How Syrian Electronic Army is waging war on digital frontline
Marlene Leung, CTVNews.ca
Published Wednesday, August 20, 2014 12:04PM EDT
Groups of pro-Syrian government hackers are spreading malware to unsuspecting Internet users through websites, popular apps and social media under the guise of helping users protect their privacy, according to a Russian security firm.
In a report issued this month, Moscow-based Kaspersky Lab highlighted the different ways the Syrian conflict is being waged online.
The (Syrian) crisis is taking many forms, and the cyberspace conflict is intensifying as sides try to tilt the struggle, by exploiting cyber intelligence and exercising distortion," the firm said in the report.
"In the last few years cyber-attacks in Syria have moved into the frontline; many activities in cyberspace have been linked to Syria, especially those conducted by the Syrian Electronic Army and pro-government groups."
Kaspersky Lab claims that these hackers are using new techniques to hide and operate malware, including "social engineering tricks" that fool victims into opening malicious files.
Malware is software that is designed to disrupt how a computer operates, collect sensitive information or gain access to the computer system.
The firm says the hackers are operating from within Syria, Russia and Lebanon.
According to the report, Internet users in Syria and other countries are "tempted" to open the malicious files because of a need to increase their online privacy.
Once a victim's computer is infected with the malware, the hackers gain access to the victims' devices.
Here's a look at some of the ways Kaspersky Lab claims the hackers are able to spread malware to Internet users in several countries, including Syria, Lebanon, Saudi Arabia, Israel and the U.S.
Messages on Skype, Facebook, YouTube
One of the ways the malware is spread is via messages sent through Facebook and Skype. The messages prompt users to install fake encryption programs, anti-virus software and firewall protections to guard themselves from cyber-attacks from the Syrian government.
The hackers also use YouTube videos, which provide viewers with links to download fake versions of the popular communication applications WhatsApp and Viber.
"By using everyday technologies that are commonly used by a broad audience, attackers increase the effectiveness of their operations and their infection rates," the report says.
Appealing to people's fear
The hackers also use videos claiming to show injured victims of bombings to "appeal to people's fear" and get them to unknowingly download a malware application.
Once the application is downloaded and executed by the Internet user, a program that saves all of the user's keystrokes and system activity will be installed on the computer, Kaspersky Lab says.
Fake anti-virus program
The hackers also created a fake anti-virus program called "Ammazon Internet Security" to help spread the malware, the report claims.
Kaspersky said the fake program was built to resemble real anti-virus programs, and even included a "thorough" graphical interface and some interactive functions.
"Using nothing more than a couple of buttons and a catchy name, Syrian malware groups were hoping that the intended victims would fall for the trap," the firm said. "Analyzing the code interestingly revealed that it has the look – feel of a security application; but, of course, no real security features."
Kaspersky Lab said it expects these attacks to continue and evolve, and recommends Syrian Internet users carefully examine what programs they download onto their computers.
It also recommends users have up-to-date anti-virus and firewall programs installed on their machines. These should be the "first measure taken by any user that does any type of online activity, especially during these uncertain times when new cyber threats appear almost daily," the firm said.