Skip to main content

The cyber threat from Syria

By James Lewis, Special to CNN
August 30, 2013 -- Updated 1633 GMT (0033 HKT)
Users who tried to access NYTimes.com Tuesday encountered error messages or web pages from the Syrian Electronic Army.
Users who tried to access NYTimes.com Tuesday encountered error messages or web pages from the Syrian Electronic Army.
STORY HIGHLIGHTS
  • On Tuesday afternoon, the New York Times website went down for several hours
  • James Lewis: Syrian Electronic Army launched the attack to protest the West
  • He says the group of "patriotic hackers" dislike U.S. media portrayal of al-Assad regime
  • Lewis: Some audiences in the Mideast enjoy seeing Western institutions humbled

Editor's note: James Lewis is director and senior fellow of Technology and Public Policy Program at the Center for Strategic and International Studies.

(CNN) -- On Tuesday afternoon, the New York Times website experienced wide outage for several hours. Who has the nerve and ability to take down one of the most iconic newspapers in the world?

The Syrian Electronic Army, which is loyal to Syrian President Bashar al-Assad, takes responsibility for the hack. This is not the first time the Syrian Electronic Army has attacked news organizations. The Washington Post, AP and others have been targeted in recent months as well.

If the New York Times saw Syrian activists spray-painting slogans on its building, it could summon the minions of the law to detain them. But if you live far away in a place where American law does not apply, you are safe. It does not take much skill to intrude in cyberspace, and you can find free tools on the Internet that will let you stage a protest or an attack.

When you log on to the Internet, you can send packets of digital data around the world in seconds. The speed of global connectivity gives the illusion that there are no borders. But this is not true. There are borders in cyberspace, they are just badly defended.

The combination of high speeds, global reach and weak defenses means that someone sitting in Damascus or Tehran can take action in New York or Australia as easily as they could against the building across the street -- perhaps even easier as they won't have to leave their chair.

The Syrian Electronic Army's attacks are a form of protest against Western media's portrayal of the Assad regime. Most experts think the Syrian Electronic Army is not the Syrian government, but "patriotic hackers" who support it. This makes them harder to control and harder to find. The Syrian Electronic Army takes public diplomacy to a new level, letting individuals make their voices known on issues as easily as a government.

What we have seen from the Syrian Electronic Army is political action and sometimes political theater. Hacker groups like Anonymous, WikiLeaks or the Syrian Electronic Army have a symbiotic relationship with media that helps turn minor exploits into front-page news. The Syrian Electronic Army likes to go after the media because this is one way to make sure your message is heard. The Syrian Electronic Army's message to the Western media is one of scorn, ridicule and belittlement.

This week's attack showed more skill than earlier episodes. It resembled a cyber attack made by Iran against dissidents in 2011. Perhaps the Iranians are helping the SEA in cyberspace, but it's more likely that they provided inspiration.

The Syrian Electronic Army broke into the Australian company that hosts The Times' website (called a registrar) and changed its Internet addresses. This redirection was invisible to users who tried to visit NYTimes.com -- they either couldn't connect or were sent to another website controlled by the Syrians. The hackers got inside the target network and made some fundamental changes to how it worked. Some security experts have pointed out that The Times made its own networks vulnerable because of a "misstep" and as a result its website was easier to hack.

So far, the Syrian Electronic Army's actions have been embarrassing rather than damaging. The attackers probably don't know how to carry out a more destructive attack. But with time they could easily learn.

The Syrian Electronic Army's hacking won't change the outcome of the conflict in Syria (whatever that will be), but we don't want to discount the political effect of their actions. Some audiences in the Middle East likely enjoy seeing Western institutions humbled, and the Syrian Electronic Army is helping to dispel a sense of powerlessness against the Western behemoth. It boosts morale.

We also don't want to discount the risks. If the Syrian Electronic Army can slip by feeble defenses to make fun of the media, someone else might be able to get in and cause more serious disruption. There are a lot of reasons why the Syrian Electronic Army might choose not to launch this kind of crippling cyber attack, but the strength of our defense isn't one of them.

There are things that companies can do to protect themselves. Australia's Signals Directorate, the equivalent of NSA, has a list of mitigation strategies that would have block most of the Syrian Electronic Army does, but they aren't well known in the U.S.

The global Internet brings tremendous, benefit but the threats are growing faster than our defenses. It's a vulnerable place with few rules. Until this is changed, hacks on The New York Times and others will be the norm, not the exception.

Follow us on Twitter @CNNOpinion.

Join us on Facebook/CNNOpinion.

The opinions expressed in this commentary are solely those of James Lewis.

