[1ype Lhe auLhor name

]
unlLed SLaLes Army
6/1/2012
!"#$%& ()*+,#-&$+
.#/" 0!(.1 2%#3*,4
5%,%#


!"#
%&'(

"#$%&' ()* +,-.//01.,2. 345567- $2-080-9
:"#+3$;
'6<5/.= &5.7>-06,>/ ?,8076,<.,- >,@
"A7.>- +,-.17>-06, %07.2-67>-. :'"+%;



CLA 1eam 1hreaL 8eporL


B4756C.
1o lnform Lhe Army Lralnlng communlLy of Lhe Syrlan LlecLronlc Army (SLA) cyber aLLack on
CaLarl webslLes.
1o provlde background lnformaLlon on Lhe SLA.
1o descrlbe Lhe general moLlvaLlon behlnd Lhe SLA's aLLacks.

?=.24-08. 34<<>79
1he SLA ls a dlsconnecLed group of Syrlan l1 professlonals who are lnLenL on combaLlng
whaL Lhey vlew as un[usL medla coverage of Lhe Syrlan governmenL and exLernal supporL for
Lhe rebels.
Crganlzed ln 2011, Lhe SLA has aLLacked news agencles, governmenL slLes, unlverslLles, and
oLher organlzaLlons deemed hosLlle Lo Lhe Syrlan governmenL.
ln CcLober 2013, Lhe SLA hacked lnLo a domaln reglsLry conLalnlng lnformaLlon abouL a
number of dlfferenL CaLarl webslLes.
1he SLA polnLed Lo CaLarl supporL for Lhe rebels ln Syrla as Lhe reason for Lhe aLLack.
1he SLA has, Lo daLe, focused on nulsance aLLacks, lncludlng placlng pro-Assad propaganda
on Lhe CaLarl webslLes or dlrecLlng vlslLors Lo oLher slLes.









!"#$% '(")"* +"," -.$/ 01 )($ 21%345 67$8)%"538 9%:1 ;269<=
% unCLASSlllLu

CLA 1eam 1hreaL 8eporL



Figure 1: Map of Qatar
D>5














( unCLASSlllLu

CLA 1eam 1hreaL 8eporL


+,-76@42-06,
1he recenL medla aLLenLlon glven Lo Lhe naLlonal SecurlLy Agency (nSA) domesLlcally ls puLLlng more
focus on cyber acLlvlLles around Lhe world. 1he nSA's more sophlsLlcaLed operaLlons have
overshadowed Lhe less compllcaLed, buL noneLheless effecLlve, cyber aLLacks conducLed by
organlzaLlons such as Lhe Syrlan LlecLronlc Army (SLA). Slnce lLs lncepLlon ln 2011, Lhe SLA has
conducLed nulsance aLLacks on numerous slLes around Lhe world ln supporL of Lhe Syrlan governmenL.
news agencles, governmenL slLes, unlverslLles, and even Lhe uS Marlne Corps recrulLlng slLe have been
LargeLs of Lhe SLA's cyber aLLacks.
MosL recenLly, Lhe SLA LargeLed CaLarl governmenL mlnlsLry webslLes. 1he CaLarl governmenL galned
conLrol of Lhe onllne slLes wlLhln a few days, buL Lhe evenL underscored Lhe ease wlLh whlch cyber
aLLacks can be waged from anywhere ln Lhe world. 1he SLA's reason for LargeLlng CaLar ls Lhe counLry's
supporL of Lhe lree Syrlan Army and afflllaLed Sunnl lnsurgenLs flghLlng agalnsL Lhe Assad governmenL.
1he SLA has resLralned lLself Lo nulsance aLLacks and noL mallclous assaulLs, however, lL ls noL unreallsLlc
Lo poslL more damaglng aLLacks ln Lhe fuLure. 1he ablllLy Lo wage aLLacks from anywhere ln Lhe world
and operaLe wlLhln dlsparaLe and dlsconnecLed cells allows cyber lnsurgenLs Lo conducL operaLlons more
easlly Lhan LradlLlonal lnsurgenLs.
3970>, ?/.2-76,02 $7<9 :3?$;
1he SLA ls a dlsparaLe group of compuLer hackers boLh lnslde and ouLslde Syrla who supporL Lhe Assad
governmenL. 1he purporLed goal of Lhe SLA ls Lo counLer whaL lL percelves ls unfalr coverage of Lhe
Syrlan governmenL ln Lhe WesLern and Arablc press and supporL of governmenLs for rebels flghLlng
agalnsL Lhe Syrlan governmenL. CperaLlng onllne vla soclal medla plaLforms such as lacebook and
1wlLLer, Lhe SLA has launched organlzed nulsance aLLacks such as spammlng campalgns and denlal of
servlce aLLacks on lndlvldual, group, and organlzaLlon webslLes LhaL lL belleves undermlne Lhe Syrlan
governmenL's leglLlmacy.
'
1he SLA lacebook page clalms LhaL lL ls noL an offlclal pollLlcal parLy and ls
only assoclaLed wlLh Lhe Syrlan governmenL Lhrough lLs supporL of Lhe governmenL agalnsL an
lnsurgency supporLed by oLher counLrles.
%

