tag:theconversation.com,2011:/africa/topics/syrian-electronic-army-1169/articlesSyrian Electronic Army – The Conversation2014-06-24T15:24:48Ztag:theconversation.com,2011:article/284152014-06-24T15:24:48Z2014-06-24T15:24:48ZSyrian Electronic Army’s attack on Reuters makes a mockery of cyber-security (again)<figure><img src="https://images.theconversation.com/files/52080/original/tz9t4kw4-1403617074.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Vive la e-resistance!</span> <span class="attribution"><a class="source" href="http://www.shutterstock.com/pic-54298717/stock-photo-computer-virus-cyberterrorism-hand-grenade-with-usb-connector.html?src=hfX6EUeivgZJXwpM5YnXDw-1-16">Richard Peterson</a></span></figcaption></figure><p>One big security issue that has arisen lately concerns control of news media. National boundaries have become blurred on the internet, and the control any nation can have over information dissemination has been eroded – on news websites but especially on open platforms such as Twitter and Facebook. </p>
<p>Witness the activities of the <a href="http://sea.sy/index/en">Syrian Electronic Army (SEA)</a>, a pro-Assad group of “hacktivists”, which despite limited resources managed to compromise one of the leading news agencies in the world. It wasn’t even the first time – it has already attacked the agency several times before, not to mention its other attacks on the Financial Times, Washington Post, New York Times and Associated Press. </p>
<p>At midday on Sunday, people reading Reuters content found themselves redirected to a page which stated: </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/52058/original/hdv48trs-1403605883.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/52058/original/hdv48trs-1403605883.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/52058/original/hdv48trs-1403605883.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=343&fit=crop&dpr=1 600w, https://images.theconversation.com/files/52058/original/hdv48trs-1403605883.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=343&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/52058/original/hdv48trs-1403605883.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=343&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/52058/original/hdv48trs-1403605883.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=431&fit=crop&dpr=1 754w, https://images.theconversation.com/files/52058/original/hdv48trs-1403605883.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=431&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/52058/original/hdv48trs-1403605883.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=431&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Hacktivist group SEA’s message for Reuters users on Sunday.</span>
<span class="attribution"><span class="source">SEA</span></span>
</figcaption>
</figure>
<p>Where last year, for example, the SEA attack involved <a href="http://mashable.com/2013/07/29/thomson-reuters-twitter-account-hacked-by-syrian-electronic-army/">tweeting links to pro-Assad propaganda</a> from the Reuters Twitter account, this time it targeted Reuters content directly. But instead of targeting the agency’s site, the hack attacked the news content that it hosts on the sites of a large number of media outlets. </p>
<p>This is not the first time the SEA had attacked in a way that compromised the trusted partners of the major media outlets. It did something similar to the New York Times <a href="http://www.zdnet.com/how-the-syrian-electronic-army-took-out-the-new-york-times-and-twitter-sites-7000019989/">last August</a>. </p>
<figure class="align-right ">
<img alt="" src="https://images.theconversation.com/files/52081/original/ctxqksg9-1403617221.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=237&fit=clip" srcset="https://images.theconversation.com/files/52081/original/ctxqksg9-1403617221.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=338&fit=crop&dpr=1 600w, https://images.theconversation.com/files/52081/original/ctxqksg9-1403617221.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=338&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/52081/original/ctxqksg9-1403617221.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=338&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/52081/original/ctxqksg9-1403617221.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=424&fit=crop&dpr=1 754w, https://images.theconversation.com/files/52081/original/ctxqksg9-1403617221.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=424&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/52081/original/ctxqksg9-1403617221.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=424&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">SEA logo.</span>
<span class="attribution"><span class="source">SEA</span></span>
</figcaption>
</figure>
<p>In this most recent case, the SEA <a href="http://www.ibtimes.co.uk/reuters-hacked-by-syrian-electronic-army-via-taboola-ad-1453717">appears to have redirected viewers</a> to the bogus pages by compromising advertising hosted by a Reuters partner site called Taboola. This could have serious consequences for Taboola’s other clients, who include Yahoo!, BBC Worldwide and Fox News; and will generally be great worry to many sites. </p>
