Today, it was reported by Renesys that beginning at 3:35 UTC and in the course of an hour and a half, two-thirds of Syrian networks had become disconnected from the global Internet.
This latest Internet black out is an example of just-in-time blocking—a phenomenon in which access to content and information communication technologies are blocked in response to sensitive political situations when the technology and content may have the greatest potential impact. It is suspected that the severing of Syria’s Internet is in direct response to the intensification of revolts this week, sparked in part by the death and torture of 13 year old Hamza Ali al-Khateeb, as well as in memory of at least 50 other children killed during the protests. This action follows other MENA states severing access in reaction to protest on ground with Egypt shutting down national connectivity on January 28, 2011 and access blockages in Libya and Bahrain in February. For further analysis, see today’s OpenNet Initiative blogpost.
Popular uprisings in Syria have ben mirrored by extensive activity across cyberspace. Since the protests began in January, the state—historically a pervasive censor of the Internet—opened up access to YouTube and Facebook. A few weeks ago, we blogged about how Facebook users in the country found themselves to be a target of an ongoing man-in-the-middle attack (some suspected that it was a ruse by authorities to spy on activists coordinating protests), while the Syrian Electronic Army was distributing DDoS software as to encourage followers to attack anti-regime Web sites. This week, we released an IWM report by Helmi Noman entitled, The Emergence of Open and Organized Pro-Government Cyber Attacks in the Middle East: The Case of the Syrian Electronic Army. In the report, Noman documents the activities of the Syrian Electronic Army. The Army appears to be a case of an open and organized pro-government computer attack group that targeting defacement attacks against Syrian opposition Web sites and using popular Facebook pages to propagate pro-regime comments.
This report is timely in the context of increased contestation in cyberspace amid the Arab Spring uprisings. As Noman notes, “one component of this contestation is the tendency among governments and networks of citizens supportive of the state to use offensive computer network attacks [as] supplements to legal, regulatory, and other controls, and technical forms of Internet censorship.” This trend can also be seen in the case of the Iranian Cyber Army in its defacements of Twitter and Iranian opposition Web sites, as well as in the reports of Tunisian and Yemini opposition Web site coming under cyber attacks. As in most cases however, attribution is difficult to determine, and although Noman describes connections between the Syrian government and the Syrian Electronic Army, he was unable to find evidence beyond tacit support to make direct linkages between the Army and authorities.
Across cyberspace however, the case of the Syrian Electronic Army is—as Ronald Deibert put it this week in an interview on CBC Dispatch—merely a small manifestation of a broader trend of the militarization of cyberspace. Governments around today are stepping up their capabilities to fight and win wars in this space.
This week, the Internet saw other instances of the assertion of power in this domain. Two weeks ago, the United States released its International Strategy for Cyberspace where the Obama administration announced that the US government would respond militarily to hostile acts in cyberspace. This week, the Washington Post reported that The Pentagon has developed a list of cyber weapons and tools, such as viruses, that can be used to sabotage adversaries as an effort to streamline how the country States engages in cyber warfare and approved weapons that can be deployed. The Pentagon is slated to release a document which will outline the country’s military cyber doctrine. The document is said to be partly a policy document, and partly a warning to potential adversaries and will potentially clearly define what the US considers to be “cyber attacks.” The British government has also begun developing its own toolbox of offensive cyber weapons. The Minister of the Armed Forces told The Guardian that “action in cyberspace will form part of the future battlefield,” and that cyber weapons were an “integral part of the country’s armoury.”
Meanwhile, the NATO alliance is working on a comprehensive cyber strategy which will be announced this month. In the meantime, a draft report entitled Information and National Security reveals that the strategy will address “three facets of the linkage between Information Age and national security”: 1) the changing notion of secrecy in international affairs, 2) digital hacktivism, and 3) direct cyber threats against states and NATO’s role in cyber defense. The draft report further states that groups such as Anonymous should be “infiltrated and perpetrators persecuted.”
This week, Anonymous declared action against the IMF, in protest against the austerity measures demanded by the country’s IMF bailout and amid call from within the country for protests and a general strike on June 15th against these austerity measures. Members of Anonymous have also attacked Iranian government servers and procured and published 10,000 e-mails from the Ministry of Foreign Affairs.
In the meantime, contestation in the form of attacks continued this week. US military contractors Lockheed Martin, and L-3 saw targeted security breaches, while Northrop Grumman shut down remote access for a domain name and password reset—while many suspected this was due to a breach, it has not yet been confirmed. Over at Google, a spear-phishing campaign to gain access to users’ passwords was detected. The campaign was said to have targeted US government officials, and Chinese activists and journalists. China has since denied the allegations that this was a state-sponsored attack. For more on targeted attacks on popular web mail services, see this recent blogpost by Nart Villeneuve at TrendMicro.