Slnce 2011, Lhe SLA has conducLed whaL can be deflned as nulsance aLLacks on numerous slLes, buL mosL
organlzaLlons LargeLed regalned conLrol of Lhelr webslLes wlLhln a few hours Lo a few days. Cne self-
descrlbed member of Lhe SLA neLwork sLaLed LhaL hls lnLenL was noL Lo desLroy, buL Lo publlsh messages
or arLlcles of supporL for Lhe Syrlan governmenL. A velled LhreaL, however, followed when Lhe hacker
sald LhaL lf Lhe unlLed SLaLes aLLacked Syrla, more mallclous and damaglng aLLacks could resulL.
3
1he SLA
has Lhree years of successful experlence problng a large number of webslLes. lLs collecLlve skllls aL LhaL
level are sharp, yeL lL ls unllkely LhaL Lhe SLA wlll be able Lo progress much furLher lnLo more
compllcaLed cyber aLLacks wlLhouL slgnlflcanL help from allles. 1hose capable of hlgher-level Lechnology
aLLacks are noL llkely Lo share Lhose resources wlLh Lhe SLA, as lL would creaLe vulnerablllLy for Lhe
sharlng enLlLy.
) unCLASSlllLu

CLA 1eam 1hreaL 8eporL



Figure 2: Now defunct SEA website calling for volunteers


1he SLA ls noL a monollLhlc organlzaLlon, buL operaLes ln a decenLrallzed fashlon, ln a manner slmllar Lo
lnsurgenL cells. Loosely-allgned afflllaLlons allow hackers Lo conLrlbuLe Lo muLual goals, buL wlLhouL a
hlerarchlcal sLrucLure. Cn Lhe SLA's now-defuncL webslLe, lL llsLed a number of hackers who had an
ldenLlLy under Lhe SLA's umbrella organlzaLlon, buL were able Lo operaLe lndependenLly. 1he webslLe
shown ln llgure 2, recenLly Laken down by lLs domaln reglsLerlng hosL, recrulLed anyone lnLeresLed ln
furLherlng Lhe Syrlan governmenL cause. 1he LexL ln Lhe upper lefL asked for volunLeers ln less Lhan
perfecL prose:
º1o conLrlbuLe wlLh us ln supporLlng Lhe cause of Lhe Syrlan Arab people by armamenLs wlLh
sclence and knowledge agalnsL Lhe campalgns led by Lhe Arab medla and WesLern on our
8epubllc by broadcasLlng fabrlcaLed news abouL whaL ls happenlng ln Syrla. ?ou can [oln our
page vla soclal neLworklng slLes: lacebook - 1wlLLer or by publlshlng vldeos LhaL dlsplay on our
* unCLASSlllLu

