Surveillance and censorship: Inside Syria's Internet
NEW YORK -- Months after the Arab Spring uprisings first rocked the Middle East, a group of Western free speech activists began to map the Syrian Internet.
What they discovered was evidence of government surveillance and censorship.
"We were tipped off that people in Syria were being tracked online, and that information was being used to hunt down protesters," activist Sam Covin told CBS News.
In the spring of 2011, Covin and other members of the loose-knit activist group Telecomix, which provides alternative techniques to bypass statewide blocked Internet or censored websites, began scanning the Syrian Internet to gain a better understanding of the country’s service.
The activist group was able to access Internet-connected video cameras, network switches and appliances, and even home and business routers. It also discovered more than a dozen devices made by networking gear company Blue Coat.
"The devices were not well secured -- they used 'factory settings' -- so we were able to look into what the devices were doing," he said. These appliances, Covin explained, can be used to filter and inspect Internet traffic, including encrypted and secured data, though the Sunnyvale, Calif.-based company insists the technology is "not intended" to aid surveillance.
After discovering and reading more than 54 gigabytes of Blue Coat appliance log files, Covin said it "became clear that [the appliances] were being used to track online activities."
A spokesperson for Blue Coat told CBS News the company was aware its technology was being used, but vehemently denied it authorized the sale to the Syrian government. Blue Coat said it has been actively cooperating with the U.S. government since 2011 over what it described as the illegal transfer of its products into the country by third parties.
"As a result of its investigation, the U.S. Department of Commerce has fined or otherwise sanctioned several third parties in connection with the unlawful diversion of our products to Syria that took place without our knowledge," the spokesperson added.
According to the Commerce Department, evidence suggest that "U.S.-origin Internet filtering devices" are being used by the Syrian government "to block pro-democracy websites and identify pro-democracy activists as part of Syria's brutal crackdown against the Syrian people."
As a result, one of Blue Coat's authorized distributors based in the United Arab Emirates was added to a list of companies and persons restricted from receiving items subject to U.S. jurisdiction.
The U.S. government retains heavy sanctions against Syria, particularly in regards to the facilitation of "computer and network disruption, monitoring and tracking," according to an executive order signed by President Obama in April 2012. The order bars U.S. technology firms from providing products and services to Syria "that could assist in or enable serious human rights abuses."
Earlier this year, the European Union amended its trade embargoes on a limited basis to support opposition fighters, while preserving sanctions against the Assad regime to starve it of arms and other equipment.
Despite the embargoes, Frederic Jacobs told CBS News that the monitoring of the Syrian Internet is "astounding."
Jacobs, a Belgian native, spent time on the ground in Syria in July, close to the Turkish-Syrian border, although he declined to state exactly where. He has spent more than two years investigating Syrian networks since the conflict began. "Every single piece of traffic that goes through some [Internet providers] are being recorded to hard disk drives," he said.
Two sources with knowledge of the Syrian Internet independently claimed the Assad regime was also using equipment sold by networking giant Cisco to run "scans" of the country's network.
Cisco confirmed it had a "few licensed sales" to MTN Syria, a privately-held company based in Syria, but said it was "sanctioned" by the U.S. government.
"Cisco has a robust system in place that reduces risk of product diversion by rigorously screening requests for software downloads, physical transfers, and service engagements for Cisco products," a spokesperson said in an emailed statement to CBS News. The company said unauthorized end-users would be "unable to download the required software for product use, or to obtain services for any existing products."
The Commerce Dept. did not respond to numerous requests for comment. MTN Syria, and its Johannesburg, South Africa-based parent company MTN Group, did not respond to requests for comment.
Since the beginning of the uprising in Syria, the Assad regime has used its control over the country's infrastructure to cut off vast swaths of the population from the Internet. Where there is access, it is heavily filtered and censored.
A man we’ll identify only as Yousef -- not his real name -- whose work in the telecoms industry gives him detailed and intimate knowledge of the state of Syria's Internet and infrastructure, told CBS News that the country’s Internet connectivity is managed by the state-owned and regime-controlled Syrian Telecommunications Establishment (STE).
While more than a dozen private Internet and infrastructure providers exist, these "peers" are forced to enact the same censorship filters, website blocking and service limiting. Yousef adds that they are "virtually controlled" by the regime.
Yousef also said the Assad regime routinely cuts off broadband access “to silence people.”
Based on guidance from Assad's office to correspond with the ongoing situation in the country, the Syrian Information Organization (SIO) decides what topics, websites and content should reach the few permitted to connect to the Internet. Privately-held Internet providers are forced to sign agreements to ensure their systems are compliant with the filters run by the SIO. These filters block out news networks, like Al Arabiya and Al Jazeera, and other popular sites used by the opposition, according to Yousef.
As a result, many Syrians gain access to the hundreds of websites that are blocked, according to previously reported leaks, using proxy services and virtual-private networking (VPN) tools.
Despite Syrians' best efforts to avoid surveillance and circumvent censorship, STE has a dedicated security branch that can monitor all Internet and telecom activities, according to one STE employee with knowledge of the situation, who spoke to CBS News on the condition of anonymity for fear of his safety. He also said the state-run telecom may use deep-packet inspection technology, which can be used to filter and monitor even secured communications, including proxy connections and VPNs, through the use of Western technology.
Before conflict broke out in Syria, the SIO spent vast resources on efforts to control the country's Internet to restrict access to Western services. Many Syrians used Internet cafes because, they believed, the government was able to monitor home Internet connections. Many cafes subsequently closed because they were unable to obtain approval and prior vetting from STE and the country's internal security services.
After the initial uprising subsided, Internet availability increased across Syria’s main cities, despite periodic outages. Aside from the economic benefits of restoring business in the country, Yousef described it as a "smart move" by the Assad regime to better monitor social media sites like Facebook and YouTube.
Jacobs suggested the regime's "most precious tool" was disinformation and its ability to filter the Internet.
But despite the regime’s best efforts, some opposition groups have managed to gain Internet access outside of state-run telecommunications lines. With Western help, some members of the opposition have been able to acquire satellite-based technology to avoid detection and censorship.
This is the second article in a three-part series
Part 1: Syrian opposition logs on at any cost
Part 2: Surveillance and censorship on the Syrian Internet