March 22, 2016

Syrian Cyber Hackers Charged

Two From ‘Syrian Electronic Army’ Added to Cyber’s Most Wanted

Amad Umar Agha and Firas Dardar

Amad Umar Agha, left, and Firas Dardar were charged in federal court with multiple conspiracies related to computer hacking.


Three members of a Syrian hacker collective that hijacked the websites and social media platforms of prominent U.S. media organizations and the U.S. military were charged today in federal court with multiple conspiracies related to computer hacking.

In two criminal complaints unsealed in the Eastern District of Virginia, Amad Umar Agha, Firas Dardar, and Peter Romar were charged with criminal conspiracies related to their roles targeting Internet sites—in the U.S. and abroad—on behalf of the Syrian Electronic Army (SEA), a group of hackers that supports the regime of Syrian President Bashar al-Assad. The affected sites—which included computer systems in the Executive Office of the President in 2011 and a U.S. Marine Corps recruitment website in 2013—were deemed by SEA to be antagonistic toward the Syrian government.

According to the charges, Agha, 22, known online as “The Pro,” and Dardar, 27, engaged in a multi-year conspiracy that began in 2011 to collect usernames and passwords that gave them the ability to deface websites, redirect domains to sites controlled by the conspirators, steal e-mail, and hijack social media accounts. To obtain the login information they used a technique called “spear-phishing,” where they tricked people who had privileged access to their organizations’ websites and social media channels into volunteering sensitive information by posing as a legitimate entity.

The FBI today added Agha and Dardar—both believed to be in Syria—to its Cyber’s Most Wanted. The Bureau is offering a reward of up to $100,000 each for information that leads to their arrest; anyone with information is asked to contact the FBI or the nearest U.S. Embassy or consulate. Tips can also be submitted online at tips.fbi.gov.

Dardar, known online as “The Shadow,” also worked with Peter “Pierre” Romar, 36, on a scheme beginning in 2013 to extort U.S. businesses for profit. According to the complaint, the pair would hack into the victims’ computers and then threaten to damage computers, and delete or sell the data unless they were paid a ransom.

Other examples of the conspirators’ hacks include:

  • Compromising the Twitter account of a prominent U.S. media organization in 2013 and releasing a tweet claiming that a bomb had exploded at the White House and injured the President.
  • Gaining control of a U.S. Marine Corps recruiting website and posting a message urging Marines to “Refuse [their] orders.”

In a statement, Assistant Attorney General for National Security John Carlin said the conspirators’ extortion schemes undermine their own claims of working for a noble cause—to support the embattled regime of their president. “While some of the activity sought to harm the economic and national security of the United States in the name of Syria, these detailed allegations reveal that the members also used extortion to try to line their own pockets at the expense of law-abiding people all over the world,” Carlin said.

The U.S. District Court has issued arrest warrants for all three defendants. The FBI’s Washington Field Office (WFO) is investigating the case with assistance from the NASA Office of the Inspector General and Department of State Bureau of Diplomatic Security, and other law enforcement agencies.

“These three members of the Syrian Electronic Army targeted and compromised computer systems in order to provide support to the Assad regime as well as for their own personal monetary gain through extortion,” said WFO Assistant Director in Charge Paul M. Abbate. “As a result of a thorough cyber investigation, FBI agents and analysts identified the perpetrators and now continue to work with our domestic and international partners to ensure these individuals face justice in the United States.”