Are the leaders of the Syrian Electronic Army (SEA) a bunch of twentysomething kids in Syria with regime ties, rather than Internet mercenaries hired by the country's government? This seems to be the case. The hacker group that took down the New York Times and went after Twitter, and waged a massive cyberwar on behalf of the Assad regime left a data trail that may have uncovered their identities.
Security journalist Brian Krebs just published the first part of his deconstruction of the SEA. After several SEA-affiliated sites were seized due to sanctions, other hackers took down the SEA's main site and released its account info. A tangled web of affiliations, including Deviantart accounts and VPN registration info led Krebs to finger 23-year-old Syrian web designer Mohammed Osman as a possible SEA member with an extensive Deviantart account. Osman, Krebs claims, also uses the name Mohamad Abd AlKarem.
Meanwhile, Vice's Brian Merchant has published a long post accusing 19-year-old Syrian Hatam Deeb of leading the SEA. According to Merchant, Deeb is the hacker variously known as TheShadow or ThePro. ThePro denied he was Deeb in a communication with Merchant, but Vice's details check out. In addition, translation outfit MEMRI recently published a report on SEA's recruitment efforts on LinkedIn.
While the Syrian Electronic Army puts a name and label on hacking attacks, the major takeaway here is how easy it was for the organization--members of which can't even keep their real names off site registrations--to take down giant targets like Twitter, The New York Times, and the Associated Press. Spear-phishing, it seems, is a weapon of asymmetric warfare, but so, too, is domain-spelunking and account-deciphering.
[Image: Flickr user Christiaan Triebert]