Experts say the efficacy of spear-phishing attacks depends less on the software used and more on how good the “social engineering,” or human part, of the attack is. Does the email really look as if it comes from someone known to the recipient? Is the English in it fluent and colloquial, or broken and stilted? Is the fake website a convincing facsimile of the real one?
They require relatively little technical skill.
In some attacks, the army’s hackers have ingeniously exploited the outsourcing that most media companies do to maintain their top-of-the-line interactive and audio visual websites.
But other experts caution that it is easy to rent technology or hire talent to improve a group’s hacking prowess They also point out that Iran, Syria’s only remaining ally in the region, has a much more developed cyberwar capability and might be a part of any retaliatory strike across the Internet.
Thursday, security specialists began to name individual administrators of the Syrian Electronic Army they had traced through a trove of data hacked from the army’s own website, after it was booted from its U.S. Internet provider.
Mohamad Abd al-Karem, a computer graphics designer living in Syria, was named by noted security blogger Brian Krebs, who said he traced Mr. al-Karem through an email address used to register a website for the Syrian Electronic Army, which in turn linked to other email and social media accounts, including a Facebook page under the name Mohammed Osman.
Mr. al-Karem told The Washington Times in a brief e-mail that he was not in any way affiliated with the group.
“I am not one of them,” he said via email. Someone using Mr. Osman’s email address also denied being either Mr. al-Karem, or associated with the army.
The group’s spokesman dismissed Mr. Krebs reporting, saying that “they keep publishing names so they can get attention.”
The group also dismissed reporting earlier this year by the Guardian newspaper in Britain, which said the group was based in the United Arab Emirates and funded by Rami Makhlouf, a cousin of President Bashar al-Assad, and the owner of SyriaTel, a telecommunications and internet service provider.
“Our work doesn’t need funds. It just needs a computer and internet connection,” the spokesman said.