<h2>Look what the spear phishing dragged in …</h2>
<p>Another possibility for what lay behind the latest Reuters attack was one of the most common methods of compromise – a spear phishing email, similar to the one that <a href="http://theonion.github.io/blog/2013/05/08/how-the-syrian-electronic-army-hacked-the-onion/">the SEA used</a> to attack satirical site The Onion last year. </p>
<p>This involved a person in the company clicking on what seemed to be a link to a lead story from the Washington Post but turned out to be malicious. It re-directed the user to another site and then asked for Google Apps credentials. Once these had been keyed in, the SEA gained access to The Onion’s web infrastructure and managed to post a story.</p>
<p>While it took a while for The Onion to understand what had happened, Reuters quickly detected the compromise and had fixed the content within 20 minutes. But in classic form, when The Onion had got on top of the problem, it posted an article whose headline read, <a href="http://www.theonion.com/articles/syrian-electronic-army-has-a-little-fun-before-ine,32324/">Syrian Electronic Army Has A Little Fun Before Inevitable Upcoming Death At Hands of Rebels</a>.</p>
<p>These examples illustrate that organisations need to understand that there are new risks within the information age and there are new ways to distribute messages, especially from hackers skillful enough to be able to disrupt traditional forms for dissemination. </p>
<p>The nature of the cause is likely to vary widely. In 2011, for example, Tunisian government websites <a href="http://gawker.com/5723104/anonymous-attacks-tunisian-government-over-wikileaks-censorship">were attacked by dissident group Anonymous</a> because of Wikileaks censorship. </p>
<p><a href="http://www.pcworld.com/article/226128/Sony_Makes_it_Official_PlayStation_Network_Hacked.html">The same year</a>, the Sony Playstation Network was hacked after Sony said it would name and shame the person responsible for hacking its consoles. This showed that just because you are small on the internet doesn’t mean you cannot have a massive impact. Sony ended up losing billions on its share price and lost a great deal of customer confidence.</p>
<h2>HBGary Federal vs Anonymous</h2>
<p>The attack on security firm HBGary Federal is perhaps the best one in terms of how organisations need to understand their threat landscape. It started when Aaron Barr, the security firm’s chief executive, announced it would unmask some of the key people involved in Anonymous, and contacted a host of agencies, including the the US National Security Agency and Interpol. </p>
<p>Anonymous bounced a message back saying HBGary shouldn’t do this, as it would retaliate. As a leading security organisation, HBGary thought it could cope and went ahead with its threat.</p>
<p>Anonymous then searched the HBGary content management system and found it could get access to a complete database of usernames and hashed passwords by inserting a simple <a href="http://www.php.net//manual/en/intro-whatis.php">PHP</a> embed. </p>
<p>As the passwords were not encrypted, it was an easy task to reverse engineer the hashes back to the original password. Their target, though, was Aaron Barr and his chief operating officer, Ted Vera, each of which used weak passwords of six characters and two numbers, which are easily broken.</p>
<p>Having obtained their login details, Anonymous moved on to other targets. Surely they wouldn’t have used the same password for their other accounts? Sure enough they had, including the likes of Twitter and Gmail, which allowed access to gigabytes of research information. Then the hackers noticed that the system administrator for their Gmail email account was called Aaron. As a result they managed to gain complete control of the company email system, which included the email system for the Dutch police.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/52082/original/gxx6js9t-1403617401.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/52082/original/gxx6js9t-1403617401.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/52082/original/gxx6js9t-1403617401.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=450&fit=crop&dpr=1 600w, https://images.theconversation.com/files/52082/original/gxx6js9t-1403617401.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=450&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/52082/original/gxx6js9t-1403617401.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=450&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/52082/original/gxx6js9t-1403617401.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=566&fit=crop&dpr=1 754w, https://images.theconversation.com/files/52082/original/gxx6js9t-1403617401.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=566&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/52082/original/gxx6js9t-1403617401.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=566&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Your friendly neighbourhood hacktivist association.</span>
