By Andy Greenberg
One morning in mid-August, seven months into the Arab Spring protests and government crackdowns in which thousands have been killed, something strange happened on Syria’s Internet. As users aimed their Web browsers at Google and Facebook, they instead saw a page of white Arabic script scrawled across a black background.
“This is a deliberate, temporary Internet breakdown. Please read carefully and spread the following message,” it read. “Your Internet activity is monitored.”
Then the page switched to a white screen filled with instructions on using free encryption and anonymity software like Tor and TrueCrypt to evade surveillance and censorship. Emblazoned above the text was a round, mysterious symbol: a star inside an omega, hovering over a pyramid surrounded by lightning bolts. Below it were written the words: “This is Telecomix. We come in peace.”
Telecomix, a loose-knit team of international hacktivists, had been scanning the Syrian Internet in a massive sweep, dividing 700,000 target connections among its members in Germany, France and the U.S., probing for hackable devices with software tools like Nmap and Shodan. They compromised vulnerable Cisco Systems-produced network switches to find other devices’ passwords, snooped on open cameras revealing street scenes and even officials’ desks, and at one point retrieved the log-in credentials for 5,000 unsecured home routers, which they used to insert the surveillance warning (shown below) into browsers across the country.
As the globally-distributed hackers combed Syria’s networks and posted their findings in a crowd-sourced document, one American member of the group, who uses the handle Punkbob, spotted a Windows FTP server filled with data he recognized: logs from a Proxy SG 9000 appliance built by the Sunnyvale, Calif.-based company Blue Coat Systems. In Punkbob’s day job at a Pentagon contractor, he says, the same equipment had been used to intercept traffic to filter and track staff behavior. The Syrian machine’s logs showed the Internet activity of thousands of users, connecting the sites they attempted to visit and every word of their communications with the IP addresses that pointed directly to their homes. In short, he had discovered American technology being used to help a brutal dictatorship spy on its citizens.
“At first we were just poking around, but when I saw that, I had this feeling of dread,” says Punkbob, who requested that Forbes not use his real name. “To see exactly what Syria was tracking and who was providing the technology to do it.…That was when it felt real.”
Since Telecomix published 54 gigabytes of those logs, the resulting attention has forced Blue Coat to admit that its gear had been used by Syria, a potential violation of international sanctions against that country. The company didn’t respond to Forbes’ request for an interview, citing an ongoing internal review and a related Commerce Department probe. (Note that the investigation didn’t deter private equity firm Thoma Bravo and the Ontario Teachers Pension Plan from a recent deal to take Blue Coat private for $1.3 billion.) The disclosure of Blue Coat’s gear in Syria has touched off revelations that hardware from other U.S. firms, including NetApp and HP, was also used by blacklisted regimes. The industry now faces tough new questions about tech firms’ responsibility for how their products are deployed—and by whom.
Telecomix sees its Blue Coat discovery as a turning point in the group’s mission: Founded to fight for free speech, it now aims to also expose those who fight against that ideal, including any Western tech firm aiding the wrong side. “I hope that the Blue Coat thing was the start of something much bigger,” says Chris Kullenberg, a lean and lip-pierced Swedish political science grad student at the University of Gothenburg and a Telecomix founder. “The goal is to put political pressure on these companies. It started with rage and frustration. What can we do? Well, we can hack a few boxes and expose this to the world. That’s the motivation that drives hackers deeper and deeper into the networks.”
Telecomix likely broke Syrian law. But some more traditional activists appreciate their work. “It crosses a line we wouldn’t be comfortable crossing,” says Brett Solomon, president of the digital human rights group Access Now. “But sometimes it takes someone like Telecomix to put a spanner in the works.”
Actively hacking networks is a new game for Telecomix’s Web revolutionaries. But unlike the hacker group Anonymous, which began with juvenile pranks before attacking Scientologists, opponents of WikiLeaks and defense contractors, Telecomix was born political. The group was created at a Gothenburg conference in 2009 to oppose the European Union’s so-called Telecoms Package, industry-influenced laws that would have cut Internet access for anyone repeatedly downloading copyrighted files. “In a sense, corporations have always been the enemy,” says Kullenberg.