years the war had changed. The traditional army was crushing rebel groups, using chemical weapons and other illegal tactics.
Meanwhile some of the rebel groups themselves splintered, including some who formed Islamic fundamentalist terror cells like ISIS. The West seemed less interested in getting involved.
SFX: HELICOPTERS COMING IN
In September 2015, Assad formally asked the Russian government for help, and Russian troops poured in to help put down the rebellion. Within a year, most of the rebel strongholds had been taken back. The war wasn’t over, but Assad was less worried. He was going to win.
So by 2016, there didn’t seem to be as much a cause for the Pro and the Shadow’s work.
But Assad didn’t quite close down the army, instead he shifted its mission.
In 2017, the Syrian General Staff announced a new commander for the Syrian Electronic Army. Yaser al-Sadeq was a little older, and sported a cop’s mustache. This wasn’t another of those teens who might go off the rails.
SFX: MARCHING TROOPS
Instead he led parades through the streets of commandos wearing matching uniforms, who weren’t here to deface western news sources, extort money from gaming companies, or even deliver malware to enemies. Instead, this was more of a Public Relations Arm.
They went back to their original tactic of swarming social media with messages of praise for Assad, and shouting down opponents.
Are they the frontline of a war? No. Instead they’re more like an occupying army, or a cyber police. A warning to dissidents that if they say things online, the Syrian Electronic Army is there watching.
And despite all the missteps in the way, that’s what the Syrian Electronic Army represents: one more piece of a nation’s war capabilities. This army did its main job—it freaked out opponents, spied on its citizens, and brought attention to the Syrian Government’s cause.
And now the fight has shifted to yet another phase, this one maybe more permanent, and more regimented. But, like a website defaced by the Pro’s work, Syria’s online world has been tagged, and no one can forget that the Syrian Electronic Army is there.
I’m Keith Korneluk and you’re listening to Modem Mischief.
CREDITS
Thanks for listening to Modem Mischief. Don’t forget to hit the subscribe or follow button in your favorite podcast app right now so you don’t miss an episode. This show is an independent production and is wholly supported by you, our listeners and the best way to support the show is to share it. And another way to support us is on Patreon or a paid subscription on Apple Podcasts. For as little as $5 a month you’ll receive an ad-free version of the show plus monthly bonus episodes exclusive to subscribers. Modem Mischief is brought to you by Mad Dragon Productions and is created, produced and hosted by me: Keith Korneluk. This episode is written and researched by David Burgis. Edited, mixed and mastered by Greg Bernhard aka Mr. Smell My Finger. The theme song “You Are Digital” is composed by Computerbandit. Sources for this episode are available on our website at modemmischief.com. And don’t forget to follow us on social media at @modemmischief. Thanks for listening!