<span class="attribution"><a class="source" href="https://www.flickr.com/photos/raincoaster/6934233521/in/photolist-4iRJKw-bt5yno-4HKeDg-9id7Gd-dC51H8-byKL3n-bGvBDD-4NmPLE-96dijq-9w9DKe-hXqSF8-4yoPU8-gQiV5t-adCr3J-dJnNFq-4HTF6a-mphU1N-9hX4y4-4J9VWk-9NZM7n-4roHqC-9ZjVTq-bBWK7Z-4yPGCi-bjQaMn-4K3SDE-eMyiba-4ysns7-aiqsNi-fgQ7hP-4yJRUG-fCrssn-fxhGt5-grMLph-nch645-gx964k-e4QTGi-5dkc6h-99FemD-c9p6FE-ahBLPa-4PQ4yh-4rqn6B-4rurHo-fiGngo-4K45fG-na6p5s-byKY4T-kvyLR8-hihLwj">Lorraine Murphy</a>, <a class="license" href="http://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA</a></span>
</figcaption>
</figure>
<p>Latterly they went after top security expert Greg Hoglund, who owned HBGary. This involved sending him an email from within the Gmail account, from the system administrator, asking for him to confirm a key system password. After Hoglund replied back with it, Anonymous then went on to compromise his accounts. </p>
<p>HBGary Federal ended up being closed down due to the adverse publicity around the hack. Having said that, its partner company, HBGary, has gone from strength to strength. Hoglund is well known for making visionary presentations on computer security around the world. The word in the industry is that HBGary still did pass the Anonymous names to the American authorities, but no one knows for sure. </p>
<h2>Conclusions</h2>
<p>One lesson from all of this is that a focus of any attempted hack will be a spear phishing email. Tricking users into entering their details may be simple, but it can be very serious. For example the Reuters site integrates more than 30 third-party/advertising network agencies into its content. A breach on any of these could compromise the agency’s whole infrastructure.</p>
<p>I’ll end with a few straightforward pieces of advice that anyone who cares about security ought to follow:</p>
<ul>
<li>Use strong passwords</li>
<li>Never re-use passwords</li>
<li>Patch systems</li>
<li>Watch out for internal emails from bogus sources</li>
<li>Beware external websites that integrate with your organisation’s site.</li>
<li>Get a service level agreement (SLA) from your cloud provider. This should state how quickly the provider will react to requests for a lockdown of sensitive information, along with providing auditing information to trace the compromise</li>
<li>Don’t store emails in the cloud</li>
<li>Test your web software for scripting attacks</li>
</ul><img src="https://counter.theconversation.com/content/28415/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Bill Buchanan does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>One big security issue that has arisen lately concerns control of news media. National boundaries have become blurred on the internet, and the control any nation can have over information dissemination…Bill Buchanan, Head, Centre for Distributed Computing, Networks and Security, Edinburgh Napier UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/176182013-09-03T13:51:25Z2013-09-03T13:51:25ZThe Syrian Electronic Army is rewriting the rules of war<figure><img src="https://images.theconversation.com/files/30617/original/gg9rw6my-1378213490.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Warfare 2.0 doesn't require much more than a laptop.</span> <span class="attribution"><span class="source">DFectuoso</span></span></figcaption></figure><p>In <a href="http://www.dragondaymovie.com/">Dragon Day</a> – a provocative new movie on release in the US in November – we see the consequences of a “cyber 9/11”. China has attacked the critical infrastructure of the US in a large-scale cyber-attack. The film illustrates one of the dominant fears about cyber-security and cyber-war: a superpower attacking the networked infrastructure that supports all aspects of life in the 21st century.</p>
<p>Some argue that this fictional scenario is unlikely to ever play out in real life because a cyber-war on such a scale would ultimately be too self-destructive in an inter-connected world. Others believe such a cyber-conflict wouldn’t take place because it couldn’t: fears about the fragility and vulnerability of our networked society are overstated – useful scenarios for Hollywood films but not something we should worry about.</p>
<p>But even if complete societal meltdown is not on the horizon, the attacks coming out of Syria over the past few months are redefining the rules of the game. Until now, the use of cyber-expertise to attack others has been the preserve of rich nations - the technological innovators. Take Stuxnet, the most famous incident of this kind. While the perpetrators of the 2010 attack on Iranian nuclear facility have never been confirmed, it is widely believed that the <a href="http://www.telegraph.co.uk/technology/8274009/Stuxnet-Cyber-attack-on-Iran-was-carried-out-by-Western-powers-and-Israel.html">US government</a> was to blame.</p>
<p>Cyber-crime emanates from “shadow economies” all the time, but we see it as just another nuisance of life in the digital age, a “disease of affluence” that can be controlled through greater precaution and awareness.</p>
<p>The conflict in Syria has created uncomfortable political and strategic problems for Barack Obama and David Cameron but it has traversed geopolitical distance in other ways too. “Local” conflicts have long had a “global” dimension through the use of strategies like hijacking planes or kidnapping citizens and while this conflict exhibits all the attributes of the most brutal civil wars of the twentieth century, it has become “global” through the use of digital strategies. The role played by the Syrian Electronic Army (SEA) challenges our common conception of cyber-security and cyber-war as the terrain of the most “advanced” and “developed”.</p>
