Slashdot Mirror

← Back to Stories (view on slashdot.org)

Blue Coat Denies Its Devices Helping Syrian Gov't

Posted by timothy on from the und-I'm-learning-chinese-says-werner-von-braun dept.

First time accepted submitter drmemnoch writes with a follow-up to a report last week that Internet proxy / filtering / logging devices made by Sunnyvale, CA based Blue Coat Systems have been used by the Syrian government to monitor and censor Syrian's Internet usage. drmemnoch notes that "Sales to restricted countries can often occur through 3rd party resellers. Blue Coat has yet to provide any information other than denial." Specifically, the company denies direct sales, but in the linked ZDnet report kept mum on how third-party resellers might be involved. I requested comment from the company about how their products might have ended up in Syria; Steve Schick of Blue Coat has responded to that request with a more detailed denial (included below) of the company's involvement, and says that there is "no firm evidence" in the logs leaked by Telecomix that Syria has any Blue Coat equipment at all; dissection of that response is invited. Schick writes: "Blue Coat does not sell to Syria and neither do we provide any kind of technical support, professional services or software maintenance. To our knowledge, we do not have any customers in Syria.

U.S. companies are prohibited from selling to Syria. In addition, we do not allow any of our resellers, regardless of their location in the world, to sell to an embargoed country, such as Syria.

We have seen logs posted that are allegedly from a Blue Coat appliance in use in Syria. From these logs, we see no firm evidence that would determine there is Blue Coat equipment in Syria; in fact, it appears that these logs came from an appliance in a country where there are no trade restrictions. In addition, the log files appear to have come from a third party server that was storing log files uploaded from one of our appliances. The allegation that an organization penetrated one of our appliances through a security hole is flatly not true. There are no known vulnerabilities of our appliance that would allow such an action."

73 comments

  1. BULLSHIT by Anonymous Coward · · Score: 0

    It doesn't matter if they sell to Syria. They're a part of the problem.

    1. Re:BULLSHIT by hedwards · · Score: 1

      Apart from going out of business, precisely what do you propose they do? Seriously, once they sell their items to another company, they don't have any control over where they end up.

      It remains to be seen if they truly are free of involvement here, but I wouldn't be surprised if it wasn't done by an authorized retailer.

    2. Re:BULLSHIT by LordLimecat · · Score: 1

      You misunderstand his complaint. He thinks that there is no place for equipment or software that filters the internet at all, whether it is voluntary or not.

    3. Re:BULLSHIT by hedwards · · Score: 1

      Ah, clearly I did.

    4. Re:BULLSHIT by Anonymous Coward · · Score: 1

      I interviewed at that company, once. What they told me turned me off so much (privacy and spying issues) that I walked away from a pretty firm job offer.

      DPI this and filter that and MITM ssl attacks.

      NO THANKS.

      They try to explain it as 'helping' but as Jon Stewart says, you are not helping AT ALL.

      I had to say no to the job offer. I can't help bad people 'win' like that.

      The whole premise is anti-freedom. Sickened me so much.

    5. Re:BULLSHIT by aztracker1 · · Score: 1

      Yeah.. and intel, and any other vendor that sold hardware to Syria is part of the problem too...

      --
      Michael J. Ryan - tracker1.info
    6. Re:BULLSHIT by Anonymous Coward · · Score: 0

      You chose well to decline. Check out Blue Coat at glassdoor.com . They do not look like a great place to work across the board (not just in technology).

    7. Re:BULLSHIT by LordLimecat · · Score: 1

      Wait, you interviewed there and you didnt even understand their core business? You do know that filtering is basically what they do right?

      Do you start your interviews off by asking, "so....what is your company called, what do you do, and why am I here"?

      Its like getting pissed off at Microsoft because you discovered mid-interview that theyre responsible for Windows.

  2. First time accepted submitter what? by Rosco+P.+Coltrane · · Score: 1

    Seriously, what's the deal with that "first time accepted submitter" thing? What does it bring to the story? Why do we care?

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
    1. Re:First time accepted submitter what? by ph4cr · · Score: 1

      Agreed. Is this a new policy? How does one get "accepted" to be a submitter? Is there a litmus test? Geek knowledge? Will we have to provide you with our real names ala Google + ? Just sayin!

