Syria Dropping Off The Internet In 2012 Was Result Of NSA Hack Gone Wrong, Not Syrian Government

from the because-of-course-it-was dept

You may recall that, back in 2012, Syria suddenly dropped off the face of the internet. It actually happened twice. There was all sorts of speculation about how it happened.
At the time, Cloudflare's analysis was one of the most thorough, noting that it almost certainly "was done through updates in router configurations" rather than a physical failure or a cable cut or something. Of course, everyone assumed that it was the Syrian government, trying to cut off access to the outside world.

However, in James Bamford's big Wired article about Ed Snowden, Snowden reveals it was actually an NSA hack gone wrong:
One day an intelligence officer told him that TAO—a division of NSA hackers—had attempted in 2012 to remotely install an exploit in one of the core routers at a major Internet service provider in Syria, which was in the midst of a prolonged civil war. This would have given the NSA access to email and other Internet traffic from much of the country. But something went wrong, and the router was bricked instead—rendered totally inoperable. The failure of this router caused Syria to suddenly lose all connection to the Internet—although the public didn't know that the US government was responsible. (This is the first time the claim has been revealed.)

Inside the TAO operations center, the panicked government hackers had what Snowden calls an “oh shit” moment. They raced to remotely repair the router, desperate to cover their tracks and prevent the Syrians from discovering the sophisticated infiltration software used to access the network. But because the router was bricked, they were powerless to fix the problem.

Fortunately for the NSA, the Syrians were apparently more focused on restoring the nation’s Internet than on tracking down the cause of the outage. Back at TAO’s operations center, the tension was broken with a joke that contained more than a little truth: “If we get caught, we can always point the finger at Israel.”
Thus, it appears that Cloudflare's speculation that it was done as a router update was entirely correct -- just that no one realized it was the NSA that was updating the routers, rather than the Syrians.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: ed snowden, hack, internet, james bamford, nsa, router, surveillance, syria, tao


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 13 Aug 2014 @ 12:31pm

    In the words of Stephen Colbert

    TAO are a bunch of "Blame Israel Firsters!"

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Aug 2014 @ 12:43pm

    i'm waiting to see how long it takes for Erdigan in Turkey to start the same shit Assad did. he's already had Facebook blocked. what do the citizens think he'll do when there is some sort of rebellion to his laws and how he wants the way of life to be? i think the Turks are going to be in for some bad happenings in the near future. shame!

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Aug 2014 @ 1:05pm

    Either way, it was by the hands of a rogue state.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Aug 2014 @ 1:08pm

    Bye Bye, Cisco

    I think if were an ISP running Cisco routers I'd be looking for something else. Having the NSA tap your network is one thing. You can always just play stupid about that. Having them brick your network is a whole other thing.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Aug 2014 @ 1:28pm

    I think I'm turning Japanese

    One month previous to this outage, Defense Secretary Panetta was warning of a future "cyber Pearl Harbor". ( http://www.defense.gov/transcripts/transcript.aspx?transcriptid=5136 ). He forgot to mention that we'd be playing the part of the Japanese in this Pearl Harbor re-enactment.

    link to this | view in chronology ]

    • identicon
      mcinsand, 13 Aug 2014 @ 1:57pm

      Re: I think I'm turning Japanese

      Did you really have to use that title? Although I liked the song then and now, it's catchy enough to take hours to get out of your head.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Aug 2014 @ 1:40pm

    What happens when they strick back?

    When would it be acceptable in war for a country to strike back at the US? How many crooked things like this can our government pull on other countries before our civilians become justified targets?

    Nothing like constantly pissing off the very people we want nothing to do with.

    link to this | view in chronology ]

    • icon
      nasch (profile), 13 Aug 2014 @ 2:09pm

      Re: What happens when they strick back?

      When would it be acceptable in war for a country to strike back at the US?

      I think any attack on the US would be labeled terrorism or war crimes.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Aug 2014 @ 2:24pm

    This is funny, in a gallows humor kind of way. Everyone is worried about governments wanting to deploy an "internet kill switch", and then the NSA does it by accident.

    link to this | view in chronology ]

  • icon
    Violated (profile), 13 Aug 2014 @ 2:43pm

    That incident sounds like a Cyber War attack even if it was an accident which makes it lucky that Syria did not take down United States Governmental services, or worse, even if they may lack that technology.

    So the US terror campaign against the on-line world continues one country at a time.

    link to this | view in chronology ]

  • identicon
    Monkyyy, 13 Aug 2014 @ 4:25pm

    ANd if this happens here; do do I "downgrade" my router?

    link to this | view in chronology ]

  • identicon
    Zem, 13 Aug 2014 @ 4:36pm

    Had to say it.

    The american cyberattack was routed.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Aug 2014 @ 4:39pm

    The Syrian Gov. fell on the NSA's sword. They took all the blame for something they didn't do. Wonderful...

    link to this | view in chronology ]

  • icon
    Patrick (profile), 14 Aug 2014 @ 12:19am

    So an entire country's internet went through one router?

    link to this | view in chronology ]

    • icon
      John Fenderson (profile), 14 Aug 2014 @ 8:49am

      Re:

      It's possible.

      In 2011, Syria had a bit under 5 million internet users. A single high-capacity, multigigabit router could handle that. Although one would think they'd have more than one for redundancy purposes if nothing else. It might be the case that the NSA was installing software on all (both?) of the routers simultaneously and bricked them all, or that their failover mechanism, umm, failed.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Aug 2014 @ 1:48am

    And who is the routers' manufacturer? Would you be nice enough to inform the public?

    I just need to know what to avoid in hardware store.

    link to this | view in chronology ]

    • icon
      nasch (profile), 14 Aug 2014 @ 6:43am

      Re:


      I just need to know what to avoid in hardware store.


      You suppose the one on the next shelf is NSA-proof?

      link to this | view in chronology ]

  • icon
    LduN (profile), 14 Aug 2014 @ 7:28am

    Syria was using a central 5 year old Belkin router for their internets... turns out that it wasn't even a hack, just cheapness

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.