<p>The SEA developed spontaneously as a group of Facebook users in 2011, during the early days of the Arab uprisings. Its relationship to the Assad regime is much debated and the SEA denies it is state-sponsored. Either way, it certainly lacks the billions of dollars of investment that goes into cyber-superpower projects elsewhere. As the conflict has unfolded, the SEA has proven to be an active and effective presence in the conflict, using phishing techniques to crack social media accounts, redirect web addresses to its own page and deface other websites. The New York Times has been hit and this week <a href="http://www.ibtimes.co.uk/articles/503037/20130902/syrian-electronic-army-hacks-marine-website-hacked.htm">marines.com</a> also fell victim to the group.</p>
<p>A lot of the SEA’s work is nuisance. Defaced websites are usually corrected quickly, hijacked Twitter accounts don’t stay that way for long. While it is annoying for consumers and potentially costly for the companies and organisations targeted, these cyber-attacks are a far way removed from the “missiles” in the form of code that some have envisaged in the age of cyber-war.</p>
<p>But earlier this year those who saw the SEA as an irritation rather than a threat were silenced. The army made its presence felt in a big way by <a href="http://www.nbcnews.com/technology/ap-latest-victim-string-twitter-break-ins-syrian-electronic-army-6C9567459">hijacking</a> the Associated Press’ Twitter account and tweeting that President Obama had been injured in an explosion, days after the Boston marathon bombing. As a direct result, the Dow Jones dropped 143 points, temporarily draining $136.5 billion from the US economy.</p>
<p>The “flash crash” was not due to nervous traders but software which used a technique called algorithmic trading. This monitors news feeds and social media in order to trade automatically based on the real world events it sees. It worked perfectly in this case - except there were no explosions at the White House and President Obama was perfectly safe.</p>
<p>This was clearly a limited attack. Ten minutes later, with an apology from the Associated Press, the Dow Jones recovered. The financial wobble was likely to have been an unintended consequence from a typical social media “crack” rather than an actual attack itself. But there is no denying that the SEA proved that one tweet could impact complex financial systems. What this event proved is that poor cyber-security across multiple systems can coalesce into a much bigger problem. This cascade effect is a significant danger because it takes such basic technical know-how and the holes are nearly impossible to plug.</p>
<p>Some of the methods used by the SEA are simple. The attack on the Associated Press, for example, was more a case of social engineering than hacking. The real problem is imperfections in the cyber-security of these complex and interconnected systems. Twitter’s speedy expansion left serious flaws in its security and the Associated Press attack forced the company to accelerate the introduction of two-step verification for accounts. It also forced financial institutions to look at the effectiveness of their algorithmic trading systems, having seen how easily they could be spoofed.</p>
<p>This cascade effect is a genuine threat which is being exploited by diverse groups for strategic reasons (or just for the lulz) - and because it is so easy these attacks are becoming more frequent. The SEA is likely to become a blueprint for cyber “assets” who emerge in conflicts around the world from an increasingly technically proficient population.</p>
<p>This new element of conflict might not result in a “middle ranked” state like Syria launching an attack of the type depicted in Dragon Day but the acceleration of technological change and the rapid growth in know-how on all sides might be leading us towards a world in which “action at a distance” becomes more destructive than ever before.</p>
<p>This in turn could radically disrupt the “great chain of being” that orders the world we live in. William Gibson famously wrote: “The future is already here - it’s just not very evenly distributed.” What we see in the conflict in Syria is that the distribution of the “future” is changing the nature of conflict around the world in ways we need to pay attention to. The SEA has warned that <a href="http://www.bbc.co.uk/news/technology-23899140">more is to come</a>, and it seems it is to be believed.</p><img src="https://counter.theconversation.com/content/17618/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Mark Lacy receives funding from the EPSRC.</span></em></p><p class="fine-print"><em><span>Oliver Fitton does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>In Dragon Day – a provocative new movie on release in the US in November – we see the consequences of a “cyber 9/11”. China has attacked the critical infrastructure of the US in a large-scale cyber-attack…Oliver Fitton, PhD Candidate in International Relations, Lancaster UniversityMark Lacy, Associate Director, Security Lancaster, Lancaster UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/140812013-05-10T02:32:28Z2013-05-10T02:32:28ZSyria is back online – so who has the internet kill switch?