Attacks/Breaches
11/30/2012
10:39 AM
Connect Directly
RSS
E-Mail
50%
50%

Syria Hits Internet Kill Switch; Blackout Continues

For more than 24 hours, Internet access has been disabled for nearly all of Syria. Anonymous has renewed its attack on Syrian government websites.

The government of Syria Thursday apparently hit a "kill switch" for the country's Internet, and more than 24 hours later, the country's broadband Internet connections remained offline. In addition, many of the country's private branch exchange (PBX) telephone networks and mobile networks were also offline.

"Starting at 10:26 UTC on Thursday, 29 November (12:26pm in Damascus), Syria's international Internet connectivity shut down," according to a report published by Internet intelligence firm Renesys. "In the global routing table, all 84 of Syria's IP address blocks have become unreachable, effectively removing the country from the Internet."

Renesys noted that all trace routes into Syria were also failing -- consistent with what would be an Internet blackout in the country -- and no customer networks on the country's primary Internet network, known as the Syrian Telecommunications Establishment, were reachable. Likewise, according to the Google Transparency Report, as of Friday morning, all Google services were unreachable from Syria.

Some Syrian Internet and cellular networks were last blacked out for 10 days in September, causing rebels and activists to have to communicate via satellite phone. But that outage was localized to Aleppo, which Friday was the scene of government airstrikes.

[ War of words and hacked websites continues in the Mideast. See Gaza Ceasefire Doesn't Hold Online: New Anonymous Hack. ]

The new, Syria-wide Internet outage may be a direct response by the government of President Bashar al-Assad to recent tactical victories by rebels. Notably, they've recently captured a key airbase near Aleppo, and have used looted surface-to-air missiles to down government aircraft.

Interestingly, not all of the Syrian government's Internet assets appear to have gone dark. "Now, there are a few Syrian networks that are still connected to the Internet, still reachable by trace routes and indeed still hosting Syrian content," reported Renesys. "These are five networks that use Syrian-registered IP space, but the originator of the routes is actually Tata Communications. These are potentially offshore, rather than domestic, and perhaps not subject to whatever killswitch was thrown [Thursday] within Syria."

According to Renesys, the five servers that are still Internet-connected -- and apparently hosted offshore by India-based Tata -- were previously seen in May 2012 supporting a malware campaign that targeted Syrian activists.

The Syrian government's decision to shut down the country's Internet connection wasn't unexpected. "There have been enough rumors that the more tech-savvy folks are expecting it," Jillian C. York, director for international freedom of expression for the Electronic Frontier Foundation, told CNN last month.

For comparison's sake, "in Egypt, you could say no one would have expected that," she said, referring to the nearly week-long Internet blackout in Egypt -- ordered by former President Hosni Mubarak's government -- that began in January 2011, after a week of mass protests spread throughout the country. After an 18-day revolt, Mubarak stepped down.

In Syria, however, despite a 20-month revolt against President al-Assad and bloody civil war, opposition forces hadn't been unable to create a unified front. But earlier this week, a Syrian opposition coalition met to discuss the creation of a transitional government, which will be crucial for gaining Arab and Western support. Furthermore, President Obama, in the wake of his reelection victory and the rebels' recent tactical successes, is reportedly considering directly arming the Syrian rebels, reported The New York Times.

While Syria may be offline, the blackout has driven members of the hacktivist collective Anonymous to intensify their efforts in support of the country's activists and rebels. As part of what the hacktivist collective has dubbed Operation Syria, an Anonymous-issued update Friday called on its supporters to launch DDoS attacks against Syrian embassies in Beijing, as well as in Australia.

Earlier this week, meanwhile, Anonymous leaked numerous documents related to Syria, as part of its ongoing Syria Files project. The latest trove of documents released included scans of passports for Syrian ministers, as well as details of alleged arms deals and monetary shipments.

"Within the stash you will find details about cargo flights from Russia, each containing 30 tons of fresh Syrian cash, as ProPublica has already reported today," according to an Anonymous statement. "Furthermore you will find lulzy documents such as scanned passports from Syrian ministers (PDF) and details about arms transportation from Ukraine, as shown in our teaser here (email/txt) and here (overflight permission for Iran, PDF). Most of the material is in Arabic and we invite all Arabic speakers to look through the mails for interesting documents."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Number 6
50%
50%
Number 6,
User Rank: Apprentice
11/30/2012 | 9:43:30 PM
re: Syria Hits Internet Kill Switch; Blackout Continues
Of course, that would never happen here, right?

Search CNET for title "Senators propose granting president emergency Internet power" from June 2010, and then the Wikipedia article on "Internet Kill Switch" for the full history.
UberGoober
50%
50%
UberGoober,
User Rank: Apprentice
11/30/2012 | 6:32:12 PM
re: Syria Hits Internet Kill Switch; Blackout Continues
Shutting down the Internet is big news, but decades of real physical tyranny skimmed over and 30,000 dead not mentioned. Gee. now we know what's important!
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7407
Published: 2014-10-22
Cross-site request forgery (CSRF) vulnerability in the MRBS module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVE-2014-3675
Published: 2014-10-22
Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet.

CVE-2014-3676
Published: 2014-10-22
Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option."

CVE-2014-3677
Published: 2014-10-22
Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption.

CVE-2014-4448
Published: 2014-10-22
House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.