A CNN report from November 2011 on Syrian cyber-warfare
Stephen Faris writes for Bloomberg Businessweek:
Taymour Karim didn’t crack under interrogation. His Syrian captors beat him with their fists, with their boots, with sticks, with chains, with the butts of their Kalashnikovs. They hit him so hard they broke two of his teeth and three of his ribs. They threatened to keep torturing him until he died. “I believed I would never see the sun again,” he recalls. But Karim, a 31-year-old doctor who had spent the previous months protesting against the government in Damascus, refused to give up the names of his friends.
It didn’t matter. His computer had already told all. “They knew everything about me,” he says. “The people I talked to, the plans, the dates, the stories of other people, every movement, every word I said through Skype. They even knew the password of my Skype account.” At one point during the interrogation, Karim was presented with a stack of more than 1,000 pages of printouts, data from his Skype chats and files his torturers had downloaded remotely using a malicious computer program to penetrate his hard drive. “My computer was arrested before me,” he says.
Much has been written about the rebellion in Syria: the protests, the massacres, the car bombs, the house-to-house fighting. Tens of thousands have been killed since the war began in early 2011. But the struggle for the future of the country has also unfolded in another arena—on a battleground of Facebook pages and YouTube accounts, of hacks and counterhacks. Just as rival armies vie for air superiority, the two sides of the Syrian civil war have spent much of the last year and a half locked in a struggle to dominate the Internet. Pro-government hackers have penetrated opposition websites and broken into the computers of Reuters and Al Jazeera to spread disinformation. On the other side, the hacktivist group Anonymous has infiltrated at least 12 Syrian government websites, including that of the Ministry of Defense, and released millions of stolen e-mails.
The Syrian conflict illustrates the extent to which the very tools that rebels in the Middle East have employed to organize and sustain their movements are now being used against them. It provides a glimpse of the future of warfare, in which computer viruses and hacking techniques can be as critical to weakening the enemy as bombs and bullets. Over the past three months, I made contact with and interviewed by phone and e-mail participants on both sides of the Syrian cyberwar. Their stories shed light on a largely hidden aspect of a conflict with no end in sight — and show how the Internet has become a weapon of war.
The cyberwar in Syria began with a feint. On Feb. 8, 2011, just as the Arab Spring was reaching a crescendo, the government in Damascus suddenly reversed a long-standing ban on websites such as Facebook, Twitter, YouTube, and the Arabic version of Wikipedia. It was an odd move for a regime known for heavy-handed censorship; before the uprising, police regularly arrested bloggers and raided Internet cafes. And it came at an odd time. Less than a month earlier demonstrators in Tunisia, organizing themselves using social networking services, forced their president to flee the country after 23 years in office. Protesters in Egypt used the same tools to stage protests that ultimately led to the end of Hosni Mubarak’s 30-year rule. The outgoing regimes in both countries deployed riot police and thugs and tried desperately to block the websites and accounts affiliated with the revolutionaries. For a time, Egypt turned off the Internet altogether.
Syria, however, seemed to be taking the opposite tack. Just as protesters were casting about for the means with which to organize and broadcast their messages, the government appeared to be handing them the keys.
Dilshad Othman, a 25-year-old computer technician in Damascus, immediately grew suspicious of the regime’s motives. Young, Kurdish, and recently finished with his mandatory military service, Othman opposed President Bashar al-Assad. Working for an Internet service provider, he knew that Syria — like many other countries, including China, Iran, Saudi Arabia, and Bahrain—controlled its citizens’ access to the Web. The same technology the government used to censor websites allowed it to monitor Internet traffic and intercept communications. Popular services such as Facebook, Skype, Google Maps, and YouTube gave Syria’s revolutionaries capabilities that until a couple of decades ago would have been available only to the world’s most sophisticated militaries. But as long as Damascus controlled the Internet, they’d be using these tools under the eye of the government.
Shortly after the Syrian revolution began in March 2011, Othman’s political views cost him his job. He decided to dedicate himself full time to the opposition, joining the Syrian Center for Media and Freedom of Expression in Damascus to document violence against journalists in the country. He also began teaching his fellow activists ways to stay safe online. Othman instructed them how to encrypt e-mails and encouraged them to use tools like Tor software, which enables anonymous Web browsing by rerouting traffic through a series of distant servers. When Tor turned out to be too slow to live-stream protests or scenes of government attacks against civilians, Othman began purchasing accounts on virtual private networks and sharing them with his friends and contacts. A VPN is basically a tunnel inside the public Internet that allows users to communicate in a secure fashion. For a monthly fee, you can buy access to servers that create encrypted paths between computers; the VPN also disguises the identities and locations of your machine and others on the network. Spies can’t read e-mails sent via VPN, and they have a hard time figuring out where they came from.