<figure><img src="https://images.theconversation.com/files/23486/original/8t7gd29b-1368147880.jpg?ixlib=rb-1.1.0&rect=0%2C26%2C992%2C736&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Former Egyptian president Hosni Mubarak shut down the country’s internet in 2011 in an effort to stop the uprising. But does Syria’s recent online blackout have a darker motive?</span> <span class="attribution"><span class="source">Mataparda</span></span></figcaption></figure><p>Syrian residents found themselves <a href="http://www.bbc.co.uk/news/world-middle-east-22446041">without the internet</a> for some 19 hours on May 7 and 8, in what many see as a long-term government campaign to use the internet as method of state control.</p>
<p>According to <a href="http://www.bbc.co.uk/news/world-middle-east-22447247">BBC reports</a>, local residents of Syria were told there was a “fault in optical fibre cables” but this is unlikely as <a href="http://www.submarinecablemap.com/">submarine cable maps</a> show three active cables connecting Syria to the outside world. </p>
<p>Other reports have the government <a href="http://blogs.computerworld.com/cyberwarfare/22168/syria-loses-internet-again-censorship-or-backhoe-itbwcw">blaming terrorists</a> but there is evidence that would suggest this is also wrong.</p>
<p>The backbone of the internet is a network of Border Gateway Protocol (<a href="http://www.enterprisenetworkingplanet.com/netsp/article.php/3615896/Networking-101-Understanding-BGP-Routing.htm">BGP</a>) routers. BGP is the set of regulations affecting how internet routers route your email and web requests across the internet. Without it, there’s no internet.</p>
<p>The Syrian owned BGP routers were steadily closed down over a period of 2 minutes, typical of a fast, manually controlled close down, in order to isolate the country. </p>
<p>Belgian network expert <a href="http://www.fredericjacobs.com/">Frederic Jacobs</a> caught this change in the network and produced an excellent visualisation of the event on YouTube, which you can view below. </p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/YwxvITcrbx4?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
</figure>
<h2>So who was behind the shutdown?</h2>
<p>Such control is only possible from the state-controlled network centres in Damascus.</p>
<p>There have been <a href="http://www.guardian.co.uk/world/2012/nov/29/syria-blocks-internet">several</a> other <a href="http://www.washingtonpost.com/blogs/blogpost/post/syria-internet-services-shut-down-as-protesters-fill-streets/2011/06/03/AGtLwxHH_blog.html">breaks</a> in the Syrian internet connection in recent times, coinciding with breaks in fixed and mobile phone operation. </p>
<p>These are reported as being precursors to military action where the government is trying to disadvantage the opposition fighters. Another suspected reason is to forestall attempts at protest or any other anti-government activity. </p>
<p>It is unclear from the current muddled reports if the recent outage was related to activities which the government was trying to mask or prevent.</p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/23479/original/3dwp3wx2-1368145644.jpg?ixlib=rb-1.1.0&rect=0%2C0%2C853%2C278&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/23479/original/3dwp3wx2-1368145644.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=196&fit=crop&dpr=1 600w, https://images.theconversation.com/files/23479/original/3dwp3wx2-1368145644.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=196&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/23479/original/3dwp3wx2-1368145644.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=196&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/23479/original/3dwp3wx2-1368145644.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=246&fit=crop&dpr=1 754w, https://images.theconversation.com/files/23479/original/3dwp3wx2-1368145644.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=246&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/23479/original/3dwp3wx2-1368145644.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=246&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Down to zero: Syria’s internet traffic stopped completely between 5am Tuesday and 12am Wednesday.</span>
<span class="attribution"><span class="source">Google</span></span>
</figcaption>
</figure>
<p>Syria has been marked by Reporters Without Borders as an “<a href="http://en.rsf.org/syria-syria-12-03-2012,42053.html">Enemy of the Internet</a>” since 2006. </p>
<p>In 2009 the Committee to Protect Journalists rated Syria the <a href="http://cpj.org/reports/2009/04/10-worst-countries-to-be-a-blogger.php">third worst country</a> in the world in which to be a blogger, and anti-government bloggers and journalists have experienced <a href="https://www.eff.org/deeplinks/2011/06/despite-hoaxes-real-risks-blogging-syria">wide-scale arrests</a> and <a href="http://www.globaljournalist.org/freepresswatch/2013/02/syria/syrian-journalist-died-under-torture/">torture</a>. </p>
