Security Experts:

Syrian Government Cuts Country's Internet Access - Anonymous Goes on the Warpath

On Thursday, the state-run Syrian Telecommunications Establishment flipped the virtual switch and killed Internet access within the nation. Shortly after that act, Anonymous flipped their collective lids and started targeting the Internet properties of the Syrian government and pro-government supporters in retaliation. In addition, the loosely associative group, under the flag of OpSyria, started spreading dial-up numbers to enable spotty communications.

Outage

Flag of SyriaWhen the public first learned of the Internet blackout in Syria, the Syrian Minister of Information was quick to blame terrorists and made a halfhearted attempt to assure the world that the government had nothing to do with the outage.

“It is not true that the state cut the Internet. The terrorists targeted the Internet lines, resulting in some regions being cut off,” the Minister stated.

However, network analytics firms and Internet monitors tell a different story. Renesys was the first firm to go on record and confirm a complete shutdown of the Web within Syria, noting that all 84 of Syria's IP address blocks has become unreachable, “effectively removing the country from the Internet.”

However, after the Syrian Minister blamed terrorists, another company with a strong eye on the Internet called their bluff.

Cloud Flare, in a blog post Thursday afternoon, simply said that the Minister’s claims were unlikely.

“The Syrian Minister of Information is being reported as saying that the government did not disable the Internet, but instead the outage was caused by a cable being cut... From our investigation, that appears unlikely to be the case. To begin, all connectivity to Syria, not just some regions, has been cut,” the blog explains.

“Syria has 4 physical cables that connect it to the rest of the Internet. Three are undersea cables that land in the city of Tartous, Syria. The fourth is an over-land cable through Turkey. In order for a whole-country outage, all four of these cables would have had to been cut simultaneously. That is unlikely to have happened.”

In fact, a video shows the routes to the Internet within Syria dropping off at a rather alarming rate. The only way that such a coordinated outage happens is if the state-run Syrian Telecommunications Establishment severs ties with PCCW, Turk Telekom, Telecom Italia, and TATA.

Anonymous Responds

Once the outage was confirmed, it wasn’t long before Anonymous, under OpSyria, entered the conflict.

Anonymous Attacks Syrian Government in OpSyria“The nation of Syria has gone dark. And Anonymous knows all to well what happens in the dark places,” a statement from OpSyria stated.

“Fortunately, Anonymous has been working with Syrian activists for well over a year in anticipation of this moment. We produced and disseminated the Syrian Care Package, and there are emergency independent media centers already set up in every city of Syria. Activists and independent journalists in Syria will be able to utilize these media centers to get news and media out of Syria, and Anonymous will assist in propagating that media to the world...”

At 9:00 p.m. EST on Thursday, Anonymous started removing all of the Syrian Government’s Internet properties that remained online after the nation’s Web access was severed. The coordinated effort targeted government domains, as well as domains ran by pro-government sympathizers.

It wasn’t long before domains were either taken down via DDoS, or defaced and rendered useless.

Defaced

Belgium Embassy (http://www.syrianembassy.be/)

Industrial Bank (http://industrialbank.gov.sy/)

DDoS

Embassy in China (http://syria.org.cn)

Embassy in Saudi Arabia (http://www.syrianembassy-sa.org)

Embassy in Australia (http://syrianembassy.org.au)

Al-Baath News (Pro-government) (http://www.albaath.news.sy)

Ministry of Communications & Technology (http://www.moct.gov.sy)

Syrian Railways (http://www.syrecon.org)

The Baath Arab Socialist Party (http://www.baath-party.org/eng/news.asp)

Syrian Parliament (http://parliament.gov.sy)

Syrian TV (Pro-government) (http://www.rtv.gov.sy)

Al-Thawra News Paper (Pro-Government) (http://thawra.alwehda.gov.sy)

Syrian Times (Pro-Government) (http://syriatimes.tishreen.info)

Teshreen Newspaper (Pro-Government) (http://www.tishreen.info)

Compromised

Syrian Ministry of Foreign Affairs (http://www.mofa.gov.sy)

The Syrian Ministry of Foreign Affairs was breached, and has sense been taken offline. Anonymous managed to download 1GB of email, consisting of recent communications and internal memos, and posted it to the Web.

“Within the stash you will find details about cargo flights from Russia, each containing 30 tons of fresh Syrian Cash, as ProPublica has already reported today. Furthermore you will find lulzy documents such as scanned passports from Syrian ministers [PDF] and details about arms transportation from Ukraine, as shown in our teaser here and here (flyover permission for Iran) [PDF],” the OpSyria post explained.

It’s worth adding that while Anonymous has started selecting targets at will, pro-Syrian hackers have targeted opposition websites, as well as Reuters and Al Jazeera. In the attacks on the media, the ill-gotten access was used to publish fake news, as a type of propaganda campaign. Since this summer, pro-government supporters have also targeted the opposition with Malware, such as the Trojan attack that spread via Skype.

Anonymous’ tasks are being made easier by an Assad government mandate that pushed hosting of some official websites to datacenters outside of Syria. This makes them easy to find, and allows Anonymous their chance to prevent Syria from promoting their message while they censor their own people.

Unfortunately, it would appear some firms have allowed the Assad regime a safe home on the Web here in the US, which is against the law. The New York Times covered that story here.

As of 01:00 a.m. EST, the conflict and bloodshed on the streets in Syria has added a new front, the Internet, and Anonymous doesn’t appear to be running out of steam. However, the pro-Assad presence and counteroffensive online seems to have dried up – likely due to the blackout and the fact that most of their communications outside of the country are down.

Subscribe to the SecurityWeek Email Briefing
view counter
Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.