How pro-Assad hackers pretending to be women tricked Syrian rebels

The World
Syria's President Bashar al-Assad is seen during an interview in Damascus in January.

Syria's President Bashar al-Assad is seen during an interview in Damascus in January.


There are so many different armies fighting each other in Syria that it's tough to know who is fighting whom and for what reason. That gets multiplied when the battle goes online.

What we do know is the battle online is fierce and highly technical. But the methods are old school, says David Sanger of the New York Times, who  wrote about the hackers and their methods.

He says a computer security firm, FireEye, discovered that Assad's hackers were honey-potting the enemy when they looked into the origins of a computer virus.

"And as they traced the virus back, they discovered they were embedded in the photographs of young women," he says. "These photos were just pulled off the Internet and used in either Facebook or Skype chats between the opposition leaders and people who the opposition fighters thought were young women."

It turns out that the people pretending to be young women were pro-Assad hackers. They honey-potted rebels in the field. They certainly had easy targets.

"The rebels are in their mid-20s, mostly guys who have been out in the field for sometime," says Sanger. "You figure it wasn't that hard for [Assad's forces to trick them.]"

The hackers went after the rebels online because most of the rebel battle plans were loaded on for their mobile phones. "It tells you that the more this type of information gets decentralized, moves onto mobile platforms, the more it is also vulnerable," he says.

But Sanger is careful to point out that what happened was not a large-scale cyberwar attack. "It was something more along the lines of espionage," he says. "In other words, those who fell for this honey-pot attack were basically just dumping the contents of their material into the hands of the Syrian leadership. That's different from an attack that is meant to disable your computers."

But who are the hackers?

Sanger says they are believed to be in Lebanon, despite using servers based in Germany. "But the 'who' is a mystery," he says. "There are ideas but no evidence."

Sign up for our daily newsletter

Sign up for The Top of the World, delivered to your inbox every weekday morning.