<h2>How can I talk to friends and family in Syria?</h2>
<p>If you are conversing with anyone in Syria please remember that you are almost certainly being monitored by the government, and there can be dire consequences for local Syrians if the government disapproves of what is said. </p>
<figure class="align-right ">
<img alt="" src="https://images.theconversation.com/files/23481/original/rrmbspgb-1368146160.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=237&fit=clip" srcset="https://images.theconversation.com/files/23481/original/rrmbspgb-1368146160.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=377&fit=crop&dpr=1 600w, https://images.theconversation.com/files/23481/original/rrmbspgb-1368146160.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=377&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/23481/original/rrmbspgb-1368146160.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=377&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/23481/original/rrmbspgb-1368146160.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=474&fit=crop&dpr=1 754w, https://images.theconversation.com/files/23481/original/rrmbspgb-1368146160.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=474&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/23481/original/rrmbspgb-1368146160.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=474&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Was the Syrian internet blackout an attempt by the government to squash protests such as this … or is there a darker motive?</span>
<span class="attribution"><span class="source">AAP</span></span>
</figcaption>
</figure>
<p>Contacts through known <a href="http://en.wikipedia.org/wiki/Open_proxy">open proxy servers</a> which hide your identity are enough to arouse suspicion. </p>
<p>Sending what is clearly an encrypted file, even if the government cannot read it, may be sufficient grounds for undesirable government attention for the recipients. </p>
<p>Encrypted speech and video may be less likely to arouse suspicion as most internet phone and video phone applications use encryption as standard, but even here there are dangers. </p>
<p>The US-based digital rights organisation the <a href="http://www.eff.org">Electronic Frontier Foundation</a> reports that the Syrian government is deploying a <a href="http://threatpost.com/report-syrian-government-using-targeted-skype-attacks-malware-spy-dissidents-050312/">Trojan horse for Skype</a> in order to spy on its citizens. </p>
<p>The government can easily work out who is being called even if it cannot listen to you. If you are working in the US consulate in Sydney, it would be a really bad idea to talk to your friends in Syria! </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/23480/original/4xc8z4zy-1368145856.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/23480/original/4xc8z4zy-1368145856.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/23480/original/4xc8z4zy-1368145856.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/23480/original/4xc8z4zy-1368145856.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/23480/original/4xc8z4zy-1368145856.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/23480/original/4xc8z4zy-1368145856.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/23480/original/4xc8z4zy-1368145856.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/23480/original/4xc8z4zy-1368145856.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">A Syrian man uses the internet at his shop in Damascus, Syria, after the country came back online on Wednesday.</span>
<span class="attribution"><span class="source">AAP</span></span>
</figcaption>
</figure>
<h2>An ongoing cyberwar</h2>
<p>The EFF also reports a concerted effort by the Syrian government to infiltrate the computers of activists.</p>
<p>There is even one case of an anti-spy website which warns people about the dangers, but has documents and other features which can <a href="https://www.eff.org/deeplinks/2012/05/trojan-hidden-fake-revolutionary-documents-targets-syrian-activists">infiltrate a victim computer</a> and report to Syrian intelligence.</p>
<figure class="align-left zoomable">
<a href="https://images.theconversation.com/files/23485/original/rtwyv884-1368147685.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/23485/original/rtwyv884-1368147685.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=237&fit=clip" srcset="https://images.theconversation.com/files/23485/original/rtwyv884-1368147685.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=761&fit=crop&dpr=1 600w, https://images.theconversation.com/files/23485/original/rtwyv884-1368147685.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=761&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/23485/original/rtwyv884-1368147685.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=761&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/23485/original/rtwyv884-1368147685.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=957&fit=crop&dpr=1 754w, https://images.theconversation.com/files/23485/original/rtwyv884-1368147685.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=957&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/23485/original/rtwyv884-1368147685.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=957&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">The Egyptian internet shutdown in 2011 spawned a renewed effort against the government.</span>