CLA 1eam 1hreaL 8eporL


page on ?ou 1ube. [oln Lo our pages by cllcklng on Lhe llnks below Lo be one of Lhe Syrlan
elecLronlc."
ln Lhe lower lefL corner of llgure 2, SLA ouLllned Lhe procedure for becomlng an afflllaLe and Lhe
procedure for havlng an anonymous presence on Lhe SLA webslLe:
º?ou can now geL a membershlp card ln Lhe Syrlan LlecLronlc Army by reglsLraLlng Lhe daLa LhaL
you wlsh Lo be shown, you musL reglsLer as a membershlp on Lhe slLe flrsL, lL wlll express your
elecLronlc ldenLlLy card and lLs daLa can'L be modlfled wlLhouL approval of managemenL, Lo
creaLe your own card now Cllck Pere."
3970>, ?/.2-76,02 $7<9 '9E.7 $-->2FC
1hls llsL of Lhe SLA's aLLacks ls noL all lncluslve, buL provldes a sense of Lhe number and scope of Lhelr
operaLlons:
+,-. %&''/ 012345627. 89 :;-298512; <86 =1>4-46 - webslLe defaced by SLA hacker known as "1he Þro"
4

?4@74AB45 %&''/ C;53;5D 012345627. - homepage was replaced wlLh an lmage of Syrlan presldenL
8ashar al-Assad, wlLh a message sLaLlng, "Syrlan LlecLronlc Army Were [slc] Pere"
3

=@52- %&'%/ <21E4DF1 - Look down Lhe offlclal blog slLe and redlrecLed vlslLors Lo a slLe supporLlng 8ashar
al-Assad
6

=,>,67 %&'%/ G4,7456 !4H6 =>41I. - LwenLy-Lwo 1wlLLer accounL LweeLs were senL wlLh false
lnformaLlon on Lhe confllcL ln Syrla and a false reporL was posLed Lo a 8euLers [ournallsL's blog on Lhe
news webslLe
7

J4B5,;5. %&'(/ ?E. !4H6 =5;B2; K pro-Syrlan governmenL commenLs were wrlLLen on Lhe maln 1wlLLer
accounL [skynewsarbla, used for culLural and enLerLalnmenL news, and lLs lacebook page,
facebook/skynewsarabla
8

=@52- %&'(/ =668I2;74D L5466 - Lhrough 1wlLLer accounL, falsely clalmed Lhe WhlLe Pouse had been
bombed and ÞresldenL 8arack Cbama was ln[ured. 1he LweeL was re-LweeLed Lhousands of Llmes wlLhln
mlnuLes and caused Lhe uow !ones lndusLrlal Average lndex Lo drop sharply before qulckly recoverlng
9

M;. %&'(/ NO4 "1281 - 1wlLLer accounL was hacked by phlshlng Coogle app accounLs of 1he Cnlon's
employees
10

M;. %&'(/ NO4 FN# !4H6 <81D81 - 1wlLLer accounL was hacked.
11

P unCLASSlllLu

CLA 1eam 1hreaL 8eporL


M;. %&'(/ ?E. !4H6 - compromlsed several Sky news Androld appllcaLlons, requlrlng users Lo reload
Lhe apps.
12

+,-. %&'(/ N5,4I;--45 (a global phone dlrecLory appllcaLlon for smarLphones and feaLure phones) - SLA
clalmed lL hacked lnLo servers and sLole seven daLabases and released 1rueCaller's daLabase hosL lu,
username, and password vla a LweeL. Cn 18 !uly 2013, 1ruecaller lssued a sLaLemenL on lLs blog sLaLlng
LhaL lLs servers were lndeed hacked, buL clalmlng LhaL Lhe aLLack dld noL dlsclose any passwords or
credlL card lnformaLlon.
13

"I78B45 %&'(/ 0? L5462D417 Q;5;IE "B;A; - 1wlLLer and lacebook accounLs were hacked lnLo,
dlverLlng slLe vlslLors Lo a Syrlan propaganda vldeo
14