Othman’s efforts worked at first, but very quickly Damascus blocked off-the-shelf VPNs and upgraded its Internet filters in ways that made the VPNs inoperative. By the summer of 2011, Othman had become frustrated with the Western VPN providers, which he felt were too slow to adapt to the government’s crackdowns. He bought space on outside servers, set up VPNs of his own, and began actively managing them to make sure safe connections remained available.
Othman was still training and equipping activists in October 2011 when he made a nearly fatal mistake. He gave an on-camera interview to a British journalist who was later arrested with the footage on his laptop. Warned by a friend through a Facebook message, Othman turned off his phone, removed its SIM card — a precaution to avoid being tracked—and hid in a friend’s Damascus apartment. He never went home. A month and a half later, at the urging of activists who worried his arrest would compromise their entire network, he escaped across the border to Lebanon. “I had been a source of safety for my friends,” he says. “I didn’t want to become a source of danger.”
The struggle for Syria has transcended borders. In early 2011, from his office at the University of California at Los Angeles, John Scott-Railton, a 29-year-old graduate student in Urban Planning, joined the revolutions in North Africa and the Middle East. Scott-Railton, working on a dissertation on how poor communities in Senegal were adapting to climate change, had spent time in Egypt and had close friends there. When revolutionaries in Cairo occupied Tahrir Square, he set his studies aside. Working through his contacts in the country, he helped Egyptians evade Internet censors and get their message out to the world by calling protesters on the phone, interviewing them, and publishing their views on Twitter. Later, when the Arab Spring spread to Libya, he did the same, this time working with Libyans in the diaspora to broaden his reach.
In Syria, Scott-Railton recognized that the task would be different. Once Assad’s government lifted restrictions on the Internet, activists were having little trouble getting their voices heard; graphic videos alleging government atrocities were lighting up Facebook and YouTube. The challenge would be keeping them safe. “If we’re going to talk about how important the Internet has been in the Arab Spring, we need to think about how it also brings a whole new set of vulnerabilities,” says Scott-Railton. “Otherwise, we’re going to be much too optimistic about what can be done.”
The first documented attack in the Syrian cyberwar took place in early May 2011, some two months after the start of the uprising. It was a clumsy one. Users who tried to access Facebook in Syria were presented with a fake security certificate that triggered a warning on most browsers. People who ignored it and logged in would be giving up their user name and password, and with them, their private messages and contacts.
In response, Scott-Railton began nurturing contacts in the Syrian opposition, people like Othman with wide networks of their own. “It wasn’t that different from the strategy I had worked out in Libya: Figure out who was trustworthy and then slowly build up,” he says. In the meantime, he contacted security teams at major American technology companies whom he could alert when an attack was detected. Scott-Railton declined to name specific companies but confirmed he was in touch with security experts at some of the biggest brand names. In the past year and a half, pro-government hackers have successfully targeted Facebook pages, YouTube accounts, and logins on Hotmail, Yahoo!, Gmail, and Skype.
Scott-Railton’s involvement in the Syrian cyberwar wasn’t high-tech. Over several months, he set himself up as a bridge between two worlds, passing reports of hacking on to various companies who could investigate attacks on their users, take down bogus websites, and configure browsers to flag suspect sites as potential threats.
For Syrians, the system provided a quick, sure way to limit damage as attempts to break into accounts affiliated with the opposition became more sophisticated. For tech companies, it was an opportunity to address violations as they happened—though those violations have also exposed the vulnerabilities of some of the world’s most popular social networking services.
Facebook, which in 2011 responded to hacking attempts in Tunisia by routing communications through an encrypted server and asking users to identify friends when logging in, wouldn’t comment on what, if anything, the company is doing in Syria. Contacted by Bloomberg Businessweek, a spokesperson provided a statement saying: “Security is a top priority for Facebook and we devote significant resources to helping people protect their accounts and information, wherever they live and whatever the circumstances. … We will respond quickly to reports—whether from formal or informal channels—about worrying and problematic security threats from groups, organizations and, on occasion, from governments.”
As the war intensified, the cyberattacks waged by pro-government Syrian hackers became more ambitious.