Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Syria Hits Internet Kill Switch; Blackout Continues

For more than 24 hours, Internet access has been disabled for nearly all of Syria. Anonymous has renewed its attack on Syrian government websites.

The government of Syria Thursday apparently hit a "kill switch" for the country's Internet, and more than 24 hours later, the country's broadband Internet connections remained offline. In addition, many of the country's private branch exchange (PBX) telephone networks and mobile networks were also offline.

"Starting at 10:26 UTC on Thursday, 29 November (12:26pm in Damascus), Syria's international Internet connectivity shut down," according to a report published by Internet intelligence firm Renesys. "In the global routing table, all 84 of Syria's IP address blocks have become unreachable, effectively removing the country from the Internet."

Renesys noted that all trace routes into Syria were also failing -- consistent with what would be an Internet blackout in the country -- and no customer networks on the country's primary Internet network, known as the Syrian Telecommunications Establishment, were reachable. Likewise, according to the Google Transparency Report, as of Friday morning, all Google services were unreachable from Syria.

Some Syrian Internet and cellular networks were last blacked out for 10 days in September, causing rebels and activists to have to communicate via satellite phone. But that outage was localized to Aleppo, which Friday was the scene of government airstrikes.

[ War of words and hacked websites continues in the Mideast. See Gaza Ceasefire Doesn't Hold Online: New Anonymous Hack. ]

The new, Syria-wide Internet outage may be a direct response by the government of President Bashar al-Assad to recent tactical victories by rebels. Notably, they've recently captured a key airbase near Aleppo, and have used looted surface-to-air missiles to down government aircraft.

Interestingly, not all of the Syrian government's Internet assets appear to have gone dark. "Now, there are a few Syrian networks that are still connected to the Internet, still reachable by trace routes and indeed still hosting Syrian content," reported Renesys. "These are five networks that use Syrian-registered IP space, but the originator of the routes is actually Tata Communications. These are potentially offshore, rather than domestic, and perhaps not subject to whatever killswitch was thrown [Thursday] within Syria."

According to Renesys, the five servers that are still Internet-connected -- and apparently hosted offshore by India-based Tata -- were previously seen in May 2012 supporting a malware campaign that targeted Syrian activists.

The Syrian government's decision to shut down the country's Internet connection wasn't unexpected. "There have been enough rumors that the more tech-savvy folks are expecting it," Jillian C. York, director for international freedom of expression for the Electronic Frontier Foundation, told CNN last month.

For comparison's sake, "in Egypt, you could say no one would have expected that," she said, referring to the nearly week-long Internet blackout in Egypt -- ordered by former President Hosni Mubarak's government -- that began in January 2011, after a week of mass protests spread throughout the country. After an 18-day revolt, Mubarak stepped down.

In Syria, however, despite a 20-month revolt against President al-Assad and bloody civil war, opposition forces hadn't been unable to create a unified front. But earlier this week, a Syrian opposition coalition met to discuss the creation of a transitional government, which will be crucial for gaining Arab and Western support. Furthermore, President Obama, in the wake of his reelection victory and the rebels' recent tactical successes, is reportedly considering directly arming the Syrian rebels, reported The New York Times.

While Syria may be offline, the blackout has driven members of the hacktivist collective Anonymous to intensify their efforts in support of the country's activists and rebels. As part of what the hacktivist collective has dubbed Operation Syria, an Anonymous-issued update Friday called on its supporters to launch DDoS attacks against Syrian embassies in Beijing, as well as in Australia.

Earlier this week, meanwhile, Anonymous leaked numerous documents related to Syria, as part of its ongoing Syria Files project. The latest trove of documents released included scans of passports for Syrian ministers, as well as details of alleged arms deals and monetary shipments.

"Within the stash you will find details about cargo flights from Russia, each containing 30 tons of fresh Syrian cash, as ProPublica has already reported today," according to an Anonymous statement. "Furthermore you will find lulzy documents such as scanned passports from Syrian ministers (PDF) and details about arms transportation from Ukraine, as shown in our teaser here (email/txt) and here (overflight permission for Iran, PDF). Most of the material is in Arabic and we invite all Arabic speakers to look through the mails for interesting documents."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Number 6
50%
50%
Number 6,
User Rank: Apprentice
11/30/2012 | 9:43:30 PM
re: Syria Hits Internet Kill Switch; Blackout Continues
Of course, that would never happen here, right?

Search CNET for title "Senators propose granting president emergency Internet power" from June 2010, and then the Wikipedia article on "Internet Kill Switch" for the full history.
UberGoober
50%
50%
UberGoober,
User Rank: Apprentice
11/30/2012 | 6:32:12 PM
re: Syria Hits Internet Kill Switch; Blackout Continues
Shutting down the Internet is big news, but decades of real physical tyranny skimmed over and 30,000 dead not mentioned. Gee. now we know what's important!
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24259
PUBLISHED: 2021-05-05
The “Elementor Addon Elements� WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24260
PUBLISHED: 2021-05-05
The “Livemesh Addons for Elementor� WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24261
PUBLISHED: 2021-05-05
The “HT Mega – Absolute Addons for Elementor Page Builder� WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by ...
CVE-2021-24262
PUBLISHED: 2021-05-05
The “WooLentor – WooCommerce Elementor Addons + Builder� WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-priv...
CVE-2021-24263
PUBLISHED: 2021-05-05
The “Elementor Addons – PowerPack Addons for Elementor� WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scriptin...