Attacks/Breaches
11/30/2012
10:39 AM
50%
50%

Syria Hits Internet Kill Switch; Blackout Continues

For more than 24 hours, Internet access has been disabled for nearly all of Syria. Anonymous has renewed its attack on Syrian government websites.

The government of Syria Thursday apparently hit a "kill switch" for the country's Internet, and more than 24 hours later, the country's broadband Internet connections remained offline. In addition, many of the country's private branch exchange (PBX) telephone networks and mobile networks were also offline.

"Starting at 10:26 UTC on Thursday, 29 November (12:26pm in Damascus), Syria's international Internet connectivity shut down," according to a report published by Internet intelligence firm Renesys. "In the global routing table, all 84 of Syria's IP address blocks have become unreachable, effectively removing the country from the Internet."

Renesys noted that all trace routes into Syria were also failing -- consistent with what would be an Internet blackout in the country -- and no customer networks on the country's primary Internet network, known as the Syrian Telecommunications Establishment, were reachable. Likewise, according to the Google Transparency Report, as of Friday morning, all Google services were unreachable from Syria.

Some Syrian Internet and cellular networks were last blacked out for 10 days in September, causing rebels and activists to have to communicate via satellite phone. But that outage was localized to Aleppo, which Friday was the scene of government airstrikes.

[ War of words and hacked websites continues in the Mideast. See Gaza Ceasefire Doesn't Hold Online: New Anonymous Hack. ]

The new, Syria-wide Internet outage may be a direct response by the government of President Bashar al-Assad to recent tactical victories by rebels. Notably, they've recently captured a key airbase near Aleppo, and have used looted surface-to-air missiles to down government aircraft.

Interestingly, not all of the Syrian government's Internet assets appear to have gone dark. "Now, there are a few Syrian networks that are still connected to the Internet, still reachable by trace routes and indeed still hosting Syrian content," reported Renesys. "These are five networks that use Syrian-registered IP space, but the originator of the routes is actually Tata Communications. These are potentially offshore, rather than domestic, and perhaps not subject to whatever killswitch was thrown [Thursday] within Syria."

According to Renesys, the five servers that are still Internet-connected -- and apparently hosted offshore by India-based Tata -- were previously seen in May 2012 supporting a malware campaign that targeted Syrian activists.

The Syrian government's decision to shut down the country's Internet connection wasn't unexpected. "There have been enough rumors that the more tech-savvy folks are expecting it," Jillian C. York, director for international freedom of expression for the Electronic Frontier Foundation, told CNN last month.

For comparison's sake, "in Egypt, you could say no one would have expected that," she said, referring to the nearly week-long Internet blackout in Egypt -- ordered by former President Hosni Mubarak's government -- that began in January 2011, after a week of mass protests spread throughout the country. After an 18-day revolt, Mubarak stepped down.

In Syria, however, despite a 20-month revolt against President al-Assad and bloody civil war, opposition forces hadn't been unable to create a unified front. But earlier this week, a Syrian opposition coalition met to discuss the creation of a transitional government, which will be crucial for gaining Arab and Western support. Furthermore, President Obama, in the wake of his reelection victory and the rebels' recent tactical successes, is reportedly considering directly arming the Syrian rebels, reported The New York Times.

While Syria may be offline, the blackout has driven members of the hacktivist collective Anonymous to intensify their efforts in support of the country's activists and rebels. As part of what the hacktivist collective has dubbed Operation Syria, an Anonymous-issued update Friday called on its supporters to launch DDoS attacks against Syrian embassies in Beijing, as well as in Australia.

Earlier this week, meanwhile, Anonymous leaked numerous documents related to Syria, as part of its ongoing Syria Files project. The latest trove of documents released included scans of passports for Syrian ministers, as well as details of alleged arms deals and monetary shipments.

"Within the stash you will find details about cargo flights from Russia, each containing 30 tons of fresh Syrian cash, as ProPublica has already reported today," according to an Anonymous statement. "Furthermore you will find lulzy documents such as scanned passports from Syrian ministers (PDF) and details about arms transportation from Ukraine, as shown in our teaser here (email/txt) and here (overflight permission for Iran, PDF). Most of the material is in Arabic and we invite all Arabic speakers to look through the mails for interesting documents."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Number 6
50%
50%
Number 6,
User Rank: Apprentice
11/30/2012 | 9:43:30 PM
re: Syria Hits Internet Kill Switch; Blackout Continues
Of course, that would never happen here, right?

Search CNET for title "Senators propose granting president emergency Internet power" from June 2010, and then the Wikipedia article on "Internet Kill Switch" for the full history.
UberGoober
50%
50%
UberGoober,
User Rank: Apprentice
11/30/2012 | 6:32:12 PM
re: Syria Hits Internet Kill Switch; Blackout Continues
Shutting down the Internet is big news, but decades of real physical tyranny skimmed over and 30,000 dead not mentioned. Gee. now we know what's important!
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, January 2015
To find and fix exploits aimed directly at your business, stop waiting for alerts and become a proactive hunter.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3580
Published: 2014-12-18
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.

CVE-2014-6076
Published: 2014-12-18
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to conduct clickjacking attacks via a crafted web site.

CVE-2014-6077
Published: 2014-12-18
Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

CVE-2014-6078
Published: 2014-12-18
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not have a lockout period after invalid login attempts, which makes it easier for remote attackers to obtain admin access via a brute-force attack.

CVE-2014-6080
Published: 2014-12-18
SQL injection vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.