A number of Belgian media outlets have suffered cyber attacks at the hands of the Syrian Cyber Army (SCA), a group with close ties to the Syrian Electronic Army (SEA). The attack occurred on Monday afternoon and left five media outlets websites’ unable to function for a number of hours.
The SEA is a group of hackers that first appeared in 2011 to support the government of President Bashar al-Assad. Since then, the government-connected hackers have carried out a number of offensive cyber attack strategies including spamming, website defacement, malware, phishing, and DDoS attacks.
DDoS attacks ramping up
The recent attack on the Belgian media outlets came in the form of DDoS attacks, which points to the possibility that the Mirai Trojan has been unleashed on yet more victims. The cyber attack has been claimed by the SCA on its website.
The Syrian hackers say they carried out the attack as an act of retaliation for the Belgian air force’s involvement in bombings that occurred close to the town of Aleppo – in the North West of Syria – close to the border of Turkey.
That attack, which happened last week in the village of Hassadjek, left ten civilians dead. According to the Russian Defense Ministry, the attack was carried out by two Belgian F16 warplanes flying out of Jordan. That information was allegedly ascertained from radar data. Now, it would appear, that those allegations have directly led to cyber retaliation at the hands of Syrian hackers.
In a statement left on its website, the SCA said the following,
‘We attacked the Belgian media that hide the work of its air force in Syria. We call on the international community to support us in shaming the Belgian authorities, who orders the killing of dozens of civilians in the town of Hassadjek near Aleppo on October 18, and caused damage to civilian infrastructure. Instead of strikes on Daesh [Islamic State], the international coalition led by the United States targets only civilians and deceives the international community about its goals in Syria.’
Media cover up?
The Syrian hacking collective appear to be particularly angry because of their belief that Belgian news outlets helped to cover up the actions of the air force. The truth is hard to ascertain. Following the bombing in Hassadjek the Belgian media strongly denied the Russian allegations, claiming that no Belgian warplanes had been in that area at the time of the massacre.
It is possible, of course, that the Belgian media was simply reporting disinformation passed to them by the Belgian air force. If that is the case, they may well have been lied to by military officials rather than purposefully be covering up the attack. At the moment, there is no real way to verify how the Russian Defence Ministry got its intelligence about Belgium’s involvement in the attack close to Aleppo.
According to Eddy Willems from the German cybersec software firm G Data, SCA is well known to intelligence agencies. Willems says it is believed the hackers are very closely tied to SEA and likely funded by Russia itself.
Willems claims the attack may have originated in Turkey, though that is completely unconfirmed at the moment. In addition, he says that the Syrian Cyber Army is likely to be very small, perhaps consisting of only 5 people. What is known, is that the SEA hackers are on the FBI’s ‘most wanted’ list.
Syrian Electronic Army charged in US
In march of this year, three men believed to be part of the SEA were charged, in the US, of hacking a number of high profile social media accounts. One of the suspects, Peter Romar, was arrested in Germany. Two other men, Ahmad Umar Agha and Firas Dardar are believed to still be at large within Syria. The FBI has offered $100,000 for any information that could lead to their arrests.
In their time, the Syrian hackers have allegedly hacked the BBC, the Associated Press, National Public Radio, CBC News, Al Jazeera, Financial Times, The Daily Telegraph and The Washington Post. In addition, they have attacked Syrian rebel groups that oppose President Bashar, and the Syrian satellite broadcaster Orient TV, amongst others.
On the occasion that the BBC Weather Twitter account was penetrated by the Syrian hackers, the Twitter was defaced in a pretty funny way,
‘Saudi weather station down due to head on-collision with camel.’
What is clear, is that when there is a loss of civilian life there are always strong feelings. As such, it is no surprise that Syrian hackers have lashed out at media outlets that they feel may have helped to cover up the slaughter of their fellow citizens.
What is also obvious, is that we are in the middle of a sudden massive surge of high profile DDoS attacks, likely caused by the leak of the Mirai Trojan around a month ago.