PJ Vogt is on Twitter here. If you'd like to subscribe to TLDR's short weekly podcast, please go here.
Why the Syrian Hackers are Mostly Meaningless
Thursday, September 05, 2013 - 11:40 AM
The FBI released a memo today warning Americans to beware the Syrian Electronic Army, the decentralized group of hackers aligned with the Assad regime.
They shouldn't have bothered. Yes, the SEA has hacked such august institutions as The New York Times, The Huffington Post, The United States Marines, the BBC, and Al-Jazeera. But they're still a nuisance that Americans, for the most part, can safely ignore.
To understand why, it's worth looking at what the SEA actually does. Their modus operandi is to target the home pages and social media accounts of media outlets and NGO's. If they can't gain access to a site, they'll try to temporarily knock it offline with a denial of service attack, or redirect the site's traffic to another website. If they can break in, either through brute force or social engineering, then they deface the website with something juvenile and hacker-y, at which point the intrusion is discovered and service is restored.
Generally*, that's it. If you're NPR, in this case, your IT guys get a black eye. You lost some web traffic and ad revenue. But beyond that, nothing is affected. The SEA didn't destroy or steal your data, it didn't steal the credit cards of our users. So far, they the SEA has not demonstrated the ability to do any of the truly nefarious, scary intrusions that typically come to mind when we think of "hacking." Instead, the SEA's capabilities seem analogous to gluing the locks shut on the doors of a business, or spraypainting their name on a brick wall. It's vandalism, and it's annoying, but it's not a security breach.
It's not clear what the SEA hopes to accomplish here. They're not posting compelling manifestos or Buzzfeed-style listicles explaining to U.S. readers why they ought to support the Assad regime. Instead, they're mostly just blowing a digital raspberry. Their hack of the US Marines website this week included the trenchant observation that "Obama is a traitor who wants to put your lives in danger to rescue Al Qaeda insurgents." At press time, no Marines have defected.
So, assuming the U.S. intervenes in Syria, you can probably expect the SEA to continue to knock out American websites for hours at a time. You can expect scary reports about hacking and the threat of cyberwar. And for the most part, you should go about your business and ignore it.
*There's been one exception to the harmlessness of these attacks, which is worth mentioning. Back in April, the SEA hacked the Associated Press Twitter account, and tweeted the following:
The Dow dropped nearly 100 points following the tweet, although it rebounded once the AP tweet was corrected.