Sailors working at the Navy Cyber Defense Operations Command

Sailors working at the Navy Cyber Defense Operations Command Navy Media Content Services by Petty Officer 2nd Class Joshua Wahl

Syrian Electronic Army Threatens to Hack CENTCOM

A group of anonymous hackers backing the Syrian government is threatening to take down U.S. Central Command. By Patrick Tucker

The Syrian Electronic Army takes to Twitter to threaten an attack on U.S. Central Command if the United States conducts cyberwarfare operations against Syria.

The shadowy hactivist group that supports the regime of Syrian President Bashar al-Assad warned on Friday that the strike would reveal “the U.S. command structure was a house of cards from the start.”

SEA also tweeted a warning to President Barack Obama:

CENTCOM officials didn’t immediately respond to a request for comment.

Bob Gourley, a former CTO for the Defense Intelligence Agency and editor of CTOvision.com, said that while serious, an SEA attack would probably not disrupt CENTCOM operations. “This is a very capable group that has done some very significant things against well-defended targets. They may have found weaknesses in CENTCOM web servers that can be exploited. I believe this threat should be taken very seriously.”

 “If SEA has found a seam to exploit, expect that seam to be fixed and any defaced sites to return to normal operations soon. If large-scale flooding attacks (denial of service) are conducted, expect CENTCOM to work hard with other partners to mitigate them pretty quickly,” he said.

Since August, SEA has successfully hacked the Web sites or social network profiles of several major media outlets including The New York Times, The Associated Press, CNN, The Huffington Post and, recently, Forbes, from which the group stole more than one million user records (though user password encryption reportedly survived.)

In perhaps the group’s most brazen attack, earlier this month they changed the domain name registration for Facebook in the WHOIS domain registrar. By altering that record, the SEA was able to briefly heist formal ownership of Facebook right around the site's 10th anniversary, a feat that the group celebrated with the following tweet to Facebook founder Mark Zuckerberg:

The group, however, was unable to direct Facebook.com visitors to new sites, which could be called the most important privilege of real ownership. The domain name problem was quickly fixed.

So far, the SEA has had “good results” in these sorts of name-change hacks according to Allan Friedman, author of the book Cybersecurity and Cyberwar: What Everyone Needs to Know.  It’s a tactic, he said, that illustrates a familiarity with web development and site building. But by themselves, domain registration attacks don’t rise to a level of high technical sophistication. Nor do they warrant great alarm, Friedman said.

“It's rather surprising to hear of an advanced warning of this style of attack, since it's pretty easy to lock down domains and content management systems in the face of such a warning” he said.

Posting the advanced notice to CENTCOM on Twitter did, however, suggest to Friedman an escalation of capabilities or that the SEA was forming new partnerships.

“A possible, although somewhat frightening, notion is that they are receiving some outside technical help and guidance from organizations that have a new interest in poking the U.S. and Western powers,” he said. ”We know that greater technical capacity lies in the organized crime gangs in Russia and the [former Soviet Union.] These parties have traditionally stayed out of politically-motivated attacks, with a few exceptions [Estonia, Georgia]. We can imagine that, if [Russian President Vladimir] Putin wanted to flex some muscle, he might let a few off the chain. The challenge would be to have plausible deniability, while still communicating to Western decision makers that this would be a potential ramification of interference in Crimean affairs,” Friedman said.