Firms Brace For Possible Retaliatory Cyberattacks From Syria

Aug 30, 2013
Originally published on August 30, 2013 8:18 pm

The prospect of a military strike against Syria in the next few days has private U.S. firms bracing for retaliation — in cyberspace.

A group calling itself the Syrian Electronic Army has already gone after some U.S. targets, including The New York Times, whose website was taken down for an extended period this week. The group supports the Bashar Assad regime in Syria and has vowed to help defend the country against its enemies, including the United States.

The Syrian Electronic Army could soon have that opportunity, most likely with the blessing of the Syrian government. Cyberretaliation against civilian targets might be seen by the Syrian leadership as less risky than counterstrikes against U.S. or allied military assets.

"I think the Syrians have all the interest in the world in disrupting as many websites as possible and making commercial operations as difficult as possible inside the United States and elsewhere to communicate a message that it can respond," says Chris Bronk, who specializes in cybergeopolitics at Rice University.

Cyberattacks are silent. They can be invisible until it's too late to defend against them. And they are hard to trace. Given their dependence on computer network operations, U.S. firms are taking notice of the risk they may face from Syrian hackers.

"A lot of companies are coming and asking us to do assessments on the Syrian Electronic Army and other actors in the broader region and how they may suffer attacks in the coming weeks from them," says Dmitri Alperovitch, co-founder and chief technology officer at CrowdStrike, which provides companies with cybersecurity advice and assistance.

"My phone has been buzzing off the hook over the last few days because of this," he says.

So far, the Syrian hackers have generally carried out relatively unsophisticated "denial of service" attacks, directing so much computer traffic at a website that it is overloaded and shuts down. The group has targeted the news media in particular, taking credit for attacks against The Washington Post and NPR, among other organizations.

This week's attack on The New York Times, however, was somewhat more sophisticated, involving a penetration of the Domain Name System, the directory that translates domain names into numerical Internet addresses. The attack raised the possibility that the Syrian Electronic Army could go after other targets and cause more damage.

"It has potentially both the capabilities of a grass-roots movement and an intelligence service," says Bronk. "It's a new type of organization."

Should Syria's leaders decide to retaliate in cyberspace for a U.S. missile strike against them, they might also call for help from their ally Iran, which is developing an increasingly serious cyberwarfare capability of its own.

U.S. cybersecurity experts worry most about an attack on critical infrastructure in the United States, including the power grid or the transportation system. Such an attack would probably result in an escalation of any military conflict with the United States.

"I think there will be a judgment call on behalf of the Syrian government to see if they want to provoke the U.S. into further escalation and trip over another red line, or whether they just want to endure the strike and move on," says Alperovitch.

The Department of Homeland Security, or DHS, hasn't issued any special alerts for U.S. companies to be on the lookout for cyberattacks in the next few days, largely because there's been no official U.S. decision yet on whether to strike Syria.

"DHS is closely following the situation and actively collaborates and shares information with public and private sector partners every day in the face of constantly evolving threats," says Peter Boogaard, a Homeland Security spokesman.

Copyright 2018 NPR. To see more, visit http://www.npr.org/.

MELISSA BLOCK, HOST:

From NPR News, this is ALL THINGS CONSIDERED. I'm Melissa Block.

ROBERT SIEGEL, HOST:

And I'm Robert Siegel. With the prospect of a military strike against Syria in the next few days, the United States must brace for possible reprisals. The Syrian government or groups allied with it could hit back, not with traditional warfare but with cyberattacks. A group of pro-government hackers calling itself the Syrian Electronic Army has already gone after some U.S. targets, most recently The New York Times.

NPR's Tom Gjelten says more companies could find themselves on the front lines.

TOM GJELTEN, BYLINE: War in the cyber domain is different. It's not armies or navies that are most exposed. In a country like the United States, it's companies, banks, energy providers, airlines or media organizations. Plus, cyberattacks are silent. They can be invisible until it's too late, and they are hard to trace. No wonder, then, that the Syrian government, if it comes under attack, might choose to retaliate in cyberspace.

Chris Bronk specializes in cyber-geopolitics at Rice University.

CHRIS BRONK: I think the Syrians have all the interest in the world in disrupting as many websites as possible and making commercial operations as difficult as possible inside the United States and elsewhere to communicate a message that it can respond.

GJELTEN: Plus, the Syrian government has a group of computer hackers apparently willing to do the work for them, the so-called Syrian Electronic Army. They say they support the Assad regime, and they're promising to defend the country against its outside enemies, including the United States. Chris Bronk says the group should be taken seriously.

BRONK: It has potentially both the capabilities of grassroots movement and of an intelligence service. It's a new type of organization. And what's not hypothetical is the achievements.

GJELTEN: Before The New York Times was targeted this week, the Syrian Electronic Army claimed credit for hacking into The Washington Post and other news organizations, including NPR. Not surprisingly, with all the talk of military action against Syria, U.S. companies are worrying they might suffer the consequences of cyber retaliation, if not from the Syrian Electronic Army, then from cyber-warriors out of Iran, Syria's ally.

Dmitri Alperovitch is the co-founder of CrowdStrike, a company that provides cybersecurity advice.

DMITRI ALPEROVITCH: A lot of companies are coming and asking us to do these assessments on the Syrian Electronic Army and other actors that we see out of Iran and the broader region and what their capabilities are and how they may suffer attacks in the coming weeks from them.

GJELTEN: So you are getting requests like that?

ALPEROVITCH: Oh, all the time. I mean, my phone has been buzzing off the hook over the last few days because of this.

GJELTEN: The attacks attributed to the Syrian Electronic Army have been mostly unsophisticated. The group has not yet targeted critical infrastructure in the U.S. like the power grid or the transportation system. Alperovitch suggests that whether there will be a major cyberattack in retaliation for a U.S. strike on Syria would depend on how significant the U.S. action would be.

ALPEROVITCH: I think there will be a judgment call on the behalf of the Syrian government to see if they actually want to provoke U.S. into further escalation and tripping over another red line or whether they just want to enjoy the strike and move on.

GJELTEN: The Department of Homeland Security hasn't issued any special alerts for U.S. companies to be on the lookout for cyberattacks in the next few days. After all, there's been no official decision yet on whether to strike Syria. A DHS spokesman says the department shares information with companies every day in the face of constantly evolving threats. Tom Gjelten, NPR News, Washington. Transcript provided by NPR, Copyright NPR.