Syrian hacker accused of attacking U.S. for Assad extradited for federal court in Virginia

A man the U.S. says is a hacker aligned with the government of Syria's President Bashar al-Assad will appear in a federal court in Alexandria, Virginia, on Tuesday. An unnamed source with U.S. law enforcement told reporters today that the accused hacker, 36 year old Peter Romar, was extradited to the US and flown from Germany to Dulles International Airport on Monday.

Romar is reported to be a member of the hacking group Syrian Electronic Army. He is one of three Syrian nationals charged by the feds in March with being part of a criminal conspiracy to to extort money from victims, including online U.S. publishers whose websites and social media accounts SEA pwned.

The SEA's hack of a significant U.S. military domain caused great embarrassment, and prosecutors characterize the ridiculous message screengrbbed below as "attempting to cause mutiny of the U.S. armed forces."

That much it may be, but it's a pretty pathetic one, and I'd certainly hope nobody in America's armed forces is enough of an idiot to have fallen for it.

sea-msg-640x508

From Reuters:

Two other defendants in the case, Ahmad Umar Agha and Firas Dardar, were charged with being involved in a "hoax regarding a terrorist attack," and "attempting to cause mutiny of the U.S. armed forces."

Dardar and Agha are still believed to be in Syria. Romar and Dardar were charged separately with extortion and wire fraud. Prosecutors alleged their activities included attempts to blackmail hacking victims and transfer their extortion payments to Syria, with Romar in Germany acting as a middleman, according to a court document.

The alleged hackers used a relatively unsophisticated hacking tactic known as "spear-phishing," to target computers belonging to media networks, including CNN, National Public Radio, the Associated Press and Reuters, in addition to Microsoft Corp, Harvard University and Human Rights Watch, the U.S. Justice Department said at the time of the indictment.

SYRIAN_ELECTRONIC_ARMY

Related reporting at the Washington Post recaps the federal complaint, which was released a couple of months ago:

Between 2013 and 2014, Firas Dardar, a member of the SEA who lived in Homs, Syria, hacked at least 14 private companies in the United States, China, Europe and elsewhere; at least one company has a server in Ashburn, Va., according to the complaint.

After gaining access to the victim's computer, Dardar would redirect legitimate Internet traffic away from the company's systems, deface website text, send messages using the victim's accounts, steal data and engage in other illegal activities, according to prosecutors.

He would then demand payments from the victim, threatening further damage or to sell stolen information to other hackers if the company didn't pay, according to the complaint. Dardar demanded in total more than $500,000 from individual companies as part of the extortion scheme, although he and Romar accepted smaller amounts in many instances.

Romar would receive payments from victims who could not transmit money directly to Dardar because of international sanctions against Syria, prosecutors said. He would then find a way to get the money to Syria. In a case involving a web-hosting company in California, he forwarded the money to an intermediary in Lebanon, according to the complaint.