Syrian Electronic Army

The Syrian Electronic Army (SEA) is a group of computer hackers which first surfaced online in 2011 to support the government of Syrian President Bashar al-Assad. Using spamming, website defacement, malware, phishing, and denial-of-service attacks, it has targeted political opposition groups, western news organizations, human rights groups and websites that are seemingly neutral to the Syrian conflict. It has also hacked government websites in the Middle East and Europe, as well as US defense contractors. As of 2011 the SEA has been "the first Arab country to have a public Internet Army hosted on its national networks to openly launch cyber attacks on its enemies".[2]

The precise nature of SEA's relationship with the Syrian government has changed over time and is unclear.[3]

Syrian Electronic Army
Syrian Electronic Army logo
Formation15 March 2011[1]

Origins and historical context

In the 1990s Syrian President Bashar al-Assad headed the Syrian Computer Society, which is connected to the SEA, according to research by University of Toronto and University of Cambridge, UK.[2] There is evidence that a Syrian Malware Team goes as far back as January 1, 2011.[4] In February 2011, after years of internet censorship, Syrian censors lifted a ban on Facebook and YouTube.[2] In April 2011, only days after anti-regime protests escalated in Syria, Syrian Electronic Army emerged on Facebook.[2] In May 5, 2011 the Syrian Computer Society registered SEA’s website ([2] Because Syria's domain registration authority registered the hacker site, some security experts have written that the group was supervised by the Syrian state.[5] SEA claimed on its webpage to be no official entity, but "a group of enthusiastic Syrian youths who could not stay passive towards the massive distortion of facts about the recent uprising in Syria".[6] As soon as May 27, 2011 SEA had removed text that denied it was an official entity.[2] One commentator has noted that "[SEA] volunteers might include Syrian diaspora; some of their hacks have used colloquial English and reddit memes.[7]

According to a 2014 report by security company Intelcrawler, SEA activity has shown links with "officials in Syria, Iran, Lebanon and Hezbollah."[8] A February 2015 article by The New York Times stated that "American intelligence officials" suspect the SEA is "actually Iranian".[9] However, no data has shown a link between Iran's and Syria's cyber attack patterns according to an analysis of "open-source intelligence" by cyber security firm Recorded Future.[10]

Online activities

SEA has pursued activities in three key areas:

The SEA's tone and style vary from the serious and openly political to ironic statements intended as critical or pointed humor: SEA had "Exclusive: Terror is striking the #USA and #Obama is Shamelessly in Bed with Al-Qaeda" tweeted from the Twitter account of 60 Minutes, and in July 2012 posted "Do you think Saudi and Qatar should keep funding armed gangs in Syria in order to topple the government? #Syria," from Al Jazeera's Twitter account before the message was removed. In another attack, members of SEA used the BBC Weather Channel Twitter account to post the headline, "Saudi weather station down due to head on-collision with camel."[22] After Washington Post reporter Max Fisher called their jokes unfunny, one hacker associated with the group told a Vice interview 'haters gonna hate.'"[7]

Operating system

On 31 October 2014, the SEA released a Linux distribution named SEANux.[23][24]

Timeline of notable attacks

  • July 2011: University of California Los Angeles website defaced by SEA hacker "The Pro".[25]
  • September 2011: Harvard University website defaced in what was called the work of a "sophisticated group or individual". The Harvard homepage was replaced with an image of Syrian president Bashar al-Assad with the message "Syrian Electronic Army Were Here".[26]
  • April 2012: The official blog of social media website LinkedIn was redirected to a site supporting Bashar al-Assad.[27]
  • August 2012: The Twitter account of the Reuters news agency sent 22 tweets with false information on the conflict in Syria. The Reuters news website was compromised, and posted a false report about the conflict to a journalist's blog.[28]
  • 20 April 2013 The Team Gamerfood homepage was defaced.[29]
  • 23 April 2013: The Associated Press Twitter account falsely claimed the White House had been bombed and President Barack Obama injured. This led to a US$136.5 billion dip on the S&P 500 index the same day.[30][31]
  • May 2013: The Twitter account of The Onion was compromised by phishing Google Apps accounts of The Onion's employees.[32]
  • 24 May 2013: The ITV News London Twitter account was hacked.[33]
  • On 26 May 2013 the Android applications of British broadcaster Sky News were hacked on Google Play Store.[34]
  • 17 July 2013, TrueCaller servers were hacked into by the Syrian Electronic Army.[35] The group claimed on its Twitter handle to have recovered 459 GiBs of database, primarily due to an older version of Wordpress installed on the servers. The hackers released TrueCaller's alleged database host ID, username, and password via another tweet.[36] On 18 July 2013, TrueCaller confirmed on its blog that only their website was hacked, but claimed that the attack did not disclose any passwords or credit card information.[37]
  • 23 July 2013: Viber servers were hacked, the support website replaced with a message and a supposed screenshot of data that was obtained during the intrusion.[38][39][17]
  • 15 August 2013: Advertising service Outbrain suffered a spearphishing attack and SEA placed redirects into the websites of The Washington Post, Time, and CNN.[40]
  • 27 August 2013: had its DNS redirected to a page that displayed the message "Hacked by SEA" and Twitter's domain registrar was changed.[41]
  • 28 August 2013: Twitter's DNS registration showed the SEA as its Admin and Tech contacts, and some users reported that the site's Cascading Style Sheets (CSS) had been compromised.[42]
  • 29–30 August 2013: The New York Times, The Huffington Post, and Twitter were knocked down by the SEA. A person claiming to speak for the group stepped forward to tie these attacks to the increasing likelihood of U.S military action in response to al-Assad using chemical weapons. A self-described operative of the SEA told ABC News in an e-mail exchange: "When we hacked media we do not destroy the site but only publish on it if possible, or publish an article [that] contains the truth of what is happening in Syria. ... So if the USA launch attack on Syria we may use methods of causing harm, both for the U.S. economy or other."[43]
  • 2–3 September 2013: Pro-Syria hackers broke into the internet recruiting site for the US Marine Corps, posting a message that urged US soldiers to refuse orders if Washington decides to launch a strike against the Syrian government. The site,, was paralyzed for several hours and redirected to a seven-sentence message "delivered by SEA".[44]
  • 30 September 2013: The Global Post's official Twitter account and website were hacked. SEA posted through their Twitter account, "Think twice before you publish untrusted informations [sic] about Syrian Electronic Army" and "This time we hacked your website and your Twitter account, the next time you will start searching for new job"[45]
  • 28 October 2013: By gaining access to the Gmail account of an Organizing for Action staffer, the SEA altered shortened URLs on President Obama's Facebook and Twitter accounts to point to a 24-minute propaganda video on YouTube.[46]
  • 9 November 2013: SEA hacked the website of VICE, a no-affiliate news/documentary/blog website, which has filmed numerous times in Syria with the side of the Rebel forces. Logging into redirected to what appeared to be the SEA homepage.
  • 12 November 2013: SEA hacked the Facebook page of Matthew VanDyke, a Libyan Civil War veteran and pro-rebel news reporter.
  • 1 January 2014: SEA hacked Skype's Facebook, Twitter and blog, posting an SEA related picture and telling users not to use Microsoft's e-mail service —formerly known as Hotmail—claiming that Microsoft sells user information to the government.[47]
  • 11 January 2014: SEA hacked the Xbox Support Twitter pages and directed tweets to the group's website.[48]
  • 22 January 2014: SEA hacked the official Microsoft Office Blog, posting several images and tweeted about the attack.[49]
  • 23 January 2014: CNN's HURACAN CAMPEÓN 2014 official Twitter account showed two messages, including a photo of the Syrian Flag composed of binary code. CNN removed the Tweets within 10 minutes.[50][51][52]
  • 3 February 2014: SEA hacked the websites of eBay and PayPal UK. One source reported the hackers said it was just for show and that they took no data.[53]
  • 6 February 2014: SEA hacked the DNS of Facebook. Sources said the registrant contact details were restored and Facebook confirmed that no traffic to the website was hijacked, and that no users of the social network were affected.[54]
  • 14 February 2014: SEA hacked the Forbes website and their Twitter accounts.[55]
  • 26 April 2014: SEA hacked the information security-related RSA Conference website.[56]
  • 18 June 2014: SEA hacked the websites of British newspapers The Sun (United Kingdom) and The Sunday Times.[57]
  • 22 June 2014: The Reuters website was hacked a second time and showed a SEA message condemning Reuters for publishing "false" articles about Syria. Hackers compromised the website corrupting ads served by Taboola.[58]
  • 27 November 2014: SEA hacked hundreds of sites through hijacking Gigya's comment system of prominent websites, displaying a message "You've been hacked by the Syrian Electronic Army(SEA)." Affected websites included the Aberdeen Evening Express, Logitech, Forbes, The Independent UK Magazine, London Evening Standard, The Telegraph, NBC, the National Hockey League,,, Time Out New York and (a tech website),, Walmart Canada, PacSun, Daily Mail websites, (cycling website), SparkNotes,,,, and, Biz Day SA, BDlive South Africa,, and CBC News.[59]
  • 21 January 2015: French newspaper Le Monde wrote that SEA hackers "managed to infiltrate our publishing tool before launching a denial of service".[60][61]

In May 2018, two suspects were indicted.[62]

See also


  1. ^ "Syrian Electronic Army - SEA STORY". Syrian Electronic Army. Archived from the original on 1 September 2014. Retrieved 2 September 2014.
  2. ^ a b c d e f Noman, Helmi (May 30, 2011). "The Emergence of Open and Organized Pro-Government Cyber Attacks in the Middle East: The Case of the Syrian Electronic Army". Open Net Initiative. Retrieved 22 July 2013.
  3. ^ Perlroth, Nicole (17 May 2013). "Hunting for Syrian Hackers' Chain of Command". New York Times. Retrieved 22 July 2013.
  4. ^ a b Wilhoit, Kyle; Haq, Thoufique (August 29, 2014). "Connecting the Dots: Syrian Malware Team Uses BlackWorm for Attacks" (blog). FireEye Inc, cyber security company. Retrieved October 15, 2014.
  5. ^ Gallagher, Sean (May 8, 2013). "Network Solutions seizes over 700 domains registered to Syrians". Ars Technica. Retrieved October 15, 2014. The Syrian Computer Society acts as Syria's domain registration authority and regulates the Internet within Syria, and is also believed to be connected to Syria's state security apparatus. The Syrian Computer Society registered .sy domain names for the Syrian Electronic Army's servers, giving the hacker group a national-level domain name ( rather than a .com or other non-government address, signifying its status as at least a state-supervised operation.
  6. ^ Fowler, Sarah (April 25, 2013). "Who is the Syrian Electronic Army?". BBC News. Retrieved October 15, 2014.
  7. ^ a b Peterson, Andrea (2013-08-15). "The Post just got hacked by the Syrian Electronic Army. Here's who they are". The Washington Post. Retrieved 2013-08-28.
  8. ^ Robertson, Jordan. "Three Things You Should Know About the Syrian Electronic Army" (24 March 2014). Bloomberg. Retrieved 2 February 2015.
  9. ^ Sanger, David E. (1 February 2015). "Hackers Use Old Lure on Web to Help Syrian Government". New York Times. Retrieved 2 February 2015. ... the cybervandalism carried out in recent years by the Syrian Electronic Army, which American intelligence officials suspect is actually Iranian, and has conducted strikes against targets in the United States, including the website of The New York Times.
  10. ^ King, Rachael (September 5, 2013). "Data Shows No Link Between Syrian Electronic Army and Iran". Wall Street Journal. Retrieved 2 February 2015.
  11. ^ Perlroth, Nicole (17 May 2013). "Hunting for Syrian hackers' Chain of Command". New York Times. Retrieved 22 July 2013.
  12. ^ "Syrian Electronic Army claims hack of news sites, including CBC". CBC/Radio-Canada. 2014-11-27.
  13. ^ Love, Dylan (22 May 2013). "10 Reasons to Worry About the Syrian Electronic Army". Business Insider. Retrieved 22 July 2013.
  14. ^ "Editor's note". The Washington Post. August 15, 2013. Retrieved August 15, 2013.
  15. ^ "Syrian Electronic Army: Disruptive Attacks and Hyped Targets", OpenNet Initiative, 25 June 2011
  16. ^ " Hacked; 'Syrian Electronic Army' Takes Responsibility". 2013-04-16. Retrieved 2013-04-16.
  17. ^ a b Crook, Jordan (2013-07-23). "Viber Attacked By Syrian Electronic Army". TechCrunch. Retrieved 2019-03-08.
  18. ^ Rubenking, Neil J. (2013-07-23). "Syrian Electronic Army Hacked Tango Chat App; Is Your Site Next?". PC Magazine. Retrieved 2019-03-08.
  19. ^ Abbas, Mohammed (June 21, 2012). "Syria activists using U.S. tech to beat curbs". Reuters. Retrieved June 21, 2012.
  20. ^ Sarah Fowler "Who is the Syrian Electronic Army?", BBC News, 25 April 2013
  21. ^ "Syrian Electronic Army - Hacktivision to Cyber Espionage?" (pdf). IntelCrawler (PGP). 20 March 2014. p. 94. Retrieved 22 March 2015.
  22. ^ Schroeder, Audra (2013-05-02). "Is it time to start taking the Syrian Electronic Army seriously?". The Daily Dot. Retrieved 2013-08-28.
  23. ^ "SEANux - a version of Linux from the Syrian Electronic Army". Graham Cluley. Cluley Associates. 13 October 2014. Retrieved 14 November 2014.
  24. ^ SyrianElectronicArmy (31 October 2014). "#SEANux is now released and available for download!" (Twitterfeed).
  25. ^ Sterling, Bruce (6 July 2011). "Syrian Electronic Army Invades University of California Los Angeles". Wired. Retrieved 10 September 2013.
  26. ^ Coughlan, Sean (26 September 2011). "Harvard website hacked by Syria protesters". BBC. Retrieved 10 September 2013.
  27. ^ Holt, Kris (26 April 2012). "Syrian hackers take down LinkedIn's official blog". The Daily Dot. Retrieved 10 September 2013.
  28. ^ Howell, Martin (5 August 2012). "Reuters Twitter account hacked, false tweets about Syria sent". Reuters. Retrieved 10 September 2013.
  29. ^ "Team Gamerfood website defaced by SEA",, 20 April 2013
  30. ^ Spillus, Alex "Who is the Syrian Electronic Army?", The Telegraph, 24 April 2013
  31. ^ Peter Foster "'Bogus' AP tweet about explosion at the White House wipes billions off US markets", The Telegraph, 23 April 2013
  32. ^ "How the Syrian Electronic Army Hacked The Onion", Tech Team, The Onion, 8 May 2013
  33. ^ "ITV News Twitter account hacked by Syrian Electronic Army". Reuters. May 24, 2013. Retrieved 22 March 2015. Just kidding. The Syrian Electronic Army was here.
  34. ^ Richard Chirgwin (26 May 2013). "Sky News Google Play page defaced". The Register. Situation Publishing. Retrieved 22 March 2015.
  35. ^ "Truecaller Database hacked by Syrian Electronic Army", Sabari Selvan, E Hacking News, 17 July 2013.
  36. ^ "TrueCaller hacked, 1 million Indians’ data at risk", The Times of India, 18 July 2013.
  37. ^ "Truecaller Statement", True Software Scandinavia AB, 18 July 2013.
  38. ^ "Phone and texting app ‘Viber’ hacked by Syrian Electronic Army", Scott Buscemi, 9to5Mac, 23 July 2013. Retrieved 24 July 2013.
  39. ^ "Free calling app 'Viber' website defaced; database hacked by SEA", Mohit Kumar, The hacker News, 23 July 2013. Retrieved 24 July 2013.
  40. ^ "Syrian hackers Use Outbrain to Target The Washington Post, Time, and CNN", Philip Bump, The Atlantic Wire, 15 August 2013. Retrieved 15 August 2013.
  41. ^ Choney, Suzanne (August 28, 2013). "New York Times hacked, Syrian Electronic Army suspected". NBC News. Retrieved 2013-08-28.
  42. ^ "Syrian Electronic Army Claims It's Taken Over Twitter's Domain (Updated)". Gizmodo. 2013-08-27. Retrieved 2013-08-28.
  43. ^ Syria's cyber retaliation signals new era of warfare, USA Today
  44. ^ "US Marines website hacked – Indistan News". Archived from the original on 24 September 2015. Retrieved 14 November 2014.
  45. ^ "GlobalPost hacked by the Syrian Electronic Army". GlobalPost. Retrieved 14 November 2014.
  46. ^ Paulson, Amanda (29 October 2013). "Syrian Electronic Army says it hacked Obama accounts". Christian Science Monitor. Retrieved 5 November 2013.
  47. ^ Shira Ovide (1 January 2014). "Skype Social Media Accounts Hacked by Syrian Electronic Army". Wall Street Journal. Dow Jones. Retrieved 22 March 2015.
  48. ^ Mandalia, Ravi (11 January 2014). "SEA hijacks official Xbox Support Twitter account". Retrieved 12 January 2014.
  49. ^ Lucian Constantin (21 January 2014). "Syrian Electronic Army hacks Microsoft's Office Blogs site mere hours after redesign". PCWorld. Retrieved 14 November 2014.
  50. ^
  51. ^ Winograd, David (24 January 2014). "CNN Sites Get Hacked". Time. Retrieved 24 January 2014.
  52. ^ Catherine E. Shoichet (January 23, 2014). "Some CNN social media accounts hacked". CNN. Retrieved January 23, 2014.
  53. ^ "Syrian Electronic Army hacks Paypal and eBay websites". Retrieved 14 November 2014.
  54. ^ Mohit Kumar (6 February 2014). "Facebook domain hacked by Syrian Electronic Army". The hacker News - Biggest Information Security Channel. Retrieved 14 November 2014.
  55. ^ Eduard Kovacs (14 February 2014). "Forbes Hacked by Syrian Electronic Army [Updated]". softpedia. Retrieved 14 November 2014.
  56. ^ Brandon Stosh. "Syrian Electronic Army Hacked and Defaced RSA Conference Website - Freedom hacker". Freedom hacker. Retrieved 14 November 2014.
  57. ^ "SyrianElectronicArmy on Twitter". Twitter. Retrieved 14 November 2014.
  58. ^ Payne, Samantha (22 June 2014). "Reuters Hacked by Syrian Electronic Army via Taboola Ad". International Business Times. Retrieved 23 June 2014.
  59. ^ Brandon Stosh. "Syrian Electronic Army Hacks Forbes, Ferrari, Daily Telegraph, Independent, Intel Among Hundreds of Others". Freedom hacker - Breaking Hacking and Security News. Retrieved 27 November 2014.
  60. ^ Samuel, Henry. "Le Monde hacked: 'Je ne suis pas Charlie' writes Syrian Electronic Army". Retrieved 23 March 2016.
  61. ^ "The hackers managed to infiltrate our publishing tool before launching a denial of service,". Reuters. 21 January 2015. Archived from the original on February 1, 2015. Retrieved 21 January 2015.
  62. ^

External links


Badlock is a security bug disclosed on April 12, 2016 affecting the Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) remote protocols supported by Windows and Samba servers.Both SAM and LSAD are layered onto the DCE 1.1 Remote Procedure Call (DCE/RPC) protocol. As implemented in Samba and Windows, the RPC services allowed an attacker to become man in the middle. Although the vulnerability was discovered during the development of Samba, the namegiving SMB protocol itself is not affected.


Bluehost is a web hosting company owned by Endurance International Group. It is one of the 20 largest web hosts, collectively hosting well over 2 million domains with its sister companies, HostMonster, FastDomain and iPage. The company operates its servers in-house in a 50,000 square feet (4,600 m2) facility in Provo, Utah, which is now shared with sister company HostMonster. Bluehost employs over 700 people in its Utah facility.

Bluehost was among those studied in the analysis of web-based hosting services in collaborative online learning programs.Bluehost offered shared hosting, WordPress hosting, VPS hosting, Dedicated Hosting, Cloud Hosting, WooCommerce Hosting and many more types of hosting and domain services. Bluehost servers are powered by PHP7, HTTP/2 and NGINX+ caching.

Dexter (malware)

Dexter is a computer virus or point of sale malware which infects computers running Microsoft Windows and was discovered by IT security firm Seculert, in December 2012. It infects PoS systems worldwide and steals sensitive information such as Credit Card and Debit Card information.In December 2013, researchers discovered StarDust, a major revision of Dexter, which compromised 20,000 cards in active campaign hitting US merchants.

It was one of the first known botnets to target point-of-sale (PoS) terminals used by stores and restaurants to process customers' credit and debit card payments.


