The STFD-686 app operated with disarming simplicity. It offered the promise of financial aid, requiring only that the victim fill out a few personal details. It asked innocent questions: “What kind of assistance are you expecting?” and “Tell us more about your financial situation.”
The expected answer was clear: financial help. In return, users would supposedly receive monthly cash transfers of around 400,000 Syrian pounds — roughly $40 at the time — sent anonymously via local money transfer companies. Sending small sums across Syria, whether under real or fictitious names, required nothing more than a phone number, and the black market was teeming with intermediaries ready to facilitate such transfers.
On the surface, the app appeared to offer a special service for officers. Its first disguise was a humanitarian one: claiming to support the “heroes of the Syrian Arab Army” through a new initiative, while showcasing photos of real activities from the official Syria Trust for Development website.
The second mask was emotional, employing reverent language that praised the soldiers’ sacrifices: “They give their lives so that Syria may live with pride and dignity.” The third was nationalistic, and framed the app as a “patriotic initiative” designed to bolster loyalty, and this mask proved the most persuasive.
The fourth mask was visual: The app’s name, both in English and Arabic, mirrored the official organization exactly. Even the logo was an identical replica of Syria Trust’s emblem.
Once downloaded, the app opened a simple web interface embedded within the application, which redirected users to external websites that didn’t display in the app bar. The sites, syr1.store and syr1.online, mimicked the official domain of Syria Trust (syriatrust.sy). The use of “syr1,” an abbreviation of Syria, in the domain name seemed plausible enough, and few users paid much mind. In this case, no special attention was given to the URL; it was simply assumed to be trustworthy.
To access the questionnaire, users were asked to submit a series of seemingly innocent details: full name, wife’s name, number of children, place and date of birth. But the questions quickly escalated into riskier territory: the user’s phone number, military rank and exact service location down to the corps, division, brigade and battalion.
Determining officers’ ranks made it possible for the app’s operators to identify thos
Post too long. Click here to view the full text.