+,-. %&'(/ #2B45 (proprleLary cross-plaLform lnsLanL messaglng volce-over-lnLerneL proLocol appllcaLlon
for smarLphones developed by vlber Medla) - accessed Lwo mlnor sysLems: a cusLomer supporL panel
and a supporL admlnlsLraLlon sysLem, accordlng Lo Lhe company's offlclal response, no senslLlve user
daLa was exposed and vlber's daLabases were noL hacked
13

=,>,67 %&'(/ ",7B5;21 (adverLlslng servlce) - hacked vla a spearphlshlng aLLack, allowlng placemenL of
redlrecLs lnLo Lhe webslLes of 1he WashlngLon ÞosL, 1lme, and Cnn
16

=,>,67 %&'(/ !RN2A46SI8A - domaln name reglsLraLlon (unS) was hacked, causlng redlrecLlon from Lhe
webslLe Lo a page LhaL dlsplayed Lhe message "Packed by SLA," 1wlLLer's domaln reglsLrar was also
changed
17

=,>,67 %&'(/ NH27745 - unS reglsLraLlon hacked Lo show Lhe SLA as lLs admln and Lech conLacLs
18

=,>,67 %&'(/ NO4 !4H R85E N2A46T C,9921>781 L867T ;1D NH27745 - Look conLrol of medla webslLe
domalns
19

?4@74AB45 %&'(/ 0? M;5214 :85@6 G4I5,2721> - hacked lnLo Lhe lnLerneL recrulLlng slLe for Lhe uS
Marlne Corps, posLlng a message LhaL urged uS Soldlers Lo refuse orders lf WashlngLon decldes Lo
launch a sLrlke agalnsL Lhe Syrlan governmenL
20

?4@74AB45 %&'(/ U-8B;- L867 - LargeLed lLs offlclal LwlLLer accounL and webslLe (globalposL.com). SLA
offlclally announced Lhe hack Lhrough lLs LwlLLer accounL, sLaLlng: "1hlnk Lwlce before you publlsh
unLrusLed lnformaLlons [slc] abouL Syrlan LlecLronlc Army" and, "1hls Llme we hacked your webslLe and
your 1wlLLer accounL, Lhe nexL Llme you wlll sLarL searchlng for new [ob"
21

"I78B45 %&'(/ V;7;5 U83451A417 - hacked Lhe CaLarl domalns reglsLry (reglsLry.qa), lmpacLlng Lhe .qa
domaln webslLes of Coogle, vodafone, lacebook, al !azeera, CaLar 1elecom, Shelkha Mozah, CaLar
W unCLASSlllLu

