A screen capture shows the hacked Amnesty Interntional blog Livewire, which was altered to give the appearance that the organization opposes support for Syrian rebel goups. (Screenshot: James Ball)
Supporters of the Syrian government hacked the Web site of Amnesty International, posting items that falsely accused the rebels of a string of atrocities.
The sophisticated cyberattack, which occurred Monday, was similar to the targeting this month of blogs operated by Reuters news service.
In Amnesty’s case, the primary target of the hacking appeared to be the group’s Livewire blog, which offers first-person perspectives and commentary from Amnesty researchers and fieldworkers.
According to Amnesty officials, social-media users began posting false items accusing the Syrian rebels of committing massacres that had been linked to government forces.
One fake blog post claimed rebel groups were responsible for a massacre in the town of Houla in May that killed 108 people, including 49 children. Amnesty’s actual position, shared by Western governments, is that Syrian government forces and militias were responsible for the killings.
The blog post concluded: “It is clear the Al Qaeda affiliated rebels are not going to stop their crimes. And with no accountability and a steady supply of weapons, why should they given they have come this far under NATO protection?
“Russia must immediately use its influence to end this violence and support the UN Security Council to end NATO’s reign of terror upon Syria and refer the situation in Syria to the International Criminal Court. Amnesty supporters have not forgotten the people of Syria and will continue to demand accountability for these horrific crimes against humanity.”
The post, headlined “Amnesty Calls on UN to stop the US, Qatar and Turkey funding and arming Syria Rebels,” also portrayed the group as condemning NATO and the governments of Turkey and Qatar for supplying rebel forces in Syria. The blog post included some accurate information, including that Amnesty had just produced a report based on firsthand fieldwork in the country.
Amnesty struggled through Monday evening to delete the posts from its site. According to a spokesman for the group, entries removed by technical-staff members would rapidly reappear on the site over the course of several hours.
A spokesman from Amnesty International in London said the system on which the blog ran did not contain sensitive data on activists or others. By Tuesday morning, the blog was back to its usual appearance.
“Amnesty International has been very blunt in the reporting that we’ve done and the eyewitness accounts that we’ve collected in Syria,” said Sanjeev Bery, Amnesty International USA’s advocacy director for the Middle East and North Africa. “It’s entirely possible that, given that we’ve been so forthright in criticizing the Syrian government for its crimes against humanity, that could conceivably make us the target of some kind of campaign.”
Bery said Amnesty’s position on the civil war in Syria has been clear.
“We are deeply concerned both about the continuing crimes against humanity perpetrated by the Syrian government through its forces as well as concerned by war crimes that have been committed both by the Syrian government armed forces and by some opposition forces,” he said.
Pro-Syrian-government Web sites and Twitter users continued to cite and promulgate the false information after it was taken down, claiming the post had originated from individuals within Amnesty “who no longer can handle the lies and outright propaganda of media outlets.”
There is no way to establish whether the Twitter accounts, which were mostly anonymous, were linked to the cyberattack, but pro-Syrian hackers have targeted the social network’s users before.
Reuters’s blog network was targeted on three occasions, with inserted stories portraying the regime of Syrian President Bashar al-Assad in positive ways. Some entries said the rebels were retreating, and one post on Aug. 17 falsely claimed that Saudi Arabia’s foreign minister was dead.
The attack on the news service is believed to have taken advantage of vulnerabilities in blogging software. Reuters blogs remained off-line more than 10 days after the most recent attack.
Several Reuters Twitter accounts were also compromised, and spoof accounts using the Reuters branding were also created. One, @ReutersME, posted messages suggesting rebel forces in Aleppo were on the brink of defeat, including: “Syrian army source anonymously states that Aleppo battle is like ‘shooting fish in a barrel’, says victory is near,” and “FSA source reveals that 2200 of their fighters were killed in Aleppo, demanding extra support from the ‘free world’.”
No one has claimed responsibility for either attack. The best-known pro-Assad hacking group calls itself the Syrian Electronic Army.
More world news coverage:
- France urges action in Syria
- ASEAN nations struggle with rivalries