The Syrian Electronic Army’s war on Twitter

by Toby Manhire / 01 May, 2013
A series of hacks show up Twitter security shortcomings – and the limits of automated share trading.
The Syrian Electronic Army logo.

This week it was Guardian Books, but before them it was the Associated Press, and before that 60 Minutes and al-Jazeera - even BBC Weather.

All have been surprised to find their Twitter accounts trumpeting pro-Assad-regime propaganda after getting hacked by an outfit calling itself the Syrian Electronic Army.

The group, thought to be funded by a cousin of Syrian president Bashar al-Assad, describes itself as a mouthpiece for “enthusiastic Syrian youths who could not stay passive towards the massive distortion of facts about the recent uprising in Syria”.

Their cause, they say, is "to contribute with us in supporting the cause of the Syrian Arab people by armaments with science and knowledge against the campaigns led by the Arab media and Western on our Republic by broadcasting fabricated news about what is happening in Syria".

The Guardian, the attack on which the SEA says "came after this newspaper preying sometimes lies and slander about Syria", has dubbed them “Assad's shadow warriors”.

It seems unlikely that the hacks, reportedly the result of phishing attacks, will be converting many to the cause of Syria’s brutal leadership.

Some of them are borderline comedic – such as this on the BBC Weather Twitter timeline: “Chaotic weather forecast for Lebanon as the government decides to distance itself from the Milky Way.”

But most agree that Twitter itself should look at boosting security by introducing two-stage password authentication for users, especially for news organisations. As tech news site CNET tweeted, “Dear Twitter, Please improve your security. Signed, everyone.”

Twitter has said it’s working on that two-stage authentication process, but in the meantime, it has issued a bunch of advice for news organisations, including both sensible stuff including password renewal and protection, and limiting the numbers that have access. But they are a little hopeful, if not downright deluded, to imagine that media are going to be able to limit their tweeting to a single computer that has no other connections online.

“Designate one computer to use for Twitter," they say. "Don't use this computer to read email or surf the web, to reduce the chances of malware infection.”



While the Syrian Electronic Army's antics sometimes have the air of an adolescent grunt, they are not trivial. The most dramatic, and prominent, effort came in the recent hacking of the Associated Press Twitter account.

Pedants delighted in pointing out the numerous breaches of AP style that made clear its fraudulence, but you could forgive the burst of alarm at the appearance of this now infamous tweet:

Breaking: Two Explosions in the White House and Barack Obama is injured.

The markets certainly took it seriously, with the value of the US S&P 500 index plunging by an extraordinary US $136bn in less than three minutes.

The market quickly stabilised, but it was enough to leave many vexed by this fresh demonstration of the vulnerability to robot trading. It appeared that one automated process, social media sentiment analysis algorithms, had triggered another automated process, stop-loss orders, which, as Bloomberg explains, “automatically sell stocks when declines of a specified threshold are reached”.

As long as the computers fall for it, however, there’s room for human beings to prosper.

As one equity trader tells Bloomberg: “No human believed the story. Only the computers react to something that serious disseminated in such a way. I bought some stock well and did not sell into it. Humans win.”




Twitter is looking for two-stage

Twitter’s advice to news organisations
MostReadArticlesCollectionWidget - Most Read - Used in articles
AdvertModule - Advert - M-Rec / Halfpage