CLA 1eam 1hreaL 8eporL


MlnlsLry of lorelgn Affalrs, Lhe CaLar governmenL porLal, Lhe Lmlr's Þalace, Lhe CaLar Armed lorces, and
Lhe CaLar MlnlsLry of Lhe lnLerlor
"I78B45 %&'(/ 0? L5462D417 Q;5;IE "B;A; - Lhrough aL leasL one sLaff member's Cmall accounL,
hacked 1wlLLer and lacebook accounLs, redlrecLlng vlslLors Lo a graphlc 24-mlnuLe propaganda vldeo on
?ou1ube (subsequenLly removed)
"A. G>->7 $-->2F
uomaln reglsLraLlon ls Lhe process by whlch a company or lndlvldual can obLaln a webslLe domaln, such
as www.yourslLe.com. 1he lnLerneL CorporaLlon for Asslgned names and numbers (lCAnn)
*
manages
Lhe lnLernaLlonal uomaln name Server (unS) daLabase. lCAnn ensures LhaL all reglsLered names are
unlque and map properly Lo a unlque lnLerneL ÞroLocol (lÞ) address. 1he lÞ address ls Lhe numerlcal
address of Lhe webslLe LhaL Lells oLher compuLers on Lhe lnLerneL where Lo flnd Lhe server hosL and
domaln. uomaln reglsLraLlon ls avallable Lo Lhe publlc vla a reglsLrar. 8efore a domaln reglsLraLlon can be
approved, Lhe new name musL be checked agalnsL exlsLlng names ln Lhe unS daLabase. Calnlng access
Lo Lhe reglsLrar's daLabase allows a hacker, such as SLA, Lo alLer Lhe names of domalns and galn access
Lo webslLes. 1hls ls how SLA galned access Lo CaLarl webslLes ln CcLober 2013.
1here are a number of ways Lo galn access Lo an organlzaLlon's webslLe. llgure 3 below lllusLraLes a
slmpllfled way ln whlch SLA mlghL have galned access Lo Lhe CaLarl domaln reglsLry, whlch gave lL access
Lo a number of webslLes. (A deLalled conslderaLlon of hacklng Lechnlques and sofLware ls beyond Lhe
scope of Lhls 1hreaL 8eporL.) llgure 3 also lllusLraLes Lhe vulnerablllLy organlzaLlons face as Lhey exlsL ln
a dlglLal world, parLlcularly wlLh Lhe readlly avallable and free-flowlng lnformaLlon on lnLerneL soclal
medla slLes.
A hacker flrsL uses blogs, soclal neLwork slLes, webslLes, eLc. Lo flnd emall addresses of people wlLhln an
organlzaLlon. uslng LhaL lnformaLlon, Lhe hacker sends an emall Lo Lhe address wlLh a downloadable flle,
acLlng as a 1ro[an horse, LhaL conLalns an embedded remoLe access Lool (8A1). Cnce Lhe emall reclplenL
ls enLlced Lo open Lhe aLLached flle, Lhe 8A1 ls acLlvaLed and able Lo send password and oLher senslLlve
lnformaLlon back Lo Lhe hacker. WlLh Lhe acqulred lnformaLlon, Lhe hacker can enLer Lhe domaln
reglsLry. Cnce ln Lhe domaln reglsLry, Lhe hacker can change domaln names and modlfy webslLes.



*
lCAnn ls a non-proflL corporaLlon locaLed ln Marlna uel 8ey, Callfornla Lasked wlLh managlng lnLerneL ÞroLocol
(lÞ) addresses and domaln names.
X unCLASSlllLu


CLA 1eam 1hreaL 8eporL



Figure 3: Cyber attack

$,>/9C- $CC.CC<.,-
1he SLA ls a loosely-allgned group of compuLer hackers lnLenL on rlghLlng whaL Lhey percelve Lo be
unfalr LreaLmenL of Lhe Syrlan reglme by WesLern and Arab medla and governmenLs. lL ls currenLly
capable of nulsance aLLacks on mosL lnLerneL webslLes, lncludlng lacebook and 1wlLLer. 1he SLA aLLacks
have been successful due Lo Lhe group's ablllLy Lo explolL lnnaLe weaknesses ln Lhe securlLy of lnLerneL
slLes. uesplLe LhreaLs LhaL lL would be forced Lo resorL Lo more damaglng aLLacks lf provoked by an
aLLack by ouLslde forces, Lhere ls no evldence Lhe SLA could acLually carry ouL such an aLLack wlLhouL
help from Syrlan allles such as 8ussla, Chlna, or lran. lL ls hlghly unllkely LhaL any of Lhese counLrles
would enLrusL any klnd of more sophlsLlcaLed Lools or resources Lo Lhe SLA.
ConLlnulng successful nulsance aLLacks, however, wlll have an effecL. 1lme losL ln regalnlng conLrol of a
webslLe and loss of cusLomer confldence ln Lhe ablllLy of an organlzaLlon Lo proLecL senslLlve daLa wlll
have an economlc lmpacL. lL ls posslble LhaL Lhe SLA has Lhe capablllLy Lo hack lnLo sysLems LhaL hold
Y unCLASSlllLu