<span class="attribution"><span class="source">outtacontext</span></span>
</figcaption>
</figure>
<p>Most of these tools appear to be aimed at Microsoft Windows based computers and so a Linux-based computer, particularly a <a href="http://en.wikipedia.org/wiki/Live_CD">live-DVD based system</a> which cannot be corrupted, may be a lot more secure. </p>
<p>If a Windows computer is being used it is vital to ensure it has the latest security updates as there are many well known vulnerabilities that only recent security updates will fix.</p>
<p>The Syrian government is also on the receiving end of cyberattacks. The hacking group <a href="https://theconversation.com/search?q=anonymous">Anonymous</a> managed to <a href="http://www.ehackingnews.com/2012/11/anonymous-leaks-1gb-of-internal-govt.html">liberate 1GB of documents</a> from the Syrian Ministry of Foreign Affairs in December 2012.</p>
<p>According to <a href="hackmageddon.com">hackmageddon.com</a>, Anonymous is in active engagement with the Syrian Electronic Army (<a href="http://www.globalpost.com/dispatches/globalpost-blogs/the-grid/syrian-electronic-army-assad-lackeys-or-concerned-secularists">SEA</a>), a cyberwarfare unit that claims to be independent, though it clearly operates with the <a href="http://www.washingtonpost.com/blogs/worldviews/wp/2013/05/06/syrian-hackers-seize-the-onions-twitter-account-arent-very-funny/">blessing of the Assad government</a>. </p>
<p>Anonymous has managed to deface many Syrian government websites.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/23475/original/whh7pdt4-1368143200.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/23475/original/whh7pdt4-1368143200.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/23475/original/whh7pdt4-1368143200.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=225&fit=crop&dpr=1 600w, https://images.theconversation.com/files/23475/original/whh7pdt4-1368143200.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=225&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/23475/original/whh7pdt4-1368143200.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=225&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/23475/original/whh7pdt4-1368143200.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=283&fit=crop&dpr=1 754w, https://images.theconversation.com/files/23475/original/whh7pdt4-1368143200.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=283&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/23475/original/whh7pdt4-1368143200.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=283&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">A screengrab of the Belgian embassy in Damascus, defaced by the Syrian faction of Anonymous in November 2012.</span>
</figcaption>
</figure>
<p>But the SEA has also made many exploits: <a href="http://www.smh.com.au/it-pro/security-it/bbc-twitter-accounts-hacked-by-proassad-group-20130322-2gjie.html">hacking the BBC</a>, and many sites in the <a href="http://venturebeat.com/2013/04/21/sea-cbs/">US</a> and <a href="http://qz.com/58274/syrian-electronic-armys-twitter-hacking-campaign-racks-up-another-victory/">Qatar</a> who both support the rebels.</p>
<p>Twitter, who was attacked by the SEA, has retaliated by <a href="http://www.bbc.co.uk/news/world-middle-east-22287326">banning any account set up by SEA</a>. </p>
<p>The Assad government and the SEA most likely feel they have nothing left to lose and it will be interesting to see what they can achieve with a full blown cyberattack against their enemies.</p>
<p>Syrian government censorship and misinformation has made it very difficult to know what is really happening in Syria. </p>
<p>This in turn makes the world’s big players such as the US, and local players such as Turkey and Israel, very uneasy. </p>
<p>There may be a strong pressure to act based on rumours of serious issues, such <a href="http://worldnews.nbcnews.com/_news/2013/05/09/18148044-exclusive-turkish-pm-erdogan-syria-has-crossed-red-line-used-chemical-weapons?lite">use of chemical weapons</a>. </p>
<p>In strangling the internet and the media, the Syrian government may be its own worst enemy.</p><img src="https://counter.theconversation.com/content/14081/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Pj Radcliffe does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Syrian residents found themselves without the internet for some 19 hours on May 7 and 8, in what many see as a long-term government campaign to use the internet as method of state control. According to…Pj Radcliffe, Senior Lecturer, Electrical and Computer Engineering , RMIT UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/26052011-08-09T02:09:01Z2011-08-09T02:09:01ZLulzSec, Anonymous … freedom fighters or the new face of evil?<figure><img src="https://images.theconversation.com/files/2743/original/2813584553_dec50d5c0b_b.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Hacktivists remove choice from consumers – and in their own way lay down the law.</span> <span class="attribution"><span class="source">anonmunich</span></span></figcaption></figure><p>As you’ll know by now, hacktivist group Anonymous has <a href="http://www.itwire.com/business-it-news/security/49003-anonymous-takes-over-syrias-ministry-of-defense-site">vandalised the home page of the Syrian Ministry of Defense</a>, posting <a href="http://jrwr.co.cc/anonmirror/">a message</a> which started: “To the Syrian people: the world stands with you against the brutal regime of Bashar Al-Assad”.</p>
