June 7, 2012 By Doug Bernard
“As of right now, things are very fluid,” is how one Syrian activist sums up the situation for us.
A military treasure trove
Cartoon image of President Assad spying online (courtesy Free Syrian Computer Society)
“We’ve been receiving distressing reports about what’s happening with the Internet in Syria for about a year now,” says Eva Galperin. “But the reports are getting more and more distressing.”
Galperin is International Freedom of Expression Coordinator at the online free-speech group the Electronic Frontier Foundation, or EFF. For years she and her organization have tracked attempts by repressive regimes to restrict or even cut off people’s access to the digital environment of computers, mobile phones and the Internet. These days, Syria is a subject of constant concern.
Just this week, the EFF reported a new computer bug, apparently deployed by the government, that can turn activist’s computers into weapons for spying. Here’s how it works: a Skype message containing a document is sent to friend’s Skype accounts. The message says it’s a plan to help other activists in the city of Aleppo, the scene of growing turmoil, but it’s actually a “trojan” – a bug that installs itself silently on the target’s computer. Says Galperin, “once inside, it takes control of your computer and logs all of your keystrokes, passwords and screenshots, and sends that information back” to whoever controls it.
The fact that it sends data back to only one IP address tells Galperin that it’s likely a government trick, all to gather information on its citizens.
And for Internet activist Martin Löwdin, that’s an important clue for what the government is up to. “A semi-open monitored Internet is a treasure trove for the security services and military when trying to track and quash dissent,” he tells us.
Löwdin is a member of the group Telecomix, a hacker collective similar in some regards to its more famous cousin Anonymous, but very different in terms of mission. Unlike Anonymous hacks, which can often veer into the personal or juvenile, Telecomix members focus on concrete solutions to keep the web as open and free as possible, especially recently in the “Arab Spring” nations. Back in 2011, when Egyptian officials temporarily erased that nation from the web, it was Telecomix that got the first Internet access routes open for Egyptian activists.
As worrisome as the recent trojans are for Löwdin, his larger worry is the level of Internet monitoring the government is likely conducting.
“To date two or three trojans have been identified, but they don’t seem to be the main problem for Syrians trying to use the Internet. Rather, access to Facebook, Twitter and YouTube being blocked — as well as several filtering and disrupting systems put to heavy use — are the main problems for Syrian Internet users. It is also expected, if unconfirmed, that the traffic that does get through the filters is monitored.”
Syria is known to have very sophisticated systems of web monitoring in place. One of those is a state-of-the-art system from the U.S.-based firm Bluecoat Technologies that allows for very robust filtering of specific content, not just the blunt hammer of totally blocking a site like Facebook. More recently, Damascus was well on its way to installing a system from the Italian firm Area SpA that would have given the government the ability to scan the content of SSL or other encrypted messages. Under pressure, that firm later withdrew from finishing the installation.
The advantage of keeping the web running
Traceroute from computer inside Syria strongly suggesting government web filtering
The Assad government has a documented history of using information obtained electronically to target and punish critics. Just one example: in the fall of 2011, British journalist Sean McAllister was working with web activists to document what was happening on the ground in Syria. But McAllister was sloppy with his electronic fingerprints – he says he didn’t realize the depth of surveillance efforts there – and he was taken into custody. Some of those McAllister was working with, and whose information was in his devices, have since disappeared; the rest fled.
So just imagine what Assad’s police forces could do with the equivalent of 100, or 1,000, Sean McAllisters.
While the situation may change at any time, it appears at present the government is not slowing access to the web in general or slowing its speed, says Doug Madory, an analyst at the “Internet intelligence” firm Renesys. Last year, when Syria temporarily brought the web to a crawl, it was Renesys that provided the independent verification of what they were doing. “We keep a pretty close eye on Syria,” he says, “and while we have other concerns, at this point it doesn’t look like they’re trying to shut the web down.”
And why would they, asks Martin Löwdin, if those in power believed that the information they could suck from the web outweighed the risks of letting activists communicate and organize online? “They haven’t gone for the ‘Mubarak Kill Switch‘,” he says, adding:
“There have been indications that STE, the Syrian national internet provider, has taken over much of the filtering — this is indicated by the fact that updates to the block lists seemed to come into effect for every ISP at once, rather than the staggered deployment seen earlier (when lists of sites to block were transmitted by fax to each ISP.)”
What Syrians can do
Logo for the hacktivist group Telecomix Syria
Anita Hunt, possibly not her real name, is a self-identified member of the group Global Freedom Movement, another hacker collective associated with Telecomix and focused on Internet freedoms. Hunt reports an increasing crackdown on Internet activity in Syria and also worries about escalating web spying by the government. But, she says, Syrians can fight back with circumvention. “The most common methods of circumvention are still centered on Tor, VPN and proxies,” says Hunt. “The issue with file extensions is not significantly preventing images or video from getting out.”
“Remember: You Are Being Watched,” warns the website of the Free Syrian Computer Society. Activists there provide several recommendations for Syrians to safeguard their privacy online, including using SSL & https, VPNs and services like Tor that safeguard users’ privacy.
All great suggestions, says the EFF’s Eva Galperin. But the most important step, she says, is for Syrians not to fall prey to what she calls privacy nihilism:
“It’s very easy when you’re leaving the house every day and you’re simply risking your life by stepping out onto the street to think ‘Well, they’re spying on me anyway, so I should take no precautions.’ To that I say it’s extremely important to take precautions. It’s one thing to say the government can spy on you; it’s quite another to make it easy for them to do so. Don’t make it easy for them.”
Good advice in fluid times.