Thursday, August 29, 2013

Syrian Electronic Army's Latin American Connection

There's been a lot of press today about how the Syrian Electronic Army is using Russian servers and who some of it's early website administrators are. One of Digital Dao's readers sent me an email this morning with some new information from a PhP shell left on a host that points to a Latin American supporter.

----// START

    <?php  
    #  .. SyRiAn Sh3ll V7 .... PRIV8! ... DONT LEAK! .... f0r t3am memberz 0nly!
    #  ,--^----------,--------,-----,-------^--,                                
    #  | |||||||||   `--------'     |          O    .. SyRiAn Sh3ll V7 ....     
    #  `+---------------------------^----------|                           
    #    `_,-------, __EH << SyRiAn | 34G13__|                             
    #      / XXXXXX /`|     /                   
    #     / XXXXXX /  `   /                   
    #    / XXXXXX /______(   
    #   / XXXXXX /!        
    #  / XXXXXX /!     rep0rt bugz t0: sy34[at]msn[dot]com
    # (________(!                                         
    #  `-------'                                          
    #.... PRIV8! ... DONT LEAK! .... f0r t3am memberz 0nly!
    #.... PRIV8! ... DONT LEAK! .... f0r t3am memberz 0nly!
    #                                                      
    # SyRiAn Sh3ll V7 .                                    
    # Copyright (C) 2011 - SyRiAn 34G13

    $user = 'ar3sw0rmed';  // Username 
    $pass = 'ar3sw0rmed-controlremoto';  // Password
    $shellColor = '#990000'; // Shell Color         
    #------------------------------------# 
    #       Powered By SyRiAn Shell      # 
    #       By EH SyRiAn 34G13           #
    #       wWw.syrian-shell.com         #
    #       Version 7 - priv8            #
    #       Made In SyRiA                #
    #------------------------------------#
    ?>                                    

----// End

Terms of Interest

controlremoto

"controlremoto" is Spanish for "remote control".  

ar3sw0rmed

"ar3sw0rmed" is the name of a hacktivist pulling these same DDoS style attacks all across Chile, Brazil, etc.

(UPDATE 2/16/14: Picture removed at ar3sw0rmed's request)

His email address is mkrlosl@ar3sw0rmed.com


And his defacements per Zone-H are extensive


Summary

This is a micro example of why it's a mistake to think of the digital landscape as if it's a physical landscape. The Syrian Electronic Army like many of its fellow hacktivist organizations is not limited to Syria's physical borders nor Syrian nationals for its members. In fact, for many hacktivists in particular and some Millennials in general, digital allegiances are replacing physical borders.

We'll be exploring this phenomenon in-depth with experts like Dave Kilcullen, Joel Brenner, Mike Janke and 15 other speakers at the Suits and Spooks conference in New York on Oct 5-6, 2013.

2 comments:

  1. appreciate it if you remove my picture, it's no secret, I'm retired and is posted on my own blog, I hope answers.

    ar3sw0rmed

    ReplyDelete