FYI.

This story is over 5 years old.

Tech

US Government Charges Three Suspected Members of Infamous Syrian Electronic Army

The FBI has added two of them to its most wanted list, and is offering a $100,000 reward.
The SEA logo.

On Tuesday, the Department of Justice (DoJ) unsealed myriad computer hacking charges against three men for their alleged links to the hacking group Syrian Electronic Army (SEA).

SEA first appeared around 2011, and claim to support the regime of Bashar al-Assad. Over the years, the group has defaced the websites of western media outlets, used malware to siphon information from the opposition, and phished employees of the Executive Office of the President.

Advertisement

Ahmad Umar Agha, 22, suspected of using the alias "The Pro," and Firas Dardar, 27, alleged to have operated under the moniker "The Shadow," are charged with criminal conspiracy related to engaging in a hoax regarding a terrorist attack; attempting to cause mutiny of the US armed forces; illicit of authentication features; access device fraud; unauthorized access to, and damage of, computers; and unlawful access to stored communications, according to a DoJ press release.

Dardar and Peter Romar, 36, another collaborator who is also known as Pierre Romar, were also charged with more hacking charges, as well as receiving the proceeds of extortion, money laundering, wire fraud, and violations of the Syrian Sanctions Regulations.

"The tireless efforts of US prosecutors and our investigative partners have allowed us to identify individuals who have been responsible for inflicting damage on US government and private entities through computer intrusions," said US Attorney Dana Boente in a statement. "Today's announcement demonstrates that we will continue to pursue these individuals no matter where they are in the world."

Arrest warrants have been issued for all three, and wanted posters for Agha and Dardar have been added to the FBI's most wanted list.

Crimes in Agha's and Dardar's complaint include the defacement of Harvard University's website in October 2011, hacking Reuters' Twitter account in August 2012, and stealing credentials from Washington Post and Human Rights Watch employees. A slew of similar hacks carried on right through into early 2014, and also targeted activists critical of the Syrian government, the complaint reads. These attacks were mostly carried out with a combination of phishing and social engineering.

Advertisement

As for how the pair were identified, the FBI obtained search warrants for the Gmail accounts "th3pr0123@gmail.com," "seatheshadow@gmail.com," as well as a selection of social media accounts.

In April 2013, the owner of th3pr0123@gmail.com sent identifying documents with photographs to another account, and also sent photographs to himself. The same Syrian IP address was used to deface websites, as well as log into a LinkedIn account used for phishing campaigns which was linked to the email account, drawing investigators to Agha. The FBI linked Dardar to "The Shadow" in a similar way, and Romar, the third defendant, first joined the group by contacting The Pro over Facebook, according to the complaint.

As well as the politically focused web defacements, Dardar allegedly also hacked into businesses and then extorted money from them. Dardar sent victims his identifying banking details, according to the complaint, and also those of Romar.

The FBI is offering a $100,000 reward for information that leads to the arrest of Agha and Dardar.

"Cybercriminals cause significant damage and disruption around the world, often under the veil of anonymity," said Assistant Director James Trainor in a statement. "As this case shows, we will continue to work closely with our partners to identify these individuals and bring them to justice, regardless of where they are."

Complaint Against Agha and Dardar, Syrian Electronic Army