'Syrian Electronic Army' goon extradited from Germany now coughs to hacking, extortion

His crime boss The Shadow remains at large

An associate of the self-styled Syrian Electronic Army has been sentenced to five years in an American prison for his part in running a cyber extortion scheme against businesses around the world.

On Wednesday, Syrian-born Peter Romar, 37, pled guilty in a Virginia district court to conspiring to unlawfully access computers and to receive extortion proceeds from the hacking. Romar, who was extradited from Germany where he had emigrated, will be sentenced on October 21. He faces a maximum of five years in prison.

"Today's guilty plea is by the latest international offender who believed that he could operate from abroad, behind the perceived veil of anonymity offered by the Internet, and use computers to threaten the security of our citizens and their property," said assistant attorney general John Carlin.

"It shows that the Department of Justice and the FBI stand behind their pledge to hold accountable foreign actors who assist in the hacking of US victims."

The SEA is best known for carrying out a number of hacking attacks against government and media organizations as part of its campaign to spread propaganda for the embattled leader of Syria, Bashar al-Assad. These included taking over AP's Twitter account and flash-crashing the US stock exchange with a report that a bomb had exploded in the White House.

Court documents [PDF] state that Romar got in contact with the SEA after the initial hacking campaign and offered to help. He was put in contact with Firas Dardar, known by the alias "Shadow" and one of the top ten targets on the FBI's Cyber Most Wanted list, and the two worked on the SEA's other agenda – extortion.

Dardar and his associates began a campaign of hacking Western businesses, gaining access to their servers, stealing sensitive information, and then demanding a ransom from their victim. If the organizations didn't cough up, the data would be sold off to other miscreants or made public. In many cases the victims paid up, and Romar acted as the group's money mule in Germany.

In November of 2013, Romar agreed to funnel the proceeds from an attack on a Cypriot company through his bank account and tried to send the funds to Syria. But it didn't work since sanctions meant German banks weren't allowing such transfers.

However, Romar found that Western Union in the US would accept those transfers, and the next month Dardar transferred €16,000 into Romar's PayPal account. Dardar told Romar he could keep €1,000 as a commission but Romar refused and performed the money transfer for free.

The two continued to hack companies and send the proceeds to Syria for the next six months before the authorities noticed that something fishy was going on. Romar was arrested, but Dardar remains at large and is currently thought to be residing in what's left of the Syrian city of Homs.

"Cybercriminals cannot hide from justice," said Dana Boente, US Attorney for the Eastern District of Virginia. "No matter where they are in the world, the United States will vigorously pursue those who commit crimes against US citizens or companies and hold them accountable for their actions." ®

Biting the hand that feeds IT © 1998–2021