    2. Re:First time accepted submitter what? by Belial6 · · Score: 1

      My guess would be to counter the endless complaints of favoritism to specific submitters. Perhaps Slashdot is trying to widen their net for submitters, and they feel that most people don't think their submission will even be considered. Thus they make a point to show that they do in fact take first time submitters.

    3. Re:First time accepted submitter what? by Anonymous Coward · · Score: 1

      Freshly reincarnated submitter Roland Piquepaille writes...

    4. Re:First time accepted submitter what? by Anonymous Coward · · Score: 0

      You get "accepted" to be a "submitter" when you "submit" something and it gets "accepted". Seriously, it's not fucking rocket science, and it's how Slashdot has always worked. It is in fact the very concept that Slashdot was created on.

        And mentioning first time submitters is something they've done for about as long as I can remember. I do think they changed the wording though, pretty sure it used to just say "first time submitter" which was misleading, since you may submit dozens of articles before one gets actually accepted.

    5. Re:First time accepted submitter what? by Roland+Piquepaille · · Score: 2

      I resent that...

    6. Re:First time accepted submitter what? by Runaway1956 · · Score: 1

      Yes, it's the litmus test. Lick the paper strip, if it turns blue, you can post. If it turns red, you can't post. There's a well known correlation between your body's acidity and your intelligence, not to mention your relevancy. /sarcasm

      Sorry, couldn't resist. Litmus test, LMAO!!

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
    7. Re:First time accepted submitter what? by Runaway1956 · · Score: 1

      Actually, you resemble that . . .

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
    8. Re:First time accepted submitter what? by dyingtolive · · Score: 2

      No, actually, you're supposed to be quite dead, I'm afraid:

      http://www.zdnet.com/blog/btl/rest-in-peace-roland-piquepaille/11430

      --
      Support the EFF and Creative Commons. The war is coming, and they're supporting you...
    9. Re:First time accepted submitter what? by dcollins · · Score: 1

      I've been here for over 10 years, and I've never seen any of these complaints of submitter favoritism. Not once that I can recall. Maybe there's some insider-y meta-forum I don't know about.

      But this "first time submitter" thing craps on my face every single day now.

      --
      We know where leadership by an anti-intellectual "strongman" who scapegoats minorities and likes boisterous rallies goes
    10. Re:First time accepted submitter what? by fastest+fascist · · Score: 1

      Just more noise, like that "story" tag that is attached to, well, everything, as far as I can tell.

    11. Re:First time accepted submitter what? by Anonymous Coward · · Score: 0

      It is indeed silly, especially since I've submitted and had stories accepted several times, but because they were submitted as AC they would never be recognized as anything new. So if I suddenly started using my name or some pseudonym I'd probably be called a "first-time submitter" even though I would not be.

      I don't know why they're doing this, but it is a useless distinction.

    12. Re:First time accepted submitter what? by VGPowerlord · · Score: 1

      I've been here for over 10 years, and I've never seen any of these complaints of submitter favoritism. Not once that I can recall. Maybe there's some insider-y meta-forum I don't know about.

      No, they've out right in the open. I don't know how you've missed them.

      Heck, I think even I've complained about it, particularly when Daniel Eran Dilger managed to get his largely fictional Pro-Apple stories (see: Roughly Drafted Magazine) published once or twice a week.

      (FYI: While I'm not a big fan of Apple, if your stories have actual facts in them, I'm not against Slashdot publishing them.)

      --
      GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
    13. Re:First time accepted submitter what? by idontgno · · Score: 2

      There's a well known correlation between your body's acidity and your intelligence, not to mention your relevancy.

      I've submitted several times, and never been accepted, but I'm not bitter.

      --
      Welcome to the Panopticon. Used to be a prison, now it's your home.
    14. Re:First time accepted submitter what? by Anonymous Coward · · Score: 1

      Exactly. Blue = base = bitter taste. If you're not bitter, that would mean you're acidic = red = sour.

    15. Re:First time accepted submitter what? by gorzek · · Score: 1

      It's a few extra words in the summary. Get over it. It sure isn't worth so much bitching.

