Ahmad 'Umar Agha and Firas Dardar are charged with conspiracy and aggravated identity theft. As part of the "Syrian Electronic Army," a group of computer hackers, the two allegedly sent targeted emails to their victims in an effort to collect user names and passwords. The case is filed in a federal court in Virginia.
Some of those efforts were successful -- hackers published content to a Reuters journalists' blog along with the news agency's Twitter account. They also tricked a White House employee into handing over a username and password for a personal email account, which hackers then used to try to solicit more credentials from White House-affiliated accounts.
Agha and Dardar have no lawyers listed as representatives. The Syrian Embassy in the US has been closed since 2014.
The alleged attackers' methods show an escalating use of stolen login credentials. The indictment says that once Agha and Dardar had access to an email account linked to the United Nations Refugee Agency domain, the hackers used it to send phishing emails to employees at National Public Radio. "As a result, the SEA obtained the usernames and passwords of more than 40 NPR employees," the indictment says.
Other targets included the Washington Post, the AP, CNN and the satirical site The Onion.
The indictment came the same day a jury in a different federal court case in Virginia found Ruslan Bondars, who was extradited from Latvia, guilty of crimes related to running a business that helped hackers evade antivirus software.
Correction, 7:04 p.m.: Removes incorrect information about Bondars' nationality.
'Hello, humans': Google's Duplex could make Assistant the most lifelike AI yet.
Cambridge Analytica: Everything you need to know about Facebook's data mining scandal.