Attacks/Breaches
11/30/2012
10:39 AM
50%
50%

Syria Hits Internet Kill Switch; Blackout Continues

For more than 24 hours, Internet access has been disabled for nearly all of Syria. Anonymous has renewed its attack on Syrian government websites.

The government of Syria Thursday apparently hit a "kill switch" for the country's Internet, and more than 24 hours later, the country's broadband Internet connections remained offline. In addition, many of the country's private branch exchange (PBX) telephone networks and mobile networks were also offline.

"Starting at 10:26 UTC on Thursday, 29 November (12:26pm in Damascus), Syria's international Internet connectivity shut down," according to a report published by Internet intelligence firm Renesys. "In the global routing table, all 84 of Syria's IP address blocks have become unreachable, effectively removing the country from the Internet."

Renesys noted that all trace routes into Syria were also failing -- consistent with what would be an Internet blackout in the country -- and no customer networks on the country's primary Internet network, known as the Syrian Telecommunications Establishment, were reachable. Likewise, according to the Google Transparency Report, as of Friday morning, all Google services were unreachable from Syria.

Some Syrian Internet and cellular networks were last blacked out for 10 days in September, causing rebels and activists to have to communicate via satellite phone. But that outage was localized to Aleppo, which Friday was the scene of government airstrikes.

[ War of words and hacked websites continues in the Mideast. See Gaza Ceasefire Doesn't Hold Online: New Anonymous Hack. ]

The new, Syria-wide Internet outage may be a direct response by the government of President Bashar al-Assad to recent tactical victories by rebels. Notably, they've recently captured a key airbase near Aleppo, and have used looted surface-to-air missiles to down government aircraft.

Interestingly, not all of the Syrian government's Internet assets appear to have gone dark. "Now, there are a few Syrian networks that are still connected to the Internet, still reachable by trace routes and indeed still hosting Syrian content," reported Renesys. "These are five networks that use Syrian-registered IP space, but the originator of the routes is actually Tata Communications. These are potentially offshore, rather than domestic, and perhaps not subject to whatever killswitch was thrown [Thursday] within Syria."

According to Renesys, the five servers that are still Internet-connected -- and apparently hosted offshore by India-based Tata -- were previously seen in May 2012 supporting a malware campaign that targeted Syrian activists.

The Syrian government's decision to shut down the country's Internet connection wasn't unexpected. "There have been enough rumors that the more tech-savvy folks are expecting it," Jillian C. York, director for international freedom of expression for the Electronic Frontier Foundation, told CNN last month.

For comparison's sake, "in Egypt, you could say no one would have expected that," she said, referring to the nearly week-long Internet blackout in Egypt -- ordered by former President Hosni Mubarak's government -- that began in January 2011, after a week of mass protests spread throughout the country. After an 18-day revolt, Mubarak stepped down.

In Syria, however, despite a 20-month revolt against President al-Assad and bloody civil war, opposition forces hadn't been unable to create a unified front. But earlier this week, a Syrian opposition coalition met to discuss the creation of a transitional government, which will be crucial for gaining Arab and Western support. Furthermore, President Obama, in the wake of his reelection victory and the rebels' recent tactical successes, is reportedly considering directly arming the Syrian rebels, reported The New York Times.

While Syria may be offline, the blackout has driven members of the hacktivist collective Anonymous to intensify their efforts in support of the country's activists and rebels. As part of what the hacktivist collective has dubbed Operation Syria, an Anonymous-issued update Friday called on its supporters to launch DDoS attacks against Syrian embassies in Beijing, as well as in Australia.

Earlier this week, meanwhile, Anonymous leaked numerous documents related to Syria, as part of its ongoing Syria Files project. The latest trove of documents released included scans of passports for Syrian ministers, as well as details of alleged arms deals and monetary shipments.

"Within the stash you will find details about cargo flights from Russia, each containing 30 tons of fresh Syrian cash, as ProPublica has already reported today," according to an Anonymous statement. "Furthermore you will find lulzy documents such as scanned passports from Syrian ministers (PDF) and details about arms transportation from Ukraine, as shown in our teaser here (email/txt) and here (overflight permission for Iran, PDF). Most of the material is in Arabic and we invite all Arabic speakers to look through the mails for interesting documents."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Number 6
50%
50%
Number 6,
User Rank: Apprentice
11/30/2012 | 9:43:30 PM
re: Syria Hits Internet Kill Switch; Blackout Continues
Of course, that would never happen here, right?

Search CNET for title "Senators propose granting president emergency Internet power" from June 2010, and then the Wikipedia article on "Internet Kill Switch" for the full history.
UberGoober
50%
50%
UberGoober,
User Rank: Apprentice
11/30/2012 | 6:32:12 PM
re: Syria Hits Internet Kill Switch; Blackout Continues
Shutting down the Internet is big news, but decades of real physical tyranny skimmed over and 30,000 dead not mentioned. Gee. now we know what's important!
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.