The Syrian Electronic Army: Lessons to be learned

Davey Winder probes just who is doing just what and why, and asks what enterprises can learn from it.

Kenneth Geers, Senior Global Threat Analyst with FireEye, condenses his security advice into three easy lessons that every enterprise IT security department can takeaway:

Lesson #1: Techies must follow the news! With looming Western intervention in Syria, it was only logical that the hacktivist SEA would escalate its attacks, and that a key battleground for public opinion would be US media sites. Indeed, SEA targeted US newspapers, the US Marine Corps, and even a US college sports site, redirecting internet users to pro-Syria propaganda.

Because patriotic hackers seek free PR for their cause, there is a simple calculation here: the more visitors your site has, the more they want to attack it.

Lesson #2: Protect your flank. Sometimes, hackers use a frontal assault, such as by sending the victim a blizzard of meaningless data to achieve a denial-of-service. But if the front door is guarded, hackers can also ambush a target from the side, by exploiting third-party business relationships and data dependencies.

Admirals and Generals are taught to protect their flanks, but what about System Administrators? SEA tagged Twitter, New York Times, and other sites by sabotaging their Domain Name System (DNS) records, after finding weak links in their data supply chains.

Lesson #3: Train for social engineering. The SEA has used spear phishing, malformed URLs, and booby-trapped images of osculating movie stars to compromise their targets. Civilian website owners could use a little more military discipline. The Marine Corps hack, for example, was not in the .mil domain, but a recruiting site in the .com domain. For help, try two-factor authentication, locked domains, DNSSEC, and preparations to bypass DNS altogether by replacing human-readable addresses like www.nytimes.com with a computer-friendly IP address such as 170.149.168.130.

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Leading the data race

The trends driving the future of data science

Download now

How to create 1:1 customer experiences at scale

Meet the technology capable of delivering the personalisation your customers crave

Download now

How to achieve daily SAP releases

Accelerate the pace of SAP change to support your digital strategy

Download now

Most Popular

Unilever adopts Google Cloud’s complex data processing for deforestation drive
big data analytics

Unilever adopts Google Cloud’s complex data processing for deforestation drive

22 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020