Tuesday, March 22, 2016

The Pro, the Shadow and Romar, members of Syrian Electronic Army charged with Computer Hacking Conspiracy and arrest warrant issued


 The unsealed complaint demonstrate that the line between ordinary criminal hackers and potential national security threats is increasingly blurry.
Posted By CotoBlogzz

Rancho Santa Margarita, CA - Three Syrian nationals, all current or former members of the Syrian Electronic Army (SEA), were charged with multiple conspiracies related to computer hacking, documented in to criminal complaints unsealed today in the U.S. District Court of the Eastern District of Virginia, according to announcement by  Assistant Attorney General for National Security John P. Carlin, U.S. Attorney Dana J. Boente of the Eastern District of Virginia, Assistant Director James Trainor of the FBI’s Cyber Division and Assistant Director in Charge Paul M. Abbate of the FBI’s Washington Field Office.


Ahmad Umar Agha, 22, known online as “The Pro,” and Firas Dardar, 27, known online as “The Shadow,” were charged with a criminal conspiracy relating to: engaging in a hoax regarding a terrorist attack; attempting to cause mutiny of the U.S. armed forces; illicit possession of authentication features; access device fraud; unauthorized access to, and damage of, computers; and unlawful access to stored communications.  Dardar and Peter Romar, 36, also known as Pierre Romar, were separately charged with multiple conspiracies relating to: unauthorized access to, and damage of, computers and related extortionate activities; receiving the proceeds of extortion; money laundering; wire fraud; violations of the Syrian Sanctions Regulations; and unlawful interstate communications.  The court has issued arrest warrants for all three defendants. 
According to allegations in the first complaint, beginning in or around 2011, Agha and Dardar engaged in a multi-year criminal conspiracy under the name “Syrian Electronic Army” in support of the Syrian Government and President Bashar al-Assad.  The conspiracy was dedicated to spear-phishing and compromising the computer systems of the U.S. government, as well as international organizations, media organizations and other private-sector entities that the SEA deemed as having been antagonistic toward the Syrian Government.  When the conspiracy’s spear-phishing efforts were successful, Agha and Dardar would allegedly use stolen usernames and passwords to deface websites, redirect domains to sites controlled or utilized by the conspiracy, steal email and hijack social media accounts.  For example, starting in 2011, the conspirators repeatedly targeted computer systems and employees of the Executive Office of the President (EOP).  Despite these efforts, at no time was an EOP account or computer system successfully compromised.  Additionally, in April 2013, a member of the conspiracy compromised the Twitter account of a prominent media organization and released a tweet claiming that a bomb had exploded at the White House and injured the President.  In a later 2013 intrusion, through a third-party vendor, the conspirators gained control over a recruiting website for the U.S. Marine Corps and posted a defacement encouraging U.S. marines to “refuse [their] orders.”
Today, the FBI announced that it is adding Agha and Dardar to its Cyber Most Wanted and offering a reward of $100,000 for information that leads to their arrest.  Both individuals are believed to be residing in Syria.  Anyone with information is asked to contact their nearest FBI field office or U.S. Embassy or consulate.
According to allegations in the second complaint, beginning in or around 2013, SEA members Dardar and Romar engaged in multiple conspiracies dedicated to an extortion scheme that involved hacking online businesses in the United States and elsewhere for personal profit.  Specifically, the complaint alleges that the conspiracy would gain unauthorized access to the victims’ computers and then threaten to damage computers, delete data or sell stolen data unless the victims provided extortion payments to Dardar and/or Romar.  In at least one instance, Dardar attempted to use his affiliation with the SEA to instill fear into his victim.  If a victim could not make extortion payments to the conspiracy’s Syrian bank accounts due to the Syrian Sanctions Regulations or other international sanctions regulations, Romar would act as an intermediary in an attempt to evade those sanctions.
“The Syrian Electronic Army publicly claims that its hacking activities are conducted in support of the embattled regime of Syrian President Bashar al-Assad,” said Assistant Attorney General Carlin.  "While some of the activity sought to harm the economic and national security of the United States in the name of Syria, these detailed allegations reveal that the members also used extortion to try to line their own pockets at the expense of law-abiding people all over the world.  The allegations in the complaint demonstrate that the line between ordinary criminal hackers and potential national security threats is increasingly blurry.”
The case is being investigated by the FBI’s Washington Field Office, with assistance from the NASA Office of the Inspector General, Department of State Bureau of Diplomatic Security and other law enforcement agencies. 


The case is being prosecuted by Assistant U.S. Attorneys Jay V. Prabhu and Maya D. Song of the Eastern District of Virginia, and Special Assistant U.S. Attorney Brandon Van Grack and Trial Attorneys Scott McCulloch and Nathan Charles of the National Security Division’s Counterintelligence and Export Control Section.

No comments: