Publishing Update

The good news is that Art and I have received the proofs for our new book “Investigating Internet Crimes“. It is looking really good and the comments from our initial reviewers has been more then positive. One reviewers comment to me was that this book should be in every University program teaching cyber crime and on every investigators desk.  Art and I hope that everyone will find the book as informative. As we move forward Art and I will post updates on the books progress and if we can get it arranged a few snippets from the published copy.

Art and I look forward to hearing from our readers.

Todd G. Shipley



Syrian Electronic Army: Acts of Cyberterrorism or Cyberwarfare?

Syria and its civil war has taken the World’s center stage with the recent news about nerve gas and whether the United States will take some form of military action as a result its use. Approximately seven days ago it was announced that the New York Times website was hacked by the Syrian Electronic Army (SEA), a group of pro-Syrian regime hackers. This week they apparently also took aim at a U.S. Marine’s recruiting website. We are now hearing terms like “cyberterrorism” or “cyberwarfare” being used. What do these terms mean and what are the implications for citizens and specifically for law enforcement?

Lets start with cyberterrorism. Rattray (2001) notes the motivation for cyberterrorists is political. They are focused on actives that cause massive disruption to draw attention to their cause. Nelson, B., Choi, R., Iacobucci, M., Mitchell, M., & Gagnon, G. (1999) described cyberterror as falling in various levels based upon capability levels. These levels are on a continuum, where the sophistication level and the potential for greater damages increases as the perpetrator becomes more experienced and associated or organized with others who are likewise experienced. The top level is Complex Coordinated, which is groups or in some cases governments, working with advance preparation with specific targets and objectives. The part about government is important.

What do we currently know about the SEA besides they are taking responsibility for the above cyber-attacks? Brian Krebs is reporting some interesting tidbits on his site Krebsonsecurity,com. He notes that early this year SEA had to move a majority of its sites. The move was precipitated as their domains were apparent seized due to International trade sanctions against Syria . SEA relocated their sites to locations within in Russia. Krebs also details some very intriguing information concerning apparent SEA members carelessly leaving information about who they are in plain-view on the Internet. Finally, he also notes that SEA has itself been the victim of a major hacker attack this year, which it is claiming didn’t occur. Krebs contradicts this claim by noting …. “a huge collection of data purportedly directly taken from the SEA’s server in April 2013 — including all of the the leaked credentials I saw earlier — was leaked today to Deep Web sites on Tor, an anonymity network.”

It would seem if SEA were Complex Coordinated Group there would had better preparation and planning to conceal who they were as well as to avoid being hacked themselves. SEA obviously targeted the New York Times, but was this company their first choice, of just a set of circumstances that matched their skill set? We don’t know? However, based upon news to date, it doesn’t appear SEA falls in the Complex Coordinated Group. It is a good thing because that is the only group that includes governments.

Why is excluding governments important? Well, cyberwarfare differs from cyberterrorism, because the later is an organized effort by a nation-state (government) to conduct operations in cyberspace against foreign nations. If SEA is not in the Complex Coordinate Group it’s  attack would not be from a nation state. More to the point, the SEA attacks are also not what would would expect from a nation-state. The targets chosen did not diminish the United States ability to conduct its own cyber or military operations. Additionally, if the SEA were part of a nation-state attack, that would be an act of war, which would justify some type of US response, up to and including military action. We don’t hear anyone saying SEA is an agent of Syria or part of the government. If it were that would be an additional argument for military intervention. Clearly Congress is not likely to consider SEA in its decision to support military action in Syria.

Okay, now you have an idea about the differences between cyberterrorism and cyberwarfare. What does that mean for citizens? Cyberterrorism events range in seriousness. For instance, single-issue terrorist group might only target a website, merely to get it’s cause noted. This would be more of an inconvenience or disruption. However, a cyberterroism event, which coincided with a bombing, might be used to maximum the damage or casualties from the real world attack. SEA attacks clearly are on the lower end of the spectrum (although not for the companies involved).

Many might argue that countries are currently engaging in cyberwarfare skirmishes with each other by hacking or attacking each other’s systems. However, a full blown, all-out cyberassault by nation states against each other would not only target government or contractor’s websites but a nation’s very infrastructure. Attacking systems that provide citizens with critical services is clearly more serious than defacing a website or even disrupting a site to make a statement.

For law enforcement is it important to understand the reasons or motivations behind all Internet crime because it can hopefully aid in the perpetrators’ identification. Law enforcement must also understand that there can be a “blending” where the cyberterrorist or even nation state is engaging in traditional criminal acts, such as fraud to help finance their activities. We may also see cybercriminals considering current events about cyber-terrorist as an opportunity to commit crime to make a quick  buck. After all, maybe it was the SEA who did it.

One of our book’s chapter is devoted to cybercrime profiles and data on Internet criminals. We believe it is important for investigators to know as much as they can about their adversaries. As Sun Tzu, Chinese Philosopher and author of “The Art of War “noted “If ignorant both of your enemy and yourself, you are certain to be in peril.”

PS: Note above that Brian Krebs mentioned “Deep Web sites on Tor”. We made sure to cover Tor in detail in our book.


Bacon, J. (2013, September 2). Pro-Syrian Group Hacks U.S. Marines Website. USA TODAY: Latest World and US News – Retrieved from

Nelson, B., Choi, R., Iacobucci, M., Mitchell, M., & Gagnon, G. (1999). Cyberterror: Prospects and Implications. Monterrey: Center for the Study of Terrorism and Irregular Warfare, Naval Postgraduate School. Retrieved from

Rattray, G. (2001) “The Cyberterrorism Threat.” in  Smith, J., and Thomas, W. editors. The Terrorism Threat and U.S. Government Responses: Operational and Organizational Factors.  US Air Force Academy, Colo.: USAF Institute for National Security Studies.

Krebs, B. (2013, August 13). Syrian Electronic Army Denies New Data Leaks. Krebs on Security. Retrieved from

Krebs, B. (2013, August 13). Who Built the Syrian Electronic Army?. Krebs on Security. Retrieved from

Stern, J., Effron, L., & Ferran, L. (2013, August 27). New York Times Website Hacked, Syrian Electronic Army Appears to Take Credit – ABC News. – Breaking News, Latest News & Top Video News – ABC News. Retrieved from

Tzu, S. retrieved from