Syria Goes Dark: Worldwide Internet Traffic To/ From Syria Shutdown

Syria Internet Goes Offline

Syria’s nationwide internet service goes dark again and some mobile networks are down, as the civil war there drags on.

The image above from Akamai’s Twitter feed shows the “switch” being thrown as Syria traffic drops to nothing.

According to Renesys, Syrian connectivity went dark at 18:43 UTC, when Border Gateway (BGP) Routes went down:

Syria BGP Routers Down

The internet relies on BGP to route internet traffic across the world. When Syrian BGP routes were removed from the routing table, Syria effectively became dead in the internet water. It is unsure at this time if internal access has also been shut off.

Early reports say the Syrian government claims the outage is from a terrorist attack, but rebels say that the outages usually occur during times of government military attack.

For more information including a technical explanation of how Syria shut off it’s internet, check out Umbrella Security Lab’s post.

Are Russian Hackers Helping the Syrian Government?

Russia supplied attack helicopters in Syria. (Getty Image)
Russian supplied attack helicopters in Syria. (Getty Image)

As the Syrian civil war drags on one thing is clear, Russia is arming the Syrian government. As they have already supplied arms and attack helicopters to al-Assad’s regime, could Russian hackers be performing cyber attacks against Syrian opposition too?

It’s really no secret that Russia is arming the Syrian government, and there is nothing illegal about it. Russia and China have used their veto power at UN security council meetings to block sanctions against Syria. But as the physical battle rages on, a war in the cyber realm is also well under way.

A full blown war of cyber attacks is unfolding in Syria, with some calling it the most active cyber conflict in recent times. Apparently pitting the Syrian government and a group called the Syrian Electronic Army (SEA) against a loose group of Syrian resistance hackers and surprisingly the hacker group Anonymous.

So far the majority of the cyber conflict is one sided, with Syrian rebels taking the brunt of the attacks (Syrian rebels have  really only been able to deface some government sites in response). But with the overwhelming efficiency and strength of the attacks, it is apparent that the Syrian government must be getting outside help.

DefenseNews article discloses that Syrian government forces are using cyber tools that have been created by several other countries in their offensive strikes:

Assad has Iran’s backing, and his supporters are allegedly also using Iranian cyber tools. Alexander Klimburg, a senior adviser at the Austrian Institute for International Affairs, said it’s widely believed that the Syrians are using popular offensive software designed in Iran.

But it is just not Iranian software, they are also using utilities created in Europe and surprise, surprise… Russia.

The Russian government is well known to use hacker groups like the Russian Business Network to attack other nations. Doing so gives the Russia government plausible deniability in the attacks.

With Russia apparently investing military equipment in the al-Assad regime and offensive cyber tools, it is not a far stretch to assume that they may also be supplying the use of Russian hacker group services.

Malware Code that infects any OS came from Security Tool

(F-Secure image of malware backdoor Java App)

Last week, Security researchers at F-Secure have analyzed a new malware that targets Macs, Linux and Windows machines. (Thanks Dangertux!) The code, found on a Colombian Transport website, determines what operating system the visitor is using and then delivers a tailored backdoored Java applet. If the user allows the applet to run, the attackers get remote access to their machine.

Sound familiar?

Well it should, the code was taken from one of our favorite security tools, the Social Engineering Toolkit! Dave Kennedy (Rel1k) responded to an Arstechnica article about the new malware, stating that the code was indeed from SET:

Just a heads up, this is my open-source tool called the social-engineer toolkit.. Java applet attack source code is open to everyone. Looks like the payloads were custom though. This is used by millions of security researchers.

This is a problem with open source software and several software tools in fact. Though the creator meant the tool for good, unfortunately there are those out there that will try to use them for evil.

Recently a program created by a young French coder Jean-Pierre Lesueur, was used by the Syrian government to spy on its own people! Once Lesueur found out that it was used in this way, he created a removal tool for it and finally gave up developing it all together. Well known security guru Kevin Mitnick who used the tool in security demonstrations commented on Lesueur’s choice saying:

I don’t think that’s a good reason to stop development on it, because you always have bad actors,” he says. “That’s just a fact of life.”

Open source security tools are a huge benefit to the IT community. Especially to smaller companies that cannot afford high priced security solutions. They should not get a bad rap because of a few miscreants that twist them to do evil.