Annex a - Data Source Breakdown

Annex A - Data Source Breakdown

Master Category / Sub-categories / Source Type / Description / Example
Technical data / WhoIs data / Primary / Created when a user registers a web domain with an Internet registrar; a WhoIs record contains many human-readable fields, including postal and email addresses of the domain owner, many of which can be falsified, but the domain creation date, by necessity, tends to be accurate / http://whois.domaintools.com/syrian-es.com — the WhoIs record for Syrian-es.com, previously one of the ‘home’ pages of the SEA
Internet archive: Wayback Machine / Secondary / A historical record of a web domain’s content / https://web.archive.org/web/*/http://www.syrian-es.com/ — the web archive file for the Syrian-es.com domain
‘Witness’ sites / Secondary / Websites used by hackers to archive their successful hacking exploits — typically a screenshot of a defaced website / http://www.zone-h.org/mirror/id/24311220 — Zone H repository of hacked sites showing a record of a hacked site (http://digitalden.co.ke), claimed by the SEA
Twitter and other social media accounts attributed to the SEA / Primary / Certain social media accounts credibly attributed to the SEA / https://twitter.com/official_sea16?lang=en-gb — current SEA Twitter account
Mainstream media commentary / - / Secondary / Professional journalistic publications that cover computer hacking stories and more mainstream topics / https://www.washingtonpost.com/news/worldviews/wp/2013/04/23/syrian-hackers-claim-ap-hack-that-tipped-stock-market-by-136-billion-is-it-terrorism/ — article linking an SEA hack to the fall in the value of the US stock market
Analyst and cyber security industry commentary / Analyst blog / Primary / The direct blog posts of cyber security analysts, which are often based on primary-source research / http://krebsonsecurity.com/wp-content/uploads/2013/08/SEAwhitelist.png — article analysing data purportedly taken from an SEA server
Industry white paper / Secondary / Fused analysis by cyber security experts on primary and secondary sources of data / http://www.slideshare.net/RDSWEB/intel-crawler — paper dealing with the SEA’s attack history and personas within the SEA
Event aggregator / Secondary / Collated hacking event aggregation / http://www.hackmageddon.com/
Data leaks / - / Secondary / A conglomerate of more than two million email messages between the pro-Assad Syrian leadership from 2006 to 2012, amassed by WikiLeaks and originating from an undisclosed source / https://wikileaks.org/Syria-Files.html
Academic papers / - / Secondary / Academic publications about the SEA / https://www.academia.edu/3469770/Syrian_Electronic_Army
Authorised government disclosures / - / Primary / Official releases of transcriptions of Assad speeches, FBI arrest warrants, and other such disclosures / https://www.fbi.gov/news/stories/2016/march/two-from-syrian-electronic-army-added-to-cybers-most-wanted/two-from-syrian-electronic-army-added-to-cybers-most-wanted