DoublePulsar is a backdoor implant tool developed by the U.S. National Security Agency's (NSA) Equation Group that was leaked by The Shadow Brokers in early 2017. The tool infected more than 200,000 Microsoft Windows computers in only a few weeks, and was used alongside EternalBlue in the May 2017 WannaCry ransomware attack.Sean Dillon, senior analyst of security company RiskSense Inc., first dissected and inspected DoublePulsar. He said that the NSA exploits are "10 times worse" than the Heartbleed security bug, and use DoublePulsar as the primary payload. DoublePulsar runs in kernel mode, which grants cybercriminals a high level of control over the computer system. Once installed, it uses three commands: ping, kill, and exec, the latter of which can be used to load malware onto the system.


Evercookie is a JavaScript-based application created by Samy Kamkar which produces zombie cookies in a web browser that are intentionally difficult to delete. In 2013, a top-secret NSA document was leaked by Edward Snowden, citing Evercookie as a method of tracking Tor users.


Exactis LLC is a data broker established in 2015 and based in the U.S state of Florida. The firm reportedly handles business and consumer data in an effort to refine targeted advertising.


Gigya, Inc. is a technology company founded in Tel Aviv, Israel and headquartered in Mountain View, California with additional offices in New York, Tel Aviv, London, Paris, Hamburg, and Sydney. It offers a customer identity management platform for managing profiles, preference, opt-in and consent settings.


iSeeYou is a security bug affecting iSight cameras in some Apple laptops.

Internet censorship in Syria

Internet censorship in Syria is extensive. Syria bans websites for political reasons and arrests people accessing them. Filtering and blocking was found to be pervasive in the political and Internet tools areas, and selective in the social and conflict/security areas by the OpenNet Initiative in August 2009.Internet connectivity between Syria and the outside world shut down in late November 2011, and again in early May 2013. Syria's Internet was cut off more than ten times in 2013, and again in March 2014. The Syrian government blamed terrorists for the cut off.

Internet censorship in the Arab Spring

The level of Internet censorship in the Arab Spring was escalated. Lack of Internet freedom was a tactic employed by authorities to quell protests. Rulers and governments across the Arab world utilized the law, technology, and violence to control what was being posted on and disseminated through the Internet. The peoples of Egypt, Libya, and Syria witnessed full Internet shutdowns as their respective governments attempted to quell protests. In Tunisia, the government of Zine El Abidine Ben Ali hacked into and stole passwords from citizens’ Facebook accounts. In Saudi Arabia and Bahrain, bloggers and “netizens” were arrested and some are alleged to have been killed. The developments since the beginning of the Arab Spring in 2010 have raised the issue of Internet access as a human right and have revealed the type of power certain authoritarian governments retain over the people and the Internet.


Kayako is a customer service software company based in London, United Kingdom. Kayako builds customer service and help desk software which businesses use to talk to and support their customers. Kayako was founded in 2001 in Jalandhar, India and has since relocated its headquarters in London, United Kingdom. In addition to its London location, the company has offices in Gurgaon, India and Singapore.The company now serves 50,000 customers in over 100 countries, including Peugeot, De Beers, NASA and the American Motorcyclist Association.Kayako was cited as a direct competitor in Zendesk's (another help desk software company listed on the New York Stock Exchange) S-1 IPO filing with the Securities Exchange Commission.

List of hacker groups

This is a partial list of notable hacker groups.

OurMine, a hacker group that compromised celebrities and YouTuber's Twitter accounts for "security" reasons.

SkidNP, a group of hackers around the time of 2015-2016 that performed many DDoS attacks around the Christmas holidays to websites such as Steam and Xbox also made defacements to many sites which also ended up in the leaking of website databases. The group had around 5-7 members such as Obstructable, HarmIessss, Stazexor and NullSploit. The group later died off at the end of 2016.

414s, named after area code; gained notoriety in the early 1980s as a group of friends and computer hackers who broke into dozens of high-profile computer systems, including ones at Los Alamos National Laboratory, Sloan-Kettering Cancer Center, and Security Pacific Bank.

AnonCoders is a group of hackers originating in 2015. Using defacements, denial of service attacks, database hijacking, database leaks, admin panel takeovers, social media accounts (Facebook, Twitter, Emails) and other methods, It mainly targets political groups and anti-Islam websites including news organizations, institutions and other government, semi-government, military and educational websites around the world. AnonCoders first attack was leveled against several major Israeli websites. In February, it attacked numerous French websites in opposition to cartoons of the Islamic prophet Muhammad published in Charlie Hebdo Magazine. The group has vandalized sites in Israel, Europe, and the United States.

