- On Tuesday afternoon, the New York Times website went down for several hours
- James Lewis: Syrian Electronic Army launched the attack to protest the West
- He says the group of "patriotic hackers" dislike U.S. media portrayal of al-Assad regime
- Lewis: Some audiences in the Mideast enjoy seeing Western institutions humbled
Editor's note: James Lewis is director and senior fellow of Technology and Public Policy Program at the Center for Strategic and International Studies.
(CNN) -- On Tuesday afternoon, the New York Times website experienced wide outage for several hours. Who has the nerve and ability to take down one of the most iconic newspapers in the world?
The Syrian Electronic Army, which is loyal to Syrian President Bashar al-Assad, takes responsibility for the hack. This is not the first time the Syrian Electronic Army has attacked news organizations. The Washington Post, AP and others have been targeted in recent months as well.
If the New York Times saw Syrian activists spray-painting slogans on its building, it could summon the minions of the law to detain them. But if you live far away in a place where American law does not apply, you are safe. It does not take much skill to intrude in cyberspace, and you can find free tools on the Internet that will let you stage a protest or an attack.
When you log on to the Internet, you can send packets of digital data around the world in seconds. The speed of global connectivity gives the illusion that there are no borders. But this is not true. There are borders in cyberspace, they are just badly defended.
The combination of high speeds, global reach and weak defenses means that someone sitting in Damascus or Tehran can take action in New York or Australia as easily as they could against the building across the street -- perhaps even easier as they won't have to leave their chair.
The Syrian Electronic Army's attacks are a form of protest against Western media's portrayal of the Assad regime. Most experts think the Syrian Electronic Army is not the Syrian government, but "patriotic hackers" who support it. This makes them harder to control and harder to find. The Syrian Electronic Army takes public diplomacy to a new level, letting individuals make their voices known on issues as easily as a government.
What we have seen from the Syrian Electronic Army is political action and sometimes political theater. Hacker groups like Anonymous, WikiLeaks or the Syrian Electronic Army have a symbiotic relationship with media that helps turn minor exploits into front-page news. The Syrian Electronic Army likes to go after the media because this is one way to make sure your message is heard. The Syrian Electronic Army's message to the Western media is one of scorn, ridicule and belittlement.
This week's attack showed more skill than earlier episodes. It resembled a cyber attack made by Iran against dissidents in 2011. Perhaps the Iranians are helping the SEA in cyberspace, but it's more likely that they provided inspiration.
The Syrian Electronic Army broke into the Australian company that hosts The Times' website (called a registrar) and changed its Internet addresses. This redirection was invisible to users who tried to visit NYTimes.com -- they either couldn't connect or were sent to another website controlled by the Syrians. The hackers got inside the target network and made some fundamental changes to how it worked. Some security experts have pointed out that The Times made its own networks vulnerable because of a "misstep" and as a result its website was easier to hack.
So far, the Syrian Electronic Army's actions have been embarrassing rather than damaging. The attackers probably don't know how to carry out a more destructive attack. But with time they could easily learn.
The Syrian Electronic Army's hacking won't change the outcome of the conflict in Syria (whatever that will be), but we don't want to discount the political effect of their actions. Some audiences in the Middle East likely enjoy seeing Western institutions humbled, and the Syrian Electronic Army is helping to dispel a sense of powerlessness against the Western behemoth. It boosts morale.
We also don't want to discount the risks. If the Syrian Electronic Army can slip by feeble defenses to make fun of the media, someone else might be able to get in and cause more serious disruption. There are a lot of reasons why the Syrian Electronic Army might choose not to launch this kind of crippling cyber attack, but the strength of our defense isn't one of them.
There are things that companies can do to protect themselves. Australia's Signals Directorate, the equivalent of NSA, has a list of mitigation strategies that would have block most of the Syrian Electronic Army does, but they aren't well known in the U.S.
The global Internet brings tremendous, benefit but the threats are growing faster than our defenses. It's a vulnerable place with few rules. Until this is changed, hacks on The New York Times and others will be the norm, not the exception.
Follow us on Twitter @CNNOpinion.
Join us on Facebook/CNNOpinion.
The opinions expressed in this commentary are solely those of James Lewis.
