FBI's Most Wanted: Syrian Electronic Army hacktivists
$100,000 reward on hackers' heads
The FBI has placed suspected self-styled Syrian Electronic Army (SEA) hacktivists on its most wanted list, publicly naming members of the notorious group for the first time.
Ahmad Umar Agha (AKA The Pro), 22, and Firas Dardar (AKA The Shadow), 27, were each charged with multiple conspiracies related to computer hacking. Peter Romar, 36, was charged with acting as Dardar's bag-man in an extra-curricular cybercrime scam.
Agha and Dardar allegedly engaged in a long-running cyber-propaganda campaign in support of the Syrian government and its President Bashar al‑Assad.
"The conspiracy was dedicated to spear-phishing and compromising the computer systems of the US government, as well as international organizations, media organizations and other private-sector entities that the SEA deemed as having been antagonistic toward the Syrian Government," a US Department of Justice (DoJ) statement explains.
"When the conspiracy's spear-phishing efforts were successful, Agha and Dardar would allegedly use stolen usernames and passwords to deface websites, redirect domains to sites controlled or utilized by the conspiracy, steal email and hijack social media accounts."
In April 2013, the trio were allegedly involved in compromising the Twitter account of the Associated Press (AP) before spreading a false rumor claiming that a bomb had exploded at the White House and injured President Obama. The compromised AP's Twitter account caused a temporary stock market dip. In another attack later that year, SEA hacktivists gained control over a US Marine Corps recruitment website through a third party before posting a defacement encouraging US marines to "refuse [their] orders."
In addition, the conspirators are charged with repeatedly – and unsuccessfully – attempting to hack computer systems and employees of the Executive Office of the President over several years from 2011 onwards.
Dardar and Romar allegedly ran extortion scams after hacking into the systems of businesses in the US and elsewhere from 2013 to the present.
"Specifically, the complaint alleges that the conspiracy would gain unauthorized access to the victims' computers and then threaten to damage computers, delete data or sell stolen data unless the victims provided extortion payments to Dardar and/or Romar," a DoJ statement explains.
"In at least one instance, Dardar attempted to use his affiliation with the SEA to instill fear into his victim."
Romar allegedly acted as an intermediary in an attempt to evade those sanctions that would have otherwise blocked attempts by victims to make payments to Syria.
Agha and Dardar are both charged with criminal conspiracy relating to:
- Engaging in a hoax regarding a terrorist attack.
- Attempting to cause mutiny of the US armed forces.
- Illicit possession of authentication features.
- Access device fraud.
- Unauthorized access to, and damage of, computers.
- Unlawful access to stored communications.
Dardar and Romar were separately charged with multiple conspiracies relating to:
- Unauthorized access to, and damage of, computers and related extortionate activities.
- Receiving the proceeds of extortion.
- Money laundering.
- Wire fraud.
- Violations of the Syrian Sanctions Regulations.
- Unlawful interstate communications.
The charges were made under seal which was released on Tuesday, as the FBI announced that it is adding Agha and Dardar to its Cyber Most Wanted, offering a reward of $100,000 for information that leads to their arrest. Each is thought to be resident in Syria, a massive obstacle for would-be bounty hunters. The US government is inviting tip-offs. ®