      --
      Check out my world simulator thingy.
    16. Re:First time accepted submitter what? by Nyder · · Score: 1

      Agreed. Is this a new policy? How does one get "accepted" to be a submitter? Is there a litmus test? Geek knowledge? Will we have to provide you with our real names ala Google + ?

      Just sayin!

      Common sense tells me that a "First time accepted submitter" is someone who's submitted articles before, but it never got accepted, and this article is the first time that one of this persons submissions has been accept.

      --
      Be seeing you...
  3. Really by masternerdguy · · Score: 1

    A likely story.

    --
    To offset political mods, replace Flamebait with Insightful.
  4. Sounds like an attempted smear campaign by Anonymous Coward · · Score: 0

    This story is bogus. Bluecoat is one of the biggest players in the content filtering space. Why would they break the law to sell a couple of boxes to Syria?

    1. Re:Sounds like an attempted smear campaign by scdeimos · · Score: 1

      They took Gordon Gekko at his word: Greed is good.

  5. Look, we've got the purchase order to prove it! by Qzukk · · Score: 3, Funny

    See, right here, we sold this equipment to "Totally Not a Front Company for Syria's Government, Inc" in some town called Syria, which I think was in Texas or somewhere.

    They did pay a lot for the shipping, though.

    --
    If I have been able to see further than others, it is because I bought a pair of binoculars.
    1. Re:Look, we've got the purchase order to prove it! by Anonymous Coward · · Score: 1

      "I'm not a witch, I'm not a witch!"
      "But you are dressed as one!"
      "They dressed me like this! And this isn't my nose, it's a false one!"
      "Did you dress her like this?"
      "No! No, no no, no, no! Yes. A bit! A bit."

    2. Re:Look, we've got the purchase order to prove it! by Anonymous Coward · · Score: 1

      The town I live in (in the US) has the same name as a town in Syria.

  6. Reading between the lines by Anonymous Coward · · Score: 0

    From these logs, we see no firm evidence that would determine there is Blue Coat equipment in Syria; in fact, it appears that these logs came from an appliance in a country where there are no trade restrictions. In addition, the log files appear to have come from a third party server that was storing log files uploaded from one of our appliances. The allegation that an organization penetrated one of our appliances through a security hole is flatly not true. There are no known vulnerabilities of our appliance that would allow such an action."

    So, there is Blue Coat equipment logging Syrian connectivity, but it's not physically located in Syria. It doesn't belong to the Syrians, it belongs to a non-Syrian orgamization. Nobody (not even our hypothetical Syrians :) actually penetrated the security of said machine, quite plausibly because they were authorized to use it.

    There are so many loopholes in those details it's pretty sad. On a par with "The US doesn't torture. The US doesn't send people to other countries to be tortured. The US just happens to have someone hanging around when some other countries (ironically, Syria's probably one of those countries :) as their police conduct aggressive interrogations of people they suspect of doing bad things."

    Maybe Blue Coat's completely innocent here. But the more details they add, the more they make this appear like a non-denial-denial. Whether they have plausible (or even implausible :) deniability or not, they would probably do better PR for themselves if they just issued a flat "we comply with US law, and where applicable, to the laws of all other jurisdictions, and have no further comment".

  7. original accusation came from a by nimbius · · Score: 2

    french website that conducted their own investigation of the logs and determined that because they saw a bluecoat header, it was obviously bluecoat. they then reminded their audience they had no concrete evidence bluecoat had sold directly to syria any product. furthermore from a very generic, single header line, the exact model of the product was determined.

    id be way more inclined to believe the article as well, had it not been ended with the line "This is year 2011, states and private companies are here to protect you feel safe."

    http://reflets.info/bluecoats-role-in-syrian-censorship-and-nationwide-monitoring-system/

    --
    Good people go to bed earlier.
  8. Needless. by unity100 · · Score: 0

    In capitalism you sell your mother if there is a good bidder. Or if you cant sell a tree for example, you cut it down so noone will use it for free and reduce the price of other trees you are wanting to sell. so asking a corporation to justify their shit is pointless. they will just lie.