<p>The response from within Syria was swift, with the so-called “Syrian Electronic Army” <a href="http://www.computerworld.com/s/article/9218981/Syrian_hackers_retaliate_deface_Anonymous_social_network">retaliating</a> by defacing Anonymous’s fledgling social network, <a href="http://www.philipbrennan.net/2011/07/18/an-overview-of-anon-what-is-it-and-what-it-is-not/">Anon+</a>.</p>
<p>So, was the backlash uncalled for?</p>
<p>Groups such as <a href="http://en.wikipedia.org/wiki/LulzSec">LulzSec</a> and <a href="https://theconversation.com/topics/anonymous">Anonymous</a> have what many see as laudable goals. </p>
<p>They promote <a href="http://www.businessinsider.com/lulzsec-anonymous-are-freedom-fighters-2011-6">freedom</a>, or at least they claim to. The real question in all this is: what constitutes freedom?</p>
<p>Though the political situation in Syria warrants attention, online vandalism is not the answer. If we look to the commercial sector the issue of freedom becomes all the clearer.</p>
<p>Corporations such as e-commerce giant PayPal – who themselves appear to be in the sights of <a href="http://theconversation.com/are-anonymous-and-lulzsec-about-to-hack-paypal-for-wikileaks-2582">LulzSec and Anonymous</a> – are in business to make a profit. The service they provide to society is directed by this profit. </p>
<p>Simply put, the model in place is one of freedom. As much as we might want to rail against the corporate structure, PayPal represents freedom far more than groups such as LulzSec and Anonymous ever will.</p>
<p>PayPal provides a service. If you, as a customer, are not happy with that service, you have the freedom to find other ways to have this service fulfilled. </p>
<p>In making the decision to utilise the service (or not) you are making a choice – in effect, you are “voting” with your dollars. </p>
<p>This is freedom. </p>
<p>What groups such as LulzSec and Anonymous do is attempt to stop the average person having a choice at all. In engaging in a <a href="http://theconversation.com/zombie-computers-cyber-security-phishing-what-you-need-to-know-1671">Distributed Denial of Service (DDoS) attack</a> against a business, so-called hacktivists are not promoting freedom: they are using force to promote their views, and removing the choices other people would have made.</p>
<p>It’s one thing to attempt to convince people to change their view – but there are many ways of doing this. Some of the recent non-violent <a href="http://www.wfuv.org/news/news-politics/110621/new-yorkers-rally-against-walmart">rallies</a> against Walmart (<a href="http://en.wikipedia.org/wiki/Dukes_v._Wal-Mart_Stores,_Inc.">in response to a sexual discrimination lawsuit</a>) in the US are examples of one, non-dogmatic approach.</p>
<p><a href="http://langevin.house.gov/">US Congressman Jim Langevin</a> <a href="http://langevin.house.gov/news/press-releases/2011/05/langevin-presses-for-critical-infrastructure-cyber-standards.shtml">stated in May</a>: “the vast majority of our critical assets are in private hands”.</p>
<p>I agree with this statement. The businesses and corporations that make our lives as good as they are form the foundations of our society. </p>
<p>Many attacks against large corporations by LulzSec and Anonymous have been direct attacks against our critical infrastructure. Where does it end?</p>
<p>As LulzSec and Anonymous grow, their goals and ideas grow in scope as well. At the moment they seem to be pursuing what can only be described as a “nebulous” freedom, but as they engage in attacking the ties that bind our societies, is this even what they’re doing?</p>
<p>Both groups promote their views through force and coercion yet say they want freedom. </p>
<p>Adolf Hitler <a href="http://www.stormfront.org/books/mein_kampf/mkv1ch08.html">expressed</a> the same sentiment in 1926: “What we have to fight for is the freedom and independence of the fatherland, so that our people may be enabled to fulfil the mission assigned to it by the creator”.</p>
<p>Force and coercion do not create freedom – they only create fear, uncertainty and doubt. </p>
<p>At the end of it all, when hacktivists attack critical systems to force their views, we all suffer.</p><img src="https://counter.theconversation.com/content/2605/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Craig S Wright does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>As you’ll know by now, hacktivist group Anonymous has vandalised the home page of the Syrian Ministry of Defense, posting a message which started: “To the Syrian people: the world stands with you against…Craig S Wright, PhD; Adjunct Lecturer in Computer Science, Charles Sturt UniversityLicensed as Creative Commons – attribution, no derivatives.