CLA 1eam 1hreaL 8eporL


credlL card and oLher senslLlve lnformaLlon. 1hese klnds of crlmlnal aLLacks have been successfully
performed by oLher groups wlLh devasLaLlng effecLs on consumer confldence. 1he SLA has only shown
an lnLeresL ln presslng a propaganda agenda Lo daLe, buL shlfLs ln pollcles or coverage mlghL cause Lhe
SLA Lo up Lhe dlglLal anLe.
1here ls no evldence, however, LhaL Lhese aLLacks are swaylng anyone Lo Lhe slde of Syrla. lndeed, Lhere
ls evldence LhaL conLlnued aLLacks may compllcaLe Lhe SLA's cause. ln Lhe afLermaLh of an aLLack on Lhe
new ?ork 1lmes, Lhe SLA's webpage was Laken down by Lhe lnLerneL reglsLrar hosLlng Lhe slLe. Cne of
Lhe more blzarre and lnLeresLlng resulLs of Lhe SLA's growlng promlnence ls lLs challenge Lo one of Lhe
mosL noLorlous and lnfamous lnLernaLlonal hacker groups. ln whaL resembled cyber gangs flghLlng over
LerrlLory, Anonymous and Lhe SLA faced off on opposlng sldes of Lhe Syrlan confllcL beglnnlng ln 2011.
ALLacks have been accompanled by Lhe Lough Lalk Lyplcal of Lwo gangs, each Lrylng Lo one-up Lhe oLher.
ln SepLember 2013, Lhe SLA denled clalms by Anonymous LhaL lL had hacked lnLo SLA's sysLem.
22
1he
SLA ls clearly a force of dlsrupLlon, and Lhe long-Lerm lmpllcaLlons of lLs conLlnued presence mlghL very
well remaln whaL Lhey are Loday - prlmarlly a nulsance - or Lhe lmpllcaLlons mlghL become more serlous
lf Lhe SLA's message galns greaLer lnfluence.
"7>0,0,1 +<5/02>-06,C
All lnLerneL-based slLes are vulnerable Lo cyber aLLacks.
lnformaLlon galned from soclal medla and oLher lnLerneL slLes can be used Lo faclllLaLe
successful cyber aLLacks.
Packers are able Lo operaLe wlLhln dlsconnecLed organlzaLlons, each wlLh slmllar goals and
operaLlng lndependenLly under a larger umbrella.
All susplclous emalls should be vlewed as a LhreaL.
#./>-.@ B76@42-C
lollow Lhese llnks Lo vlew relaLed producLs:
Syrlan Soclal Medla
CL Culck Culde: Syrla
1he lree Syrlan Army-lrom 8lfles Lo MAnÞAuS
See also Lhe 8ed ulamond newsleLLer, whlch conLalns currenL arLlcles on a varleLy of Loplcs useful Lo
boLh soldlers and clvlllans ranglng from enemy 11Þ Lo Lhe naLure and analysls of varlous LhreaL acLors.
lor deLalled lnformaLlon on weapons and equlpmenL, see Lhe Worldwlde LqulpmenL Culde.
1o see more producLs from 18lSA-C1lu, vlslL Lhe Army 1ralnlng neLwork (A1n):
hLLps://aLn.army.mll/dsp_LemplaLe.aspx?dplu=377

'& unCLASSlllLu

CLA 1eam 1hreaL 8eporL

















and Army knowledge Cnllne (AkC): hLLps://www.us.army.mll/sulLe/porLal/lndex.[sp










'' unCLASSlllLu

CLA 1eam 1hreaL 8eporL


B&'C

CLA 1eam
913-684-7929 (CCMM)
332-7929 (uSn)

18AuCC C-2 lnLelllgence SupporL AcLlvlLy (18lSA)
Complex CperaLlonal LnvlronmenL and 1hreaL lnLegraLlon ulrecLoraLe (C1lu)
803 Parrlson urlve, 8LuC 467
lorL LeavenworLh, kS 66027
H0147. '7.@0-C
llgure 1. Map of CaLar. ClA World lacLbook, 31 CcLober 2013.
llgure 2. now defuncL SLA webslLe calllng for volunLeers.
llgure 3. Cyber ALLack. 18lSA.

