The US has named and charged three men it believes were involved in cyber-attacks carried out by a group calling itself the Syrian Electronic Army.
The organisation hijacked prominent social media accounts and defaced and blocked access to websites. Two of the men are also accused of extortion.
One of the suspects – Peter Romar – has already been arrested in Germany.
The US Department of Justice says it believes the other two – Ahmad Umar Agha and Firas Dardar – are in Syria.
The FBI has offered a reward of $100,000 (£70,500) for information that leads to their arrests.
First reports of actions by the Syrian Electronic Army (SEA) came in 2011.
The hackers claimed to be acting in support of President Bashar al-Assad saying they sought to counter “fabricated news” broadcast by Arab and Western media.
Agha – aged 22 – is alleged to be the identity of a member who used the nickname The Pro, and Dardar – aged 27 – is said to be The Shadow.
Officials say the two sent spoof emails that fooled people into revealing work log-in details.
“Agha and Dardar would allegedly use stolen usernames and passwords to deface websites, redirect domains to sites controlled or utilised by the conspiracy, steal email and hijack social media accounts,” said a DoJ statement.
“In April 2013, a member of the conspiracy compromised the Twitter account of a prominent media organisation [Associated Press] and released a tweet claiming that a bomb had exploded at the White House and injured the president.
“In a later 2013 intrusion, through a third-party vendor, the conspirators gained control over a recruiting website for the US Marine Corps and posted a defacement encouraging US marines to refuse [their] orders.”
Other victims are said to have included:
- Harvard University
- Washington Post
- New York Post
- Human Rights Watch
- National Public Radio (NPR)
- Huffington Post
- Time magazine
Dardar and Romar are also accused of hacking into businesses’ computer systems for personal profit.
“The pair would hack into the victims’ computers and then threaten to damage computers, and delete or sell the data unless they were paid a ransom,” said the FBI.
The targeted companies are not named, but the DoJ said one was a UK-based web hosting company and another an international online entertainment service.
In at least one instance, Dardar is said to have used his involvement with the SEA as a way to have “instilled fear” in his targets in order to extort funds.
The US authorities said they had confirmed the two men’s involvement by using court-authorised search warrants to obtain access to Gmail and Facebook accounts they had used as part of their scams.
“The allegations in the complaint demonstrate that the line between ordinary criminal hackers and potential security threats is increasingly blurry,” commented John Carlin, the US’s assistant attorney general for national security.