Sep 30, 2013

The Attacks of Syrian Electronic Army

The Attacks of Syrian Electronic Army front
War has many faces, It Kills and It spills. On account of Syria crisis in Aug-Sept, It is clear that the attack has spilled over to the internet regime too. Syrian Electronic Army also known as SEA had hacked into American Marines websites in September. When any user would try to access the website, he would be redirected to a small para ending with 'Delivered by SEA".

Six pictures were posted with people holding placards with messages written in English. SEA had largely focused on "Phishing" attacks on social media accounts by tricking people to give away their usernames and passwords. The Associated Press, which is an American non-profit news agency , had their twitter account compromised and displayed a message, that US President Barack Obama  had been hurt in an explosion. Though the news was harmless as compared to others, but nonetheless it led to a serious downfall in the DOW JONES Index  at that time.

The attack on The New-York Times was more disastrous. SEA Managed to redirect the visitors towards its own website.

serious downfall in the DOW JONES Index

According to Wiki, "SEA launched its website in 2011, its proponents stated that they were not affiliated towards any government body but are merely patriotic young people trying to defend their country."

Now why would an article like this be on
This is because of the type of attack. Hack attacks have been popular since the inception of websites. SEA Used two types of attacks, One was Denial of Service or DOS attack and The other was Website defacement

Under Denial of service, 

The hacker tries to access the server on which the website is hosted and make it unresponsive to any attempts at receiving the website on a browser. In simple words, your browser would request to access the page hosted on the server but server would not respond and you would not be able to view the website.

So, How do they do it? One easy method adopted by hackers around the world is by overloading the web server. This is done by giving too many requests to the server using its resources to the maximum. In this situation the server will not respond to any request from any user, the website will load sooooo slowly that the visitor will have to leave the website to shave away the beard that he grew while waiting for the site to load, thus the hacker will have won.  

There are 4 types of Dos Attack,
1. Hacker will overload the processing capability of the server
2. Editing of the router information
3. Resetting of TCP sessions
4. Physical Network component damage like wires.

Then there are techniques like, Internet Control Message Protocol (ICMP) flood, SYN Flood, TearDrop Attacks, Permanent denial-of-service attacks, Application-level floods,OWASP HTTP Post Denial of Service Tool, R-U-Dead-Yet? (RUDY) etc. More information can be read at the wiki page.

In Website Defacement,  

The hacker gets into the web server on which the website is hosted and replaces the files of the website with some of their own. The common method of defacement is SQL injection, one of the most common techniques used by hackers worldwide. So here, when your browser requests a website, it actually gets the website asked but, it is clearly defaced or edited and thus the hacker wins again.

As a footnote, It will be worth noting that, you can always protect yourself from other special targeted attacks towards your mail. If you have suspicions over a website you can always choose to view its certificate.


October 28th, 2013,

On October 28th, the Group hacked into US President Barack Obama's  Twitter Handler too. A message appeared saying, "Immigration is a bipartisan issue" followed by a link, which carries a half an hour video which starts with the 9/11 attacks. Check out The Guardian for more.

3rd January, 2014,

In its latest attack, the SEA on 3rd January 2014 kicked off 2014 with its very first hack attempt. SEA hacked into microsoft's very own Skype (which was acquired by the software giant on 11th October 2013). But users shouldn't worry as in an official statement released by microsoft reverts that no user personal data was compromised.

The Hacktivists had hacked into the blogging and microblogging media owned by skype. Through the attack on Skype's facebook page, Skype warned users from using microsoft's email services like hotmail and outlook, thereby alleging sale of user information to the US Government. Skype's Twitter Account witnessed similar defacement when the tweet "Stop Spying on People" was visible with CIA hashed alongwith. Skype's official blog too saw defacement by the hacktivist group when a message was displayed warning against spying by the US Governemnt. Accounts were taken back into control by microsoft and an appology statement was issued shortly.


Find out more on cyber security articles by codemakit,

This was all about,
The Attacks of Syrian Electronic Army mohitchar