Anonymous, originating in 2003, Anonymous was created as a group for people who fought for the rights for privacy.

Chaos Computer Club, is based in Germany and other German-speaking countries. Famous among older hackers.

Cicada 3301, a group of hackers and cryptographers that recruited from the public on three occasions between 2012 and 2014 by way of complex puzzles and hacking scavenger hunts.

Croatian Revolution Hackers, a now defunct group of Croatian hackers credited with one of the largest attacks to have occurred in the Balkans.

Cult of the Dead Cow, also known as cDc or cDc Communications, is a computer hacker and DIY media organization founded in 1984 in Lubbock, Texas.

CyberVor is the moniker given to a group of Russian hackers responsible for perpetrating a major 2014 theft of internet credentials.

DCLeaks, claims to be a group of "American hacktivists who respect and appreciate freedom of speech, human rights and government of the people."

Decocidio#Ө is an anonymous, autonomous collective of hacktivists which is part of Earth First!, a radical environmental protest organisation, and adheres to Climate Justice Action.

DERP A hacker group that attacked several game sites in late 2013.

Digital DawgPound (DDP).

Equation Group, suspected to be the offensive operations wing of the U.S. National Security Agency.

Ghost Squad Hackers, or by the abbreviation "GSH" is a poliltically motivated hacktivist team led by the administrative de facto leader known as "s1ege". The groups prime intent and focus is embedded on anti-governmental/organization cyber protests within current involvements of media speculation and real life happenings in 2016 to present.

Global kOS was a grey hat (leaning black hat) computer hacker group active from 1996 through 2000.

globalHell was a group of hackers, composed of about 60 individuals. The group disbanded in 1999, when 12 members were prosecuted for computer intrusion and 30 for lesser offences.

Goatse Security (GoatSec) is a loose-knit, nine-person grey hat hacker group that specializes in uncovering security flaws.

Hackweiser is an underground hacking group and hacking magazine founded in 1999.

Honker Union is a group known for hacktivism, mainly present in Mainland China, whose members launched a series of attacks on websites in the United States, mostly government-related sites.

L0pht, was a hacker collective active between 1992 and 2000 and located in the Boston, Massachusetts area.

Level Seven was a hacking group during the mid to late 1990s. Eventually dispersing in early 2000 when their nominal leader "vent" was raided by the FBI on February 25, 2000.

Lizard Squad

LulzSec, a group of hackers originating and disbanding in 2011 that claimed to hack "for the lulz". Currently broken up.

Legion of Doom; LOD was a hacker group active in the early 80s and mid-90s. Had noted rivalry with Masters of Deception (MOD).

Masters of Deception, MOD's initial membership grew from meetings on Loop-Around Test Lines in the early- to mid-1980s. Had noted rivalry with Legion of Doom (LOD).

Mazafaka, financially motivated group and crime forum.

milw0rm is a group of "hacktivists" best known for penetrating the computers of the Bhabha Atomic Research Centre (BARC) in Mumbai.

NCPH is a Chinese hacker group based out of Zigong in Sichuan Province.

P.H.I.R.M. The PHIRM was an early hacking group which was founded in the early 1980s.

RedHack is a socialist hacker group based in Turkey, founded in 1997. They usually launch attacks against Turkish government's websites and leak secret documents of Turkish government.

Shadow Brokers (The) (TSB), originating in summer 2016. They published several leaks of some of the National Security Agency (NSA) hacking tools.

Syrian Electronic Army is a group that claims responsibility for defacing or otherwise compromising scores of websites that it contends spread news hostile to the Syrian government or fake news.

TeaMp0isoN is a group of black-hat computer hackers established in mid-2009.

TeslaTeam is a group of black-hat computer hackers from Serbia established 2010.

TESO, was a hacker group originating in Austria that was active primarily from 1998 to 2004.

The Unknowns is a group of white-hat hackers that exploited many high-profiled websites and became very active in 2012 when the group was founded and disbanded.