    --
    Read radical news here
    1. Re:Needless. by phil_aychio · · Score: 1

      I can't believe BlueCoat would go through all this hassle to prevent some Syrians from mining bitcoins.

      --
      obvious redundancy is obvious
  9. What's missing here? by oldhack · · Score: 1

    Tim, you implied that the vendor's denial was half-assed mumble-wamble, but the response you produced seem pretty categorical.

    What are you trying to get at? Is there more to the background you have failed to note? Cuz, as it is, it appears you're grasping the straws to smear the outfit.

    --
    Fuck systemd. Fuck Redhat. Fuck Soylent, too. Wait, scratch the last one.
    1. Re:What's missing here? by timothy · · Score: 1

      Not trying to smear, and it seems like a pretty clear denial to me as well.

      There are two things in the answer that I'd like to see (preferrably) non Blue Coat employees address, though:

      1) "The allegation that an organization penetrated one of our appliances through a security hole is flatly not true. There are no known vulnerabilities of our appliance that would allow such an action" Is that the case? I don't know enough about it, but I'm sure there are people who do.

      2) "it appears that these logs came from an appliance in a country where there are no trade restrictions" -- I'd like to know what about the logs conveys that information. Not proposing anything conspiratorial, but curious.

      timothy

      --
      jrnl: http://tinyurl.com/c2l8yr / foes: http://tinyurl.com/ckjno5
    2. Re:What's missing here? by oldhack · · Score: 1

      Somebody mod the parent up - timothy is elaborating on his story post.

      --
      Fuck systemd. Fuck Redhat. Fuck Soylent, too. Wait, scratch the last one.
    3. Re:What's missing here? by Anonymous Coward · · Score: 0

      I was one of the people that found the appliances in the first place, and they can still be scanned with NMAP at 82.137.200.42-56. Which belongs to "Tarassul inetnet Service Provider" according to a quick check in the RIPE database at: http://apps.db.ripe.net/search/query.html?searchtext=82.137.200.42&flags=&sources=RIPE_NCC&grssources=&inverse=&types=

      If use nmap -T4 -A -v -sC -PN 82.137.200.42 The services on 80 and 8080 used to respond as Bluecoat Proxies. This has only changed in the last 72 hours as the Syrian ISPs are working to cover their tracks. NMAP's OS detection guesses that the devices are Bluecoat SGOS 5.X devices, but this is not exact. I have NMAP scans from before as well as the ability so show other Bluecoat devices at another set of ISPs.

      I also have access to underacted logs from 82.137.200.42 that show client IPs in netblocks that belong to Syrian ISPs. In addition I have network scans done on other Syrian ISPs with devices reporting in the SCS range, as well as evidence that these devices are linked to SCS's backbone network along with other devices labeled as Netapp Netcaches with was sold off to Bluecoat in the past few years.

      1. There was no security vulnerability, the Syrians did nothing to secure access to these logs as Bluecoat recommended. With Bluecoat devices you can either log to a Syslog server or dump the files to a FTP share. They chose to use a FTP share on a server loaded with Windows 2008 so that they could use the windows version of Bluecoat's Log Analysis tool. The FTP share was wholly unsecured.

      2. All IPs in the logs, and from what we gathered are with netblocks assigned to Syria. None of the traffic comes from an IP address that suggests otherwise and the claim that the logs say anything of the sort . They literally made that part of the response up.

      This blog post also shows that the Bluecoat devices in question were actively connecting back to Bluecoat from Syrian IPs to connect to Bluecoat subscription services : http://b.averysmallbird.com/entries/bluecoat-and-syria-indicators-and-culpability

  10. Not sure how they could stop it... by gtvr · · Score: 2

    In a world where Iran has nuclear centrifuges, Mexican drug lords have military weapons, Columbian drug cartels have submarines, how could Bluecoat stop some reseller from selling something to Syria?

    1. Re:Not sure how they could stop it... by tehtest · · Score: 0

      GPS Based self-destruct code!

  11. Our great shame by bazmail · · Score: 1

    Next July 4th when you're drunk on patriotism and shedding tears while looking at old glory remember that we, the US, are one of the worlds biggest exporters of oppression. Disgusting.

