Attacks/Breaches
11/30/2012
10:39 AM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Syria Hits Internet Kill Switch; Blackout Continues

For more than 24 hours, Internet access has been disabled for nearly all of Syria. Anonymous has renewed its attack on Syrian government websites.

The government of Syria Thursday apparently hit a "kill switch" for the country's Internet, and more than 24 hours later, the country's broadband Internet connections remained offline. In addition, many of the country's private branch exchange (PBX) telephone networks and mobile networks were also offline.

"Starting at 10:26 UTC on Thursday, 29 November (12:26pm in Damascus), Syria's international Internet connectivity shut down," according to a report published by Internet intelligence firm Renesys. "In the global routing table, all 84 of Syria's IP address blocks have become unreachable, effectively removing the country from the Internet."

Renesys noted that all trace routes into Syria were also failing -- consistent with what would be an Internet blackout in the country -- and no customer networks on the country's primary Internet network, known as the Syrian Telecommunications Establishment, were reachable. Likewise, according to the Google Transparency Report, as of Friday morning, all Google services were unreachable from Syria.

Some Syrian Internet and cellular networks were last blacked out for 10 days in September, causing rebels and activists to have to communicate via satellite phone. But that outage was localized to Aleppo, which Friday was the scene of government airstrikes.

[ War of words and hacked websites continues in the Mideast. See Gaza Ceasefire Doesn't Hold Online: New Anonymous Hack. ]

The new, Syria-wide Internet outage may be a direct response by the government of President Bashar al-Assad to recent tactical victories by rebels. Notably, they've recently captured a key airbase near Aleppo, and have used looted surface-to-air missiles to down government aircraft.

Interestingly, not all of the Syrian government's Internet assets appear to have gone dark. "Now, there are a few Syrian networks that are still connected to the Internet, still reachable by trace routes and indeed still hosting Syrian content," reported Renesys. "These are five networks that use Syrian-registered IP space, but the originator of the routes is actually Tata Communications. These are potentially offshore, rather than domestic, and perhaps not subject to whatever killswitch was thrown [Thursday] within Syria."

According to Renesys, the five servers that are still Internet-connected -- and apparently hosted offshore by India-based Tata -- were previously seen in May 2012 supporting a malware campaign that targeted Syrian activists.

The Syrian government's decision to shut down the country's Internet connection wasn't unexpected. "There have been enough rumors that the more tech-savvy folks are expecting it," Jillian C. York, director for international freedom of expression for the Electronic Frontier Foundation, told CNN last month.

For comparison's sake, "in Egypt, you could say no one would have expected that," she said, referring to the nearly week-long Internet blackout in Egypt -- ordered by former President Hosni Mubarak's government -- that began in January 2011, after a week of mass protests spread throughout the country. After an 18-day revolt, Mubarak stepped down.

In Syria, however, despite a 20-month revolt against President al-Assad and bloody civil war, opposition forces hadn't been unable to create a unified front. But earlier this week, a Syrian opposition coalition met to discuss the creation of a transitional government, which will be crucial for gaining Arab and Western support. Furthermore, President Obama, in the wake of his reelection victory and the rebels' recent tactical successes, is reportedly considering directly arming the Syrian rebels, reported The New York Times.

While Syria may be offline, the blackout has driven members of the hacktivist collective Anonymous to intensify their efforts in support of the country's activists and rebels. As part of what the hacktivist collective has dubbed Operation Syria, an Anonymous-issued update Friday called on its supporters to launch DDoS attacks against Syrian embassies in Beijing, as well as in Australia.

Earlier this week, meanwhile, Anonymous leaked numerous documents related to Syria, as part of its ongoing Syria Files project. The latest trove of documents released included scans of passports for Syrian ministers, as well as details of alleged arms deals and monetary shipments.

"Within the stash you will find details about cargo flights from Russia, each containing 30 tons of fresh Syrian cash, as ProPublica has already reported today," according to an Anonymous statement. "Furthermore you will find lulzy documents such as scanned passports from Syrian ministers (PDF) and details about arms transportation from Ukraine, as shown in our teaser here (email/txt) and here (overflight permission for Iran, PDF). Most of the material is in Arabic and we invite all Arabic speakers to look through the mails for interesting documents."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Number 6
50%
50%
Number 6,
User Rank: Apprentice
11/30/2012 | 9:43:30 PM
re: Syria Hits Internet Kill Switch; Blackout Continues
Of course, that would never happen here, right?

Search CNET for title "Senators propose granting president emergency Internet power" from June 2010, and then the Wikipedia article on "Internet Kill Switch" for the full history.
UberGoober
50%
50%
UberGoober,
User Rank: Apprentice
11/30/2012 | 6:32:12 PM
re: Syria Hits Internet Kill Switch; Blackout Continues
Shutting down the Internet is big news, but decades of real physical tyranny skimmed over and 30,000 dead not mentioned. Gee. now we know what's important!
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web