The Syrian Electronic Army's latest hack on Microsoft's Skype messaging service opened the group's new year of hijacking social media accounts, as questions remain about who its members are and whether they will escalate their security breaches to aid the Syrian government in its civil war.
The hacker group started 2014 by taking control of Skype's messaging service on Jan. 1, posting messages critical of Microsoft sharing user information with government agencies and giving out contact information for the company's outgoing CEO, Steve Ballmer. Documents leaked by former National Security Agency contractor Edward Snowden detailed the agency's PRISM program, which involved major Internet companies -- including Microsoft -- sharing user information with the government.
— SyrianElectronicArmy (@Official_SEA16) January 1, 2014
Skype reset its social media account credentials after its staff noticed the hackers accessed the account, says Adrienne Hall, a general manager with the Microsoft Trustworthy Computing group.
"No user information was compromised," Hall says.
Skype is very popular among Syrian dissidents, so it could stir fear in that war-torn country that their account information could be leaked and their identities reported to Syrian government officials. But the SEA has proven mainly to be on a mission of propaganda in favor of President Bashar al-Assad, rather than spies actively involved in the actual civil war.
Since launching in 2011 shortly after the uprising against Assad began, the SEA has accessed the social media accounts of numerous media groups such as the BBC and The Associated Press, but also has breached accounts for the Human Rights Watch advocacy group and the U.S. Marine Corps. The SEA has built a reputation advocating for Assad and posting anti-American propaganda on websites, but the identities and locations of the hackers are unknown.
The FBI declined to comment for this article. The official Syrian Electronic Army Twitter account also did not respond to press questions.
The technical ability of the SEA seems limited based on its accessing of social media accounts, which the group accomplishes largely through "phishing" emails designed to trick users into disclosing personal information or downloading spyware, says Adrian Shahbaz, an Internet freedom researcher on the Middle East and North Africa with the watchdog group Freedom House.
It's difficult to know whether the group takes part in the type of hacks carried out by Assad's intelligence forces against rebels in Syria, Shahbaz says. These hacks have included efforts to access dissidents' Internet information, as well as attempts to track their locations and monitor their networks.
"The group is very decentralized, so it's impossible to know anything for sure, including any concrete connection to the Syrian government," Shahbaz says.
The SEA in 2011 claimed to be Syrian youths seeking to combat misinformation from Western media about the civil war, but the government appears to at least consent to the group's existence, as Assad has praised the patriotism of pro-regime hackers and the group's website was briefly hosted on a Syria-based Internet domain.
The SEA has not displayed the type of skill that would allow the group to carry out a significant cybersecurity attack against the U.S. government, says Jim Lewis, a cybersecurity researcher at the Center for Strategic and International Studies think tank.
"These guys are good hackers but they are not going to be doing a type of attack where they can disable infrastructure or weapons systems," Lewis says. "They are an activist PR firm for the Assad regime."
The hackers are likely located in a country with a low risk of extradition to Western nations, Lewis says.
"Saudi Arabia, the United Arab Emirates, Qatar, Jordan ... most of the Gulf States would not be a good place for them to do this," Lewis explains. "They might be working through Syria. That does not mean there are not people who are outside of Syria who help them."