?,@ I6-.C
1
Sarah lowler, ºWho ls Lhe Syrlan LlecLronlc Army," 88C news Mlddle LasL, 23 Aprll 2013.
2
ºSyrlan LlecLronlc Army," lacebook, 31 CcLober 2013.
3
8yron Acohldo, ºSyrla's Cyber 8eLallaLlon Slgnals new Lra of Warfare," uSA 1oday, 30 AugusL 2013.
4
8ruce SLerllng, ºSyrlan LlecLronlc Army lnvades unlverslLy of Callfornla Los Angeles," Wlred, 6 !uly 2011.
3
Sean Coughlan, ºParvard WebslLe Packed by Syrla ÞroLesLers," 88C news LducaLlon & lamlly, 26 SepLember
2011.
6
krls PolL, ºSyrlan Packers 1ake uown Llnkedln's Cfflclal 8log," 1he ually uoL, 26 Aprll 2012.
7
º8euLers 1wlLLer AccounL Packed, lalse 1weeLs abouL Syrla SenL," 8euLers, 3 AugusL 2012.
8
ºSky news Arabla 1wlLLer and lacebook AccounLs Packed by Syrlan LlecLronlc Army," SofLpedla, 7 lebruary 2013.
9
Cerry SmlLh, ºSyrlan LlecLronlc Army's AÞ Pack !usL Lhe LaLesL Þhlshlng ALLack on a Ma[or news CrganlzaLlon,"
Puff ÞosL 1ech, 23 Aprll 2013.
10
ºPow Lhe Syrlan LlecLronlc Army Packed Lhe Cnlon," Cnlon lnc.'s 1ech 8log, 8 May 2013.
11
Sabarl Selvan, ºl1v news London 1wlLLer AccounL Packed by Syrlan LlecLronlc Army," L Packlng news," 24 May
2013.
12
ºSyrlan LlecLronlc Army Compromlses Sky Androld Apps," l1v, 26 May 2013.
13
Sabarl Selvan, "1ruecaller uaLabase hacked by Syrlan LlecLronlc Army", L Packlng news, 17 !uly 2013, "1rueCaller
hacked, 1 mllllon lndlans' daLa aL rlsk," 1he 1lmes of lndla, 18 !uly 2013, "1ruecaller SLaLemenL," 1rue
SofLware Scandlnavla A8, 18 !uly 2013.
14
Amanda Þaulson, ºSyrlan LlecLronlc Army Says lL Packed Cbama AccounLs," uC uecoder, 29 CcLober 2013.
13
!ordan Crook, ºvlber ALLacked by Syrlan LlecLronlc Army," 1ech Crunch, 23 !uly 2013.
16
Þhlllp 8ump, "Syrlan Packers use CuLbraln Lo 1argeL 1he WashlngLon ÞosL, 1lme, and Cnn," 1he ALlanLlc Wlre,
13 AugusL 2013.
'% unCLASSlllLu


CLA 1eam 1hreaL 8eporL


17
Suzanne Choney, "new ?ork 1lmes hacked, Syrlan LlecLronlc Army suspecLed," n8C news, reLrleved 28 AugusL
2013.
18
Marlo Agullar, "Syrlan LlecLronlc Army Clalms lL's 1aken Cver 1wlLLer's uomaln (updaLed)". Clzmodo, 27 AugusL
2013.
19
SLeve kovach, ºSyrlan LlecLronlc Army SuspecLed ln Web ALLack on new ?ork 1lmes, 1wlLLer, and PufflngLon
ÞosL," 8uslness lnslder, 27 AugusL 2013.
20
!ullan 8arnes, ºSyrlan LlecLronlc Army Packs Marlnes WebslLe," 1he Wall SLreeL !ournal, 2 SepLember 2013.
21
ºClobalÞosL hacked by Lhe Syrlan LlecLronlc Army," ClobalÞosL, 30 SepLember 2013.
22
PunLer SLuarL, ºSyrlan LlecLronlc Army uenles 8elng ALLacked by Anonymous," Puff ÞosL 1ech, 4 SepLember
2013.
'( unCLASSlllLu