It’s the question of the moment inside the murky realm of cybersecurity: Just who — or what — is the Syrian Electronic Army?
The hacking group that calls itself the S.E.A. struck again on Friday, this time breaking into the Twitter accounts and blog headlines of The Financial Times. The attack was part of a crusade that has targeted dozens of media outlets as varied as The Associated Press and The Onion, the parody news site.
But just who is behind the S.E.A.’s cybervandalism remains a mystery. Paralleling the group’s boisterous, pro-Syrian government activity has been a much quieter Internet surveillance campaign aimed at revealing the identities, activities and whereabouts of the Syrian rebels fighting the government of President Bashar al-Assad.
Now sleuths are trying to figure out how much overlap there is between the rowdy pranks playing out on Twitter and the silent spying that also increasingly includes the monitoring of foreign aid workers. It’s a high-stakes search. If researchers prove the Assad regime is closely tied to the group, foreign governments may choose to respond because the attacks have real-world consequences. The S.E.A. nearly crashed the stock market, for example, by planting false tales of White House explosions in a recent hijacking of The A.P.’s Twitter feed.
The mystery is made more curious by the belief among researchers that the hackers currently parading as the S.E.A. are not the same people who started the pro-Assad campaign two years ago.
Experts say the Assad regime benefits from the ambiguity. “They have created extra space between themselves and international law and international opinion,” said James A. Lewis, a security expert with the Center for Strategic and International Studies.
The S.E.A. emerged during the Syrian uprisings in May 2011, they said, to offer a pro-Assad counternarrative to news coming out of Syria. In speeches, Mr. Assad likened the S.E.A. to the government’s own online security corps, referring to the group as “a real army in a virtual reality.”
We'll probably start seeing more and more of these types of 'loosely associated' groups, especially when cyber warfare is largely independent of geography.