Syrian hacking suspect extradited to US from Germany

By ELLEN NAKASHIMA | The Washington Post | Published: May 9, 2016

WASHINGTON — An alleged hacker with the Syrian Electronic Army, a group that supports the Syrian government, has been extradited to the United States from Germany on charges of conspiracy linked to a hacking-related extortion scheme, U.S. officials said Monday.

Peter Romar, 36, was put on a plane to Dulles International Airport on Monday, the officials said. He is expected to appear in federal court in the Eastern District of Virginia on Tuesday.

Romar, a Syrian national who was living in Waltershausen, Germany, worked with members of the Syrian Electronic Army to extort money from victims, including online companies in the United States, according to a criminal complaint unsealed in March.

The SEA is a hacking group that has been involved since at least 2011 in computer intrusions in support of Syrian President Bashar al-Assad, officials said.

Between 2013 and 2014, Firas Dardar, a member of the SEA who lived in Homs, Syria, hacked at least 14 private companies in the United States, China, Europe and elsewhere; at least one company has a server in Ashburn, Virginia, according to the complaint.

After gaining access to the victim's computer, Dardar would redirect legitimate Internet traffic away from the company's systems, deface website text, send messages using the victim's accounts, steal data and engage in other illegal activities, according to prosecutors.

He would then demand payments from the victim, threatening further damage or to sell stolen information to other hackers if the company didn't pay, according to the complaint. Dardar demanded in total more than $500,000 from individual companies as part of the extortion scheme, although he and Romar accepted smaller amounts in many instances.

Romar would receive payments from victims who could not transmit money directly to Dardar because of international sanctions against Syria, prosecutors said. He would then find a way to get the money to Syria. In a case involving a web-hosting company in California, he forwarded the money to an intermediary in Lebanon, according to the complaint.

In another case, this one involving a hack of a Swiss web-hosting company, Dardar arranged for a payment of 5,000 euros, or about $5,700, for a report on how he conducted the intrusion. According to the complaint, Dardar told the company to send the money to Romar's PayPal account.

Dardar, Romar and a third SEA hacker, Ahmad Umar Agha, were charged in September with a string of hacking-related crimes. Dardar and Agha's targets allegedly included Harvard University, The Washington Post, the White House, USA Today, NASA and Microsoft.

In one notable 2013 hack, the SEA said it hijacked The Associated Press's Twitter account and sent out a tweet that falsely reported an explosion at the White House had injured President Barack Obama. The hoax caused a $136 billion dip in the stock market.

Agha and Dardar, believed to be in Syria, have been placed on the FBI's "Cyber Most Wanted" list. The agency is offering $100,000 rewards for information leading to their arrests, according to a Justice Department press release.