Exclusive interview with the European Cyber Army sheds new light on yesterday’s Syrian internet blackout.

Yesterday evening, local time, in Syria, the entire country’s internet connections went offline. At around the same time, a relatively unknown hacker group calling themselves the “European Cyber Army” posted a tweet directed at Syria with the following text:

“If your Attacks on Western Media continue, We will continue Nuking [sic] the Syrian Telecoms”

If this outage was indeed the work of a group of hackers, it would prove to be among the largest cyber attacks to date.

The real story however, isn’t quite so clear-cut.

Motives

If the ECA were indeed responsible for this outage, what motivated them to undertake such a brazen attack against Syria?

The answer lies in the activities of another hacker group, the pro-Assad “Syrian Electronic Army (SEA)”. Over the course of the civil war, they have engaged in an escalating series of cyber and hacking attacks against businesses and governments in the west. Some of their more recent targets include the New York Times, Skype and Twitter.

According to a recent press release by the ECA, their current actions are a form of retaliation for SEA attacks.

“The Syrian Electronic Army is a dangerous threat to the global economy and welfare of all nation [sic]! They ignored our warning and continued to strike American and European targets! SEA is a grave threat…..A threat that must be neutralized before it spreads like a disease!”

In an interview with The Background Noise, an ECA spokesperson elaborated on this.

“SEA is a reckless and dangerous force, if they are left unchallenged they will be unstoppable! We for one will not let this happen.”

Implementation

Syria, now in the 4th year of a bloody and divisive civil war, has a decaying network of telecommunications. It is connected to the wider internet through 3 undersea cables which terminate in the port of Tartous, and one overland cable from Turkey to the city of Aleppo.

At least once before in the war, internet communications have been disrupted due to cables being cut during fighting. Could a similar event have happened again?

Taking an entire country offline – even one with a damaged infrastructure such as Syria – is seen as an incredibly difficult task for a non-state actor.

On Twitter, the ECA bragged about the fact that while a traditionally DDoS (Distributed Denial of Service) attack could not take down an entire country, something they jokingly called an “SDoS” or “Sanctioned Domination of Service” could.

The Background Noise contacted the ECA for further details on how they achieved the alleged takedown. It was then that the story began to unravel. According to a spokesperson:

“We did indeed claim credit for the outage, but we can not take full credit for the outage as the damage from the area took out about 60% of the Internet! We just brought down the remaining ISP using an Unnamed India Telecommunication Server to reroute their traffic and efficiently complete the blackout!”

Aftermath

After roughly six to seven hours, internet connection was restored to Syria. State TV agency SANA blamed the loss of connection on the severing of a cable due to an Israeli airstrike. This claim was strongly opposed by the ECA on Twitter, who reiterated that it was their SDoS attack which caused the outage.

In the last 24 hours the ECA have continued the offensive against the SEA, leaking alleged names and contact details of core members.

When asked if they were aware of any connections between the SEA and Iran, as has been previously speculated, the ECA declined to comment.

By Michael Cruickshank