UGNazi A hacking group led by JoshTheGod, founded in 2011. They are best known for several attacks on US government sites, leaking WHMC's database, DDoS attacks, and exposing personal information of celebrities and other high-profile figures on

YIPL/TAP - Youth International Party Line or Technological Assistance Program, was an early phone phreak organization and publication created in the 1970s by activist Abbie Hoffman.

Xbox Underground An international group responsible for hacking game developers, including Microsoft.

Mahdi (malware)

Mahdi is computer malware that was initially discovered in February 2012 and was reported in July of that year. According to Kaspersky Lab and Seculert (an Israeli security firm which discovered the malware), the software has been used for targeted cyber espionage since December 2011, infecting at least 800 computers in Iran and other Middle Eastern countries. Mahdi is named after files used in the malware and refers to the Muslim figure.

Metulji botnet

The Metulji botnet, discovered in June 2011, is a botnet mainly involved in cyberscamming and denial of service attacks. Before the botnet itself was dismantled, it consisted of over 12 million individual zombie computers infected with the "Butterfly Bot", making it, as of June 2011, the largest known botnet.It is not known what type of computers are vulnerable, or how to tell if a computer is a part of this botnet.

OpenNet Initiative

The OpenNet Initiative (ONI) was a joint project whose goal was to monitor and report on internet filtering and surveillance practices by nations. The project employed a number of technical means, as well as an international network of investigators, to determine the extent and nature of government-run internet filtering programs. Participating academic institutions included the Citizen Lab at the Munk Centre for International Studies, University of Toronto; Berkman Center for Internet & Society at Harvard Law School; the Oxford Internet Institute (OII) at University of Oxford; and, The SecDev Group, which took over from the Advanced Network Research Group at the Cambridge Security Programme, University of Cambridge.

In December 2014 the OpenNet Initiative partners announced that they would no longer carry out research under the ONI banner. The ONI website, including all reports and data, is being maintained indefinitely to allow continued public access to ONI's entire archive of published work and data.

PLA Unit 61398

PLA Unit 61398 (Chinese: 61398部队, Pinyin: 61398 bùduì) is the Military Unit Cover Designator (MUCD) of a People's Liberation Army advanced persistent threat unit that has been alleged to be a source of Chinese computer hacking attacks. The unit is stationed in Pudong, Shanghai.

Syrian Computer Society

The Syrian Computer Society is an organization in Syria. It was founded by Bassel al-Assad in 1989, and was subsequently headed by his brother Bashar al-Assad, who would later become the President of Syria. It acts as Syria's domain name registration authority and has been reported to be closely associated with the Syrian state.In May 2013, 700 domains registered by Syrians, mostly hosted at servers with IP addresses assigned to the Syrian Computer Society, were reported to have been seized by the U.S. DNS infrastructure operator Network Solutions. The domain names became registered to "OFAC Holding", believed to be a reference to the U.S. federal government's Office of Foreign Assets Control.Some members of the Syrian Computer Society belonged to the first group of supporters of the Syrian Electronic Army.

Tango (software)

Tango is a third-party, cross platform messaging application software for smartphones developed by TangoME, Inc. in 2009. The app is free and is popular for offering video calls over 3G, 4G and Wi-Fi networks.Tango has more than 200 million registered users as of March 2014 and, among Android devices, it is the 12th most downloaded app. It is rated by PCMag as "the simplest mobile chat application out there, with a good range of support."


Viber is a cross-platform voice over IP (VoIP) and instant messaging (IM) software application operated by Japanese multinational company Rakuten, provided as freeware for the Android, iOS, Microsoft Windows, macOS and Linux platforms. Users are registered and identified through a cellular telephone number, although the service is accessible on desktop platforms without needing mobile connectivity. In addition to instant messaging it allows users to exchange media such as images and videorecords, and also provides a paid international landline and mobile calling service called Viber Out. As of 2018, there are over a billion registered users on the network.The software was originally developed in 2010 by Israel-based Viber Media, which was bought by Rakuten in 2014. Since 2017 its corporate name has been Rakuten Viber. It is currently based in Luxembourg. Viber has offices in San Francisco, Minsk, Sofia, Moscow, Paris, Singapore and Manila.

Hacking in the 2010s
Major incidents
Major vulnerabilities
publicly disclosed

This page is based on a Wikipedia article written by authors (here).
Text is available under the CC BY-SA 3.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.