May 30, 2013

author-placeholder Admin

« Back to Blog

Late last fall, on November 29th, 2012 at approximately 5:26 AM EST, the Syrian government blocked the majority of access to the Internet within its borders by removing the routing tables from global Internet traffic. This turned Syria “dark” as it disconnected the country from the necessary connections that allow information in and out of the country. We assume this was done in an effort to minimize the effectiveness of rebel communications.

Using ScoutVision, our Threat Intelligence Monitoring and Management Platform, we are able build a complete internal and external view of Syria’s government-owned networks for analysis. The variety of data that is available in ScoutVision provides several vantage points to assess Syrian networks, particularly those owned and operated by the government. In this case, continuous monitoring on routing relationships between Syrian Autonomous Systems (ASNs) and their peering partners.

Telecommunications in Syria

The telecommunications infrastructure in Syria is rather small with 6 Autonomous Systems (see figure 1). In comparison, there are 16,132 ASNs in the U.S. Syria’s 6 ASNs places them at 144th in terms of AS size; ahead of 80 other nations which are primarily located in Africa, Central America, and the Pacific Islands.1

Fig. 1: Autonomous Systems in Syria, from ScoutVision query

Figure 1 shows active and inactive ASNs in Syria. A quick glance shows 4 telecommunications companies, a higher education and research network, and an IT-related AS; only 2 have announced IP space. The main telecommunications provider in the country is the Syrian Telecommunications Establishment (STE) which is a government owned operation (under the authority of the Ministry of Information) focused primarily on fixed-line communication. The largest mobile telecommunications company, with 55% of the local market, is privately-held but is owned by a first cousin of President Bashar al-Assad2, leading to speculation of government influence.

The government-owned STE owns the vast majority of the IP space operating in Syria through the 2 ASNs (AS 29836 and 29256) they maintain (see figure 2). As noted, all other operators have less than 1% of the IPs in Syria. Outside of STE dominance, there is little presence by other service providers within Syrian borders.

Fig. 2: Autonomous Systems operating within Syrian borders

Due to their control on accessibility of the domestic telecommunications network, service providers are forced to ‘rent’ IP space from a government-owned entity, providing the Ministry of Information another means of denying access to private companies or individuals. This also means that, due to the lack of public access to the telecommunications infrastructure, the government can control its connectivity to the wider Internet ‘community.’

With respect to routing, the smaller of the 2 STE ASNs (AS 29256) has only 1 upstream AS peer, AS 29386 (see figure 3). It is solely dependent on the larger STE AS (29386) for availability.

Fig. 3: Visualization of routing structure of STE AS 29256

STE ASN (AS 29386), which controls almost all Internet traffic within the country, has 5 upstream peers that connect it to the global Internet infrastructure (see figure 4). These upstream peers are telecommunications backbones originating from Germany, the U.S., Canada, Italy, and Turkey, respectively3.

Fig. 4: Visualization and listing of upstream peers of STE AS 29386

Syrian Civil War Leads to Blackout

In the midst of an ongoing civil war, Syria has become a less stable state provoking wider fears of regional security. As fighting has escalated, the Syrian government has resorted to tactics that have earned the “condemnation” of the international community4. In this climate, it is not unknown for authoritative regimes to censor information. The Syrian government has done this under a constitutional clause dating back to the Ba’athist ascension to power in 1963 that allows government intervention in times of a state of emergency. The Syrian government widely screens and blocks access to Internet sites deemed politically “sensitive,” as they consider it just as necessary to censor information coming into its citizenry as it is to limit the amount and types of information leaving the country.

Recent uses of social media campaigns like those on Twitter and Facebook, particularly in Egypt and Libya, have provided avenues for information gathering amongst the masses within a country and dissemination abroad highlighting government crackdowns. With all the political unrest, state security services have been effective at tracking and phishing for social network authentications, adding to their list of already impressive capabilities of content filtering, access restriction, and online propaganda5.

It is known that the Syrian government has exercised its ability to disconnect from the Internet to limit information accessibility. Last fall, this action was followed by a large offensive that they did not want ‘broadcast’ to or by the public. Drastically cutting off Internet connectivity was also a tactic used by the Egyptian government the previous year during its civil war. The benefits for the Syrian government of a lack of Internet connectivity are twofold: the potential for less publicity and therefore greater impunity concerning their actions and limiting means of communication and coordination for Syrian rebels.

STE AS 29386 is the primary AS for Syria. During the blackout, all of ASN’s upstream peers were active while all of its subordinate networks were disabled. If this were a routing attack, it likely would have impacted some or all of the AS’s upstream peers. Therefore, it is reasonable to conclude that the blackout decision was an internal one.

1 “World Report.” Hurricane Electric Internet Services. 29 Nov 2012. http://bgp.he.net/report/world

2 “Syriatel.” Wikipedia. 6 Aug 2012. http://en.wikipedia.org/wiki/Syriatel

3 “Origination” determined through ScoutVision Country Footprinting, designated by country with largest percentage of IPs in stated country.

4 “General Assembly, GA/11266.” United Nations General Assembly. 3 Aug 2012.http://www.un.org/News/Press/docs/2012/ga11266.doc.htm

5 “Beset By Online Surveillance and Content Filtering, Netizens Fight On.” Reports Without Borders. 13 March 2012. http://en.rsf.org/beset-by-online-surveillance-and-12-03-2012,42061.html

  •  
  •  
  •  
  •  
  •