A Syrian national sympathetic to Syrian President Bashar Al-Assad's government has pleaded guilty to federal charges for his role in an extortion scheme that targeted US media outlets, the US government and foreign governments. The Department of Justice said 37-year-old refugee Peter Romar, who was living in Germany when he was arrested earlier in 2016, pleaded guilty to charges of conspiring to receive extortion proceeds and conspiring to illegally access computers in his limited role as a member of the Syrian Electronic Army (SEA) hacking group.
Justice Department officials said the hackers used a "spear-phishing" tactic to target and compromise the computer systems of the US government, international organisations, media outlets and other private-sector entities that the group deemed were overly critical of the Syrian government. The hacker group would then threaten to damage the computer systems, delete data or sell swiped data unless the victims made extortion payments to the conspiracy.
"If a victim could not make extortion payments to the conspiracy's Syrian bank accounts due to sanctions targeting Syria, Romar acted as an intermediary in Germany to evade those sanctions," the Justice Department said.
The SEA would allegedly use stolen user names and passwords to deface websites, redirect domains to websites that were controlled or used by them, infiltrate email accounts or hijack social media accounts.
Starting in 2011, the group targeted multiple entities including The Associated Press, Reuters, Microsoft, Harvard University, CNN, National Public Radio and Human Rights Watch among others. The group also reportedly targeted the computer systems and employees of the Executive Office of the President, but was unsuccessful.
In April 2013, the hacker group sent a fake tweet from The Associated Press' official Twitter account claiming that a bomb exploded at the White House and injured President Barack Obama. Within just minutes, the message caused the Dow Jones Industrial average to plunge over 100 points, before it was confirmed to be a hoax.
In September 2013, the SEA hijacked a recruiting website for the US Marine Corps through a third-party vendor, posting a fake message saying "the Syrian army should be your ally not your enemy" and encouraging US marines to "refuse [their] orders."
"The Syrian Electronic Army publicly claims that its hacking activities are conducted in support of the embattled regime of Syrian President Bashar al-Assad," Assistant Attorney General Carlin said in a statement at the time of the indictment. "While some of the activity sought to harm the economic and national security of the United States in the name of Syria, these detailed allegations reveal that the members also used extortion to try to line their own pockets at the expense of law-abiding people all over the world. The allegations in the complaint demonstrate that the line between ordinary criminal hackers and potential national security threats is increasingly blurry."
In March, three alleged Syrian Electronic Army hackers - Ahmad Umar Agha, known as "The Pro," Firas Dardar, known as "The Shadow" and Romar, known as Pierre Romar - were charged by the US government with multiple conspiracies related to computer hacking. Co-defendant Dardar still remains at large and is believed to be in Syria.
Romar faces up to five years in prison and is scheduled to be sentenced on 21 October.