Alleged Syrian hacker extradited to US

Alleged Syrian hacker extradited to US
© Getty Images

A Syrian national accused of being a hacker for a pro-government group was extradited to the United States on Monday, according to multiple sources.


Peter Romar, 36, had been living in Germany. He is accused of working with members of the so-called Syrian Electronic Army (SEA) to extort money from victims, including some U.S. companies.

He is expected to appear in federal court in the Eastern District of Virginia on Tuesday.

The group has been conducting cyberattacks in support of Syrian President Bashar Assad since 2011, U.S. officials told reporters on Monday. The group has gained notoriety for hijacking news organizations’ Twitter accounts and knocking their websites offline.

In April 2013, it hijacked an Associated Press Twitter account and tweeted “Breaking: Two explosions in the White House and Barack ObamaBarack Hussein ObamaCampaign dads fit fatherhood between presidential speeches Trump: Obama 'had to know' of 'setup' to block presidential bid 2020 Democrats mark 7th anniversary of DACA MORE is injured.” 

The group has also conducted a years-long campaign to infiltrate U.S. government networks, including the Executive Office of the President, according to Justice Department prosecutors.

According to charges against Romar, unsealed in March, he worked with Firas Dardar — one of the FBI’s Cyber Most Wanted, known online as “The Shadow” — to intimidate and extort his victims.

The pair would gain unauthorized access to a victim’s computer, then threaten to damage the device, delete data or sell stolen data unless the victim paid up.

"While some of the activity sought to harm the economic and national security of the United States in the name of Syria, these allegations [against Romar] reveal that [SEA members] also used extortion to try to line their own pockets,” Assistant Attorney General John P. Carlin said in March.

In at least one case, Dardar attempted to use his affiliation with the SEA to instill fear in his victim, the complaint alleges.

If a victim was unable to make the extortion payments to the group’s Syrian bank account — due to sanctions on Syria or other international regulations — Romar allegedly would act as an intermediary in an attempt to evade those sanctions.

“The allegations in the complaint demonstrate that the line between ordinary criminal hackers and potential national security threats is increasingly blurry,” Carlin said.

Dardar and one other man allegedly involved in the conspiracy, Ahmad Umar Agha, are believed to be in Syria.

According to prosecutors, Agha and Dardar were behind barrages of so-called spear phishing attacks, which use fake emails designed to lure people into giving up personal information. Frequently, they would ask for login details, then use that information to infiltrate Twitter accounts — like the AP, and later, a recruiting site for the U.S. Marine Corps. 

The FBI is offering a $100,000 reward for information that leads to their arrest.