    1. Re:Our great shame by Anonymous Coward · · Score: 0

      Bullshit. No country is perfect, but the USA is, by far, the closest thing out there.

    2. Re:Our great shame by Anonymous Coward · · Score: 0

      Didn't you hear the news? Being the best was too hard so the liberals and conservatives got together and agreed to aim for "Better than North Korea".

    3. Re:Our great shame by Nadaka · · Score: 1

      As an American Patriot, I am not sure its going to be that way for long (and may have already slipped from that position). America needs to do better than it is, for our own sake.

    4. Re:Our great shame by bazmail · · Score: 1

      Really? How so? Merely because you were born in it?

    5. Re:Our great shame by Anonymous Coward · · Score: 0

      Yeah, US is the closest we got as the worlds biggest exporter of oppression, isn't it what the OP said. Shove your patriotic rants up your patriotic ass. We try to topple their elected governments a while back and the country to the list of terrorism sponsoring countries. It is one thing to be patriotic and completely different to be an asshole in the name of patriotism.

       

  12. Blue Coat does not intercept IM's by bzImage8 · · Score: 2

    After reading TFA.. i found:

    "The evidence we have collected proves that there is a ban on secured authentications for communication tools, such as MSN, Yahoo Messenger, or the Facebook Chat. Syrian people who use these services should be aware that local authorities already stoled their passwords and that all their communications are being intercepted."

    And as someone who has been implementing & supporting Proxy solutions for top 500 level companies in Latin America (yea, including Blue Coat & Squid).

    I can tell that at least with Blue Coat the "MSN" Interception was possible with really old versions of MSN, Blue Coat Stopped selling and even supporting the IM interception product years ago, why ? because it was really difficult to keep up with the new versions of MSN..

    So:

    1.- The article is misleading
    2.- All the Syrian country uses MSN v 1.0

    --
    Unix its simple, but sometimes it takes a geniuos to understand the simplicity -- Dennis Ritchie
  13. Analysis by homey+of+my+owney · · Score: 1

    Simple: Until you can prove it, we deny it.

  14. IBM sold equipment to the nazis by Anonymous Coward · · Score: 0

    ever wonder why the jews,polocks,gays all had numerical tattoos?

    The bigger question is why do people make this kind of equipment, it is ONLY used to repress people.

    1. Re:IBM sold equipment to the nazis by LordLimecat · · Score: 1

      Thats really not accurate, there are many companies who use this type of thing, and that really doesnt qualify as oppression. As it is the company's network, they are perfectly free to mandate what comes in and out of it.

    2. Re:IBM sold equipment to the nazis by humphrm · · Score: 1

      IBM sold what was considered a computer in those days to the Nazis, then the Nazis used them to tabulate their kills. Not the same type of computer that you typed your comment in on, but the same basic function; input, compute, output.

      Also, many other companies also sold to the Nazis during the WWII period including Standard Oil (Chevron, Amoco, and later BP) and AT&T and many others.

      Also, I hope you don't like Volkswagons, Porsches, Audis, Bentleys, Bugattis, Lamborghinis, SEATs, kodas or Scanias.

      --
      -- "In order to have power, I must be taken seriously." -Mojo Jojo
    3. Re:IBM sold equipment to the nazis by GameboyRMH · · Score: 1

      Don't forget Siemens, and Mitsubishi built Japanese fighters...

      --
      "When information is power, privacy is freedom" - Jah-Wren Ryel
    4. Re:IBM sold equipment to the nazis by Anonymous Coward · · Score: 0

      I haven't forgotten Siemens DPI .... Companies always make brutal dictatorships all the more easier.

    5. Re:IBM sold equipment to the nazis by earthforce_1 · · Score: 1

      Hitler kept a picture of Henry Ford on his desk; and it wasn't because he liked his cars.

      --
      My rights don't need management.
  15. Two by two by Anonymous Coward · · Score: 0

    coats of blue.

  16. Software is just software by Sean · · Score: 2

    What's next, giving the author of nmap the 3rd degree because someone did something bad with it?

    1. Re:Software is just software by Anonymous Coward · · Score: 0

      Blue Coat's products are hardware appliances...

  17. BlueCoat Knew - Syria's Devices Called Home by Myuu · · Score: 2

    I wrote about the matter this morning:

    "It would appear that all of Syria’s BlueCoat hardware calls home to update its ability to filter and monitor new objects that it has not encountered. Equally importantly, the Syrian logs are filled with queries related to BlueCoat systems, such as ‘bluecoat data collector,’ something that a general home user would have little interest in."

    http://b.averysmallbird.com/entries/bluecoat-and-syria-indicators-and-culpability

    There is currently a BlueCoat appliance located in Syria at 82.137.200.42; if the company needs any more of the dozen or so identified addresses of their hardware, I or Telecomix would be happy to oblige.

    --

    forget it.
  18. Real easy way for Bluecoat to do it's best by phayes · · Score: 1

    Bluecoat is not just a box, it's a service. If Bluecoat is serious about not wanting to be used by Syria they should blackhole Syria's IP ranges. No this can't shut off the service as the syrians could use a proxy server outside their IP ranges but it would show that Bluecoat has made an effort...

    --
    Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
    1. Re:Real easy way for Bluecoat to do it's best by TheGratefulNet · · Score: 1

      its not just bluecoat. there are 50 companies (well, not that many but close) in the bay area, alone, who are so into DPI and other invasions of privacy and tell this to one audience as a 'security tool' and all the while selling it to the owners of the country/company as a spy tool.

      I won't name names (they have lawyers; I don't) but any networking company worth anything beyond home unmanaged switches DOES have or PLANS to have DPI and sell it to many bad folks.

      10 or 15 years ago, switching was hot. before that, routing was hot. now, all that is simple and solved; what's the new hotness? spying and complex hardware assisted triggering on DPI. user-written code that RUNS ON the core routers and gets its finger on the bits (directly). the big vendors are allowing user-written code to override normal routing protocols and data forwarding.

      beware, that's all I can say. networking is not the 'transparent' thing it once was ;(

      --

      --
      "It is now safe to switch off your computer."
    2. Re:Real easy way for Bluecoat to do it's best by phayes · · Score: 1

      No argument here, I install & maintain Bluecoats & other security related solutions for a living. Fortunately for my consience, my clients are a lot less oppressive/dangereous that the SG.

      --
      Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
  19. What about OS tools? by juosukai · · Score: 2

    Sure, using IT infra in this ways is purely evil. And no, companies should not provide any tools for oppressive regimes.

    But when will see the first complaints that Open Source tools allow governments to do largely the same things?

    I'm nos saying that OS is bad, but is there anyway that OS projects can ensure that their products are used for oppressive means? /jussi

  20. In other news... by Anonymous Coward · · Score: 0

    Illicit gambling was reported in Casablanca tonight. Local official Captain Renault was quoted as "being shocked, shocked that gambling is going on in here!".

  21. Lets not be surprised by Anonymous Coward · · Score: 0

    Just like Cisco, Lucent and others ethics or morals do not pad bonuses.

  22. Litmus Test by Anonymous Coward · · Score: 0

    As I recall my first year chemistry, Litmus paper turns bLue in aLkaline solutions, and reD in aciDic solutions. But that was not in the USA where colors are different from colours.

    In the rest of the world,Blue is the colour of the right-wing, more conservative political party, and Red is the colour of the left-wing more socialist party.

    However in the USA, Red is the color of the Republicans (right wing comservative) and Blue is the color of the Democrats (left-wing progressive

  23. Bluecoat, the tyrants friend by Anonymous Coward · · Score: 0

    The government of Myanmar (Burma) also uses Bluecoat devices to censor what their citizens can see on the internet...

  24. If you have a user.... by nweaver · · Score: 1

    If you have a user behind this proxy willing to run Netalyzr and send us the results link either direct to netalyzr-help@icsi.berkeley.edu or to you, I'd be very interested in seeing if we can see the BlueCoat proxy in our Netalyzr testing.

    --
    Test your net with Netalyzr
  25. Like blaming McDonalds for selling burgers used... by Anonymous Coward · · Score: 0

    ...as lunch to (pick your antagonist).

    So someone sells something that is used as intended to someone you don't like... You gotta get them in line behind arms dealers. The "so what" factor here is huge.