US charges 3 members of Syrian Electronic Army with hacking conspiracy

Three alleged hackers from the Syrian Electronic Army have been charged with multiple conspiracies related to computer intrusions in a pair of criminal complaints unsealed Tuesday related to cyberattacks on the U.S. government, media and private companies.

Three alleged hackers from the Syrian Electronic Army have been charged with multiple conspiracies related to computer intrusions in a pair of criminal complaints unsealed Tuesday related to cyberattacks on the U.S. government, media and private companies.

Two Syrian nationals, Ahmad Umar Agha, 22, Firas Dardar, 27, used spear phishing campaigns to gain access to a number of domestic and international computer systems from 2011 to 2014. The most high profile incident allegedly tied to the two men is an April 2013 tweet sent from the Associated Press Twitter account that falsely claimed President Barack Obama was injured when a bomb exploded at the White House. The tweet, although only online for minutes, caused the S&P 500 index to plunge, briefly wiping almost a quarter trillion dollars off its value. The two also allegedly compromised a number of other media outlets, including the Washington Post, CNN, NPR and Time Magazine.

Agha, who used the hacker handle “Th3 Pr0,” and Dardar, who called himself “The Shadow,” were also part of a group that allegedly defaced a recruitment website belonging to the U.S. Marine Corps. They also tried to gain entrance to systems tied to the Executive Office of the President, but were unsuccessful in their efforts, according to the complaint.

An accompanying complaint also charges a third Syrian, Peter Romar, 36 , for his role in extorting various private companies in the U.S. and elsewhere around the world. According to DOJ, Dardar and Romar would gain unauthorized access to the victims’ computers and then threaten to damage computers, delete data or sell stolen data unless the victims provided extortion payments.


The complaint does not name the companies allegedly victimized, describing them only as online gaming and web hosting companies. The Syrian hactivist group has targeted an array of companies in its operations, with a 2013 report from FireEye showing that they used WordPress vulnerabilities to obtain data from various online telephone directories and text messaging services.

According to security analysts who’ve followed their activities, the Syrian Electronic Army, or SEA, is a group of hackers loyal to the Bashar al-Assad regime, targeting perceived detractors through a host of exploits and phishing schemes.

“The allegations in the complaint demonstrate that the line between ordinary criminal hackers and potential national security threats is increasingly blurry,” said Assistant Attorney General for National Security John Carlin.

Agha and Dardar, who are believed to be living in Syria, have been added to the FBI’s Cyber Most Wanted list, and there is a $100,000 reward for information that leads to their arrest.

Romar is believed is be living in Germany. The Justice Department did not list a reward for information related to Romar in its press release.


Contact the reporter on this story via email at, or follow him on Twitter at @gregotto. His OTR and PGP info can be found here. Subscribe to the Daily Scoop for stories like this in your inbox every morning by signing up here:

Greg Otto

Written by Greg Otto

Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University.

Latest Podcasts