ADVERTISEMENT
Part of complete coverage on
September 22, 2014 -- Updated 1259 GMT (2059 HKT)
You could be forgiven for thinking no one cares -- or even should care, right now -- about climate change, writes CNN's John Sutter. But you'd be mistaken.
September 21, 2014 -- Updated 2132 GMT (0532 HKT)
David Gergen says the White House's war against ISIS is getting off to a rough start and needs to be set right
September 22, 2014 -- Updated 1300 GMT (2100 HKT)
John Sutter boarded a leaky oyster boat in Connecticut with a captain who can't swim as he set off to get world leaders to act on climate change
September 22, 2014 -- Updated 1917 GMT (0317 HKT)
Ruben Navarrette says making rude use of the Mexican flag on Mexican independence day in a concert in Mexico was extremely tasteless, but not an international incident.
September 22, 2014 -- Updated 1359 GMT (2159 HKT)
Michael Dunn is going to stand trial again after a jury was unable to reach a verdict; Mark O'Mara hopes for a fair trial.
September 22, 2014 -- Updated 2315 GMT (0715 HKT)
Is ballet dying? CNN spoke with Isabella Boylston, a principal dancer at the American Ballet Theatre, about the future of the art form.
September 19, 2014 -- Updated 2147 GMT (0547 HKT)
Sally Kohn says it's time we take climate change as seriously as we do warfare in the Middle East
September 22, 2014 -- Updated 1927 GMT (0327 HKT)
Laurence Steinberg says the high obesity rate among young children is worrisome for a host of reasons
September 19, 2014 -- Updated 1302 GMT (2102 HKT)
Dean Obeidallah says an Oklahoma state representative's hateful remarks were rightfully condemned by religious leaders..
September 19, 2014 -- Updated 1922 GMT (0322 HKT)
No matter how much planning has gone into U.S. military plans to counter the Islamic State in Iraq and Syria, the Arab public isn't convinced that anything will change, says Geneive Abdo
September 19, 2014 -- Updated 1544 GMT (2344 HKT)
President Obama's strategy for destroying ISIS seems to depend on a volley of air strikes. That won't be enough, says Haider Mullick.
September 19, 2014 -- Updated 1303 GMT (2103 HKT)
Paul Begala says Hillary Clinton has plenty of good reasons not to jump into the 2016 race now
September 19, 2014 -- Updated 1501 GMT (2301 HKT)
Scotland decided to trust its 16-year-olds to vote in the biggest question in its history. Americans, in contrast, don't even trust theirs to help pick the county sheriff. Who's right?
September 19, 2014 -- Updated 0157 GMT (0957 HKT)
Ruben Navarrette says spanking is an acceptable form of disciplining a child, as long as you follow the rules.
September 19, 2014 -- Updated 1547 GMT (2347 HKT)
Frida Ghitis says the foiled Australian plot shows ISIS is working diligently to taunt the U.S. and its allies.
September 19, 2014 -- Updated 1958 GMT (0358 HKT)
Young U.S. voters by and large just do not see the midterm elections offering legitimate choices because, in their eyes, Congress has proven to be largely ineffectual, and worse uncaring, argues John Della Volpe
September 19, 2014 -- Updated 0158 GMT (0958 HKT)
Steven Holmes says spanking, a practice that is ingrained in our culture, accomplishes nothing positive and causes harm.
September 18, 2014 -- Updated 1831 GMT (0231 HKT)
Sally Kohn says America tried "Cowboy Adventurism" as a foreign policy strategy; it failed. So why try it again?
September 18, 2014 -- Updated 1427 GMT (2227 HKT)
Van Jones says the video of John Crawford III, who was shot by a police officer in Walmart, should be released.
September 18, 2014 -- Updated 1448 GMT (2248 HKT)
NASA will need to embrace new entrants and promote a lot more competition in future, argues Newt Gingrich.
September 16, 2014 -- Updated 2315 GMT (0715 HKT)
If U.S. wants to see real change in Iraq and Syria, it will have to empower moderate forces, says Fouad Siniora.
September 18, 2014 -- Updated 0034 GMT (0834 HKT)
Mark O'Mara says there are basic rules to follow when interacting with law enforcement: respect their authority.
September 16, 2014 -- Updated 1305 GMT (2105 HKT)
LZ Granderson says Congress has rebuked the NFL on domestic violence issue, but why not a federal judge?
September 16, 2014 -- Updated 1149 GMT (1949 HKT)
Mel Robbins says the only person you can legally hit in the United States is a child. That's wrong.
September 15, 2014 -- Updated 1723 GMT (0123 HKT)
Eric Liu says seeing many friends fight so hard for same-sex marriage rights made him appreciate marriage.
ADVERTISEMENT