How a Miami Company Cyber Attacked Rebels in Syria

Across rebel-held Syria last September, an innocuous-seeming image of a man kissing a woman flashed across computer screens. It prompted curiosity and clicks. But as rebels soon learned, the image was actually a virus, and they'd just infected their computers. For months, as Syria descended deeper into chaos and President Barack Obama threatened war, no one knew who had created the virus, or why.

Until now.

The source of the virus, which roiled international press and at first appeared to indict the Syrian Electronic Army, was actually much closer to home.

Computer experts say the Miami company Avesta Networks LLC, headquartered in a beige office building at 7950 NW 53rd St. until it was shuttered last year, was the source of the malware, which opened computers like treasure chests and allowed malicious hackers to make off with all the gold.

The connection was discovered by the Electronic Frontier Foundation. The nonprofit organization on December 28 released a report explaining how it used IP addresses to trace the source of the virus. In a message to New Times, Avesta Networks denies that allegation: "Let me assure you that Avesta Networks was never involved in any sort of criminal act directly, and is not planning to do so in the future."

"With that said, we absolutely deny and sort of relationship with any online crime that took place in our network. We never let that continue for more than 24 hours."

Either way, the Miami-based attack represented one more bit of cyber espionage in a conflict already glutted with it. A clandestine group called the Syrian Electronic Army, which supports embattled President Bashar al-Assad, has targeted Western news organizations it perceives as perpetuating bias against him. It's taken on the Washington Post, New York Times, and Associated Press (but not New Times!).

Now, Avesta Networks, which has pumped out Trojans and other malware before, has become the newest culprit in what's become an international match of cyber brinkmanship.

The company's owner, Aria Fahimipour, is a slender Iranian with a wide smile and a well-groomed beard. He didn't return requests for comment, but according to his LinkedIn account, he's owned the company for eight years -- although state business records show Avesta existed only between 2012 and 2013. He's also worked for an Iranian company, HostIran Networks, and claims to reside in the United Arab Emirates. (The Iranian government has expressed open support for al-Assad.)

It's unclear what else, precisely, Avesta Networks does, if anything. Its website is broken, no one answered its phone when New Times called, and its Facebook page has exactly nine "likes." The Facebook page declares in wonky terms that the company offers "multi location hyper-v hosting solutions."

"It's clearly a shell company," says Dave Mass of the Electronic Frontier Foundation, which has investigated Avesta. Mass says the Miami company is "pumping out Trojans and viruses and targeting Syrian activists... It's just strange."

It's unclear whether Fahimipour himself authored the viruses. One of the only digital words he's left behind are in a comment about a YouTube video called "A Night in Tehran Allah."

"The only thing we have is GOD!" Fahimipour wrote. "We are all with you, all over the world. God is great!"

Send your story tips to author, Terrence McCoy or follow him on Twitter.

Follow Miami New Times on Facebook and Twitter @MiamiNewTimes.

We use cookies to collect and analyze information on site performance and usage, and to enhance and customize content and advertisements. By clicking 'X' or continuing to use the site, you agree to allow cookies to be placed. To find out more, visit our cookies policy and our privacy policy.


Join the New Times community and help support independent local journalism in Miami.


Join the New Times community and help support independent local journalism in Miami.