Syria: Cracking down on digital dissidents
For Syrian dissidents, social networking sites are essential for bypassing traditional media and communication channels. But in doing so, online activists might all too easily fall prey to the government’s digital surveillance.
Social networking services like Facebook, Twitter and YouTube are widely credited for their role in the Arab Spring uprisings. They facilitated communication, provided a platform for organising protests, and even formed the basis for alternative media outlets (as featured in a previous blog post).
In Syria however, where violence is still raging in an increasingly bloody civil war with no end in sight, the situation appears a lot different than in Tunisia or Egypt. Online dissidence and governmental counteracting are forming a cat-and-mouse game, which mainstream starts to call a cyber war. I spoke to Eva Galperin with San Francisco-based Electronic Frontier Foundation to gain further insights into what is at stake on Syria’s digital battlefields.
“What we see is a conflict over information security between a number of different actors, with different levels of skills”, says Galperin. Some of these actors are hacker collectives such as the Syrian Electronic Army, a group loyal to (and endorsed by) the Assad regime. The SEA gained prominence after hacking and defacing several websites and social media profiles, including Reuters and Al-Jazeera, in order to post pro-Assad statements. On the anti-regime side, Anonymous became active through OpSyria. In February this year, the hacktivist group reported that they had hacked Assad’s email account (which reportedly was secured with a password as simple as 12345), and subsequently leaked hundreds of his emails.
State-sponsored malware
But the key role in this cyber conflict plays the Syrian government itself. Due to the quasi-monopolistic telecommunications market in Syria, Assad is in control of the state-owned STE, Syria’s key ISP. Thus, the Assad regime had a system of Internet surveillance and censorship in place long before the uprising, explains Galperin. At that time, Syria’s strategy to counteract political activism on the web to entirely block access to social networking sites like Facebook.
But this measure gradually lost its efficacy: “One of the problems that the Syrian regime had with services like Twitter, Facebook and Gmail was that more and more of these services were switching to SSL by default. More and more of the Internet was becoming encrypted. And so the number of users who were using these services in a way that STE could not immediately spy on their traffic was increasing”, explains Golperin. “That was originally the reason why the Assad regime decided to simply cut off access to these services: because they could not spy on the traffic.”
As a reaction to the encryption, the government had to radically change its strategy from blocking social media sites to infiltrating them: In February 2011, while the social media-driven uprisings in Egypt and Tunisia were in full swing, the Syrian government lifted the blockage of Facebook. As an obvious result, a number of pro-opposition Facebook groups appeared on the network. As these pages attracted a fast-growing user base of potential dissidents, they soon became the target of so called state-sponsored malware attacks. Galperin: “The government allowed access to the service again, but the next thing they did was to attempt so-called man-in-the-middle attacks against Facebook.”
Since then diverse range of governmental malware attacks has been (and still is), used to target Syrian online activists. According to EFF, these include phishing sites of YouTube and Facebook, Trojans hidden in fake revolutionary documents and fake Skype encryption and anti-hacking tools, which likewise download Trojans upon installation. Once a user’s machine is infested with such malware, the intruder can obtain virtually any data, from e-mail and social media passwords to keystroke logging. Through that, it is possible for the Syrian government to infiltrate one user’s entire network of trust while bypassing the SSL encryption of the respective network, explains Golperin.
The embargo problem
“These malware attacks are counting on the fact that users ignore browser warnings”, says Galperin. Most of the malware is not highly sophisticated, but some warning signs that would normally be obvious and alarming – such as bad English or typos in the installation screen – are being ignored.
For Galperin, one reason for that are in economic sanctions: “Syrians face all kinds of sanctions that make it illegal for companies to sell antivirus software, and that is why they are used to downloading sketchy software. The environment that we are seeing in Syria is that people have no access to tools to protect their communication from a government that intends to spy on them.”
However, while Syrian protesters are cut off Western anti-malware tools, the Syrian government uses US technology for monitoring its Internet users: Blue Coat, a leading producer of Internet security technology, had to acknowledge last year that several of their Internet filtering devices were used by the Assad regime, in spite of existing trade embargoes. Blue Coat stated that the devices were supposed to be shipped to Dubai, and had no explanation for how the Syrian government got hold of them.
This technological imbalance also constitutes a fundamental difference to, for example, the Egyptian revolution: “The security posture of Egyptian activists was essentially one of privacy nihilism”, explains Galperin. Assuming that everyone was being spied on, the Egyptian dissidents chose to take advantage of the momentum of online activism – which only worked out because things happened fast enough.
But the prolonged conflict in Syria has led to a cat-and-mouse game, in which more and more sophisticated state-sponsored malware is used against the Syrian activists. Therefore, it is essential to make Syrian Internet users aware of this threat, says Eva Galperin. At the same time, exemptions to the EU and US sanctions against Syria would give Syrian users access to privacy and anti-malware tools, thereby further decreasing the risk of downloading hazardous software. At least on the web, this could be a first step towards equilibrium in Syria’s ongoing conflict.
Further reading:
Baiazy, Amjad: Syria’s Cyber Wars (Report for mediapolicy.org, 1 June 2012)