Damascus Mines The Web To Target Activists
Doug Bernard | Washington DC
As the situation and armed conflicts in Syria enter a new period of uncertainty and militarization, it increasingly appears the same may well be said about Syria’s Internet.
Of course, it’s old news to say that Damascus restricts citizen’s access to the web for its own purposes, deploying filters, blocks, malware and other dirty tricks to impede those critical of the regime. But recently, VOA has begun to get word that something new, and possibly much more grave, may be going on in that nation.
While reliable information is difficult to get in or out of Syria, our efforts to learn what’s actually happening there suggest that the regime of Bashar al-Assad is moving to militarize the web, aggressively working to use it as a surveillance tool to target, and punish, opponents of the government.
“As of right now, things are very fluid,” is how one Syrian activist sums up the situation for us.
A Military Treasure Trove
“We’ve been receiving distressing reports about what’s happening with the Internet in Syria for about a year now,” says Eva Galperin. “But the reports are getting more and more distressing.”
Galperin is International Freedom of Expression Coordinator at the online free-speech group the Electronic Frontier Foundation, or EFF. For years she and her organization have tracked attempts by repressive regimes to restrict or even cut off people’s access to the digital environment of computers, mobile phones and the Internet. These days, Syria is a subject of constant concern.
Just this week, the EFF reported a new computer bug, apparently deployed by the government, that can turn activist’s computers into weapons for spying. Here’s how it works: an Skype message containing a document is sent to friend’s Skype accounts. The message says it’s a plan to help other activists in the city of Aleppo, the scene of growing turmoil, but it’s actually a “trojan” – a bug that installs itself silently on the target’s computer. Says Galperin, “once inside, it takes control of your computer and logs all of your keystrokes, passwords and screenshots, and sends that information back” to whoever controls it.
The fact that it sends data back to only one IP address tells Galperin that it’s likely a government trick, all to gather information on its citizens.
And for Internet activist Martin Löwdin, that’s an important clue for what the government is up to. “A semi-open monitored Internet is a treasure trove for the security services and military when trying to track and quash dissent,” he tells us.
Löwdin is a member of the group Telecomix, a hacker collective similar in some regards to its more famous cousin Anonymous, but very different in terms of mission. Unlike Anonymous hacks, which can often veer into the personal or juvenile, Telecomix members focus on concrete solutions to keep the web as open and free as possible, especially recently in the “Arab Spring” nations. Back in 2011, when Egyptian officials temporarily erased that nation from the web, it was Telecomix that got the first Internet access routes open for Egyptian activists.
As worrisome as the recent trojans are for Löwdin, his larger worry is the level of Internet monitoring the government is likely conducting.
“To date two or three trojans have been identified, but they don’t seem to be the main problem for Syrians trying to use the Internet. Rather, access to Facebook, Twitter and YouTube being blocked — as well as several filtering and disrupting systems put to heavy use — are the main problems for Syrian Internet users. It is also expected, if unconfirmed, that the traffic that does get through the filters is monitored.”
Syria is known to have very sophisticated systems of web monitoring in place. One of those is a state of the art system from the U.S.-based firm Blue Coat Technologies that allows for very robust filtering of specific content, not just the blunt hammer of totally blocking a site like Facebook. More recently, Damascus was well on its way to installing a system from the Italian firm Area SpA that would have given the government the ability to scan the content of SSL or other encrypted messages. Under pressure that firm later withdrew from finishing the installation.
The Advantage of Keeping The Web Running
The Assad government has a documented history of using information obtained electronically to target and punish critics. Just one example: in the fall of 2011, British journalist Sean McAllister was working with web activists to document what was happening on the ground in Syria. But McAllister was sloppy with his electronic fingerprints – he says he didn’t realize the depth of surveillance efforts there – and he was taken into custody. Some of those McAllister was working with, and whose information was in his devices, have since disappeared; the rest fled.
So just imagine what Assad’s police forces could do with the equivalent of 100, or 1,000, Sean McAllisters.
While the situation may change at any time, it appears at present the government is not slowing access to the web in general or slowing its speed, says Doug Madory, an analyst at the “Internet intelligence” firm Renesys. Last year, when Syria temporarily brought the web to a crawl, it was Renesys that provided the independent verification of what they were doing. “We keep a pretty close eye on Syria,” he says, “and while we have other concerns, at this point it doesn’t look like they’re trying to shut the web down.”
And why would they, asks Martin Löwdin, if those in power believed that the information they could suck from the web outweighed the risks of letting activists communicate and organize online? “They haven’t gone for the ‘Mubarak Kill Switch‘,” he says, adding:
“There have been indications that STE, the Syrian national internet provider, have taken over much of the filtering — this is indicated by the fact that updates to the block lists seemed to come into effect for every ISP at once, rather than the staggered deployment seen earlier (when lists of sites to block were transmitted by fax to each ISP.)”
What Syrians Can Do
Anita Hunt, possibly not her real name, is a self-identified member of the group Global Freedom Movement, another hacker collective associated with Telecomix and focused on Internet freedoms. Hunt reports an increasing crackdown on Internet activity in Syria and also worries about escalating web spying by the government. But, she says, Syrians can fight back with circumvention. “The most common methods of circumvention are still centered on Tor, VPN and proxies,” says Hunt. “The issue with file extensions is not significantly preventing images or video from getting out.”
“Remember: You Are Being Watched,” warns the website of the Free Syrian Computer Society. Activists there provide several recommendations for Syrians to safeguard their privacy online, including using SSL & https, VPNs and services like Tor that safeguard users’ privacy.
And it’s not just those inside Syria that need to protect themselves – so, too, should their friends and allies. VOA’s Davin Hutchins, over at our companion site Middle East Voices, has this thorough guide on the best tools and options for anyone wanting to protect themselves online; it’s well worth the time.
These and others are all fine suggestions, says the EFF’s Eva Galperin. But the most important step, she says, is for Syrians not to fall prey to what she calls privacy nihilism:
“It’s very easy when you’re leaving the house every day and you’re simply risking your life by stepping out onto the street to think ‘Well, they’re spying on me anyway, so I should take no precautions.’ To that I say it’s extremely important to take precautions. It’s one thing to say the government can spy on you; it’s quite another to make it easy for them to do so. Don’t make it easy for them.”
Good advice in fluid times.