If the United States attacks Syria; it will be the first time it strikes a country that is capable of waging retaliatory cyberspace attacks on American targets.
The risk is heightened by Syria’s alliance with Iran, which has built up its cyber capability in the past three years, and already gives the country technical and other support. If Iran stood with Syria in any fray with the United States that would significantly increase the cyber threat, security experts said.
Organized cyber attacks have already been carried out by the Syrian Electronic Army (SEA), a hacking group loyal to the government of President Bashar Assad. It has disrupted the websites of US media and Internet companies and is now threatening to step up such hacking if Washington bombs Damascus.
“It’s likely that the Syrian Electronic Army does something in response, perhaps with some assistance from Iranian-related groups,” said former White House cyber security and counter terror adviser Richard Clarke.
Little is known about the hackers behind the Syrian Electronic Army, and there is no evidence that the group is capable of destructive attacks on critical infrastructure. However, former US National Security Agency director Michael Hayden told Reuters that the SEA “sounds like an Iranian proxy,” and it could have much greater ability than it has displayed. Thus far, the SEA’s most disruptive act was in April when it broke into the Twitter account of the Associated Press and sent fictional tweets about explosions at the White House. The false messages sent the stock market into a downward spiral that, for a short time, erased more than $100 billion in value. In an email to Reuters on Wednesday, the SEA said if the US military moves against Syria “our targets will be different”. “Everything will be possible if the US begins hostile military actions against Syria,” the group said in the note.
Asked about the threat of cyber retaliation, US Department of Homeland Security spokesman Peter Boogaard said the government “is closely following the situation and actively collaborates and shares information with public and private sector partners every day”.
Cyber experts have said that Iran increased its cyber capabilities after the United States used the Stuxnet virus to attack Tehran’s nuclear program.
Things in cyberspace would get more complicated if Russia, an ally of Iran and Syria, were to step in. Former Obama administration officials have said that Russia, which has supplied arms to Syria, has cyber capabilities nearly as powerful as the United States. Even if the Russian government did not act directly, the country’s private hackers rank with those in China in their ability and willingness to conduct “patriotic” attacks. Cyber experts have said that Russian hackers have struck at government and other sites in Estonia and Georgia.
The Syrian Electronic Army’s servers are based in Russia, and that alliance could strengthen if matters in Syria became more dramatic, said Paul Ferguson of the Internet security company IID.
It is unclear how much cyber damage Syria could or would want to inflict, said Dmitri Alperovitch, chief technology officer of security firm CrowdStrike. “We haven’t seen significant intrusion capabilities from them or destructive capabilities,” he said.
Earlier this week, as the Obama administration pushed for more support for strikes on Syria, the New York Times, Twitter and the Huffington Post lost control of some of their websites. The SEA claimed responsibility for the attacks.