Slashdot Mirror

← Back to Stories (view on slashdot.org)

Blue Coat Denies Its Devices Helping Syrian Gov't

Posted by timothy on from the und-I'm-learning-chinese-says-werner-von-braun dept.

First time accepted submitter drmemnoch writes with a follow-up to a report last week that Internet proxy / filtering / logging devices made by Sunnyvale, CA based Blue Coat Systems have been used by the Syrian government to monitor and censor Syrian's Internet usage. drmemnoch notes that "Sales to restricted countries can often occur through 3rd party resellers. Blue Coat has yet to provide any information other than denial." Specifically, the company denies direct sales, but in the linked ZDnet report kept mum on how third-party resellers might be involved. I requested comment from the company about how their products might have ended up in Syria; Steve Schick of Blue Coat has responded to that request with a more detailed denial (included below) of the company's involvement, and says that there is "no firm evidence" in the logs leaked by Telecomix that Syria has any Blue Coat equipment at all; dissection of that response is invited. Schick writes: "Blue Coat does not sell to Syria and neither do we provide any kind of technical support, professional services or software maintenance. To our knowledge, we do not have any customers in Syria.

U.S. companies are prohibited from selling to Syria. In addition, we do not allow any of our resellers, regardless of their location in the world, to sell to an embargoed country, such as Syria.

We have seen logs posted that are allegedly from a Blue Coat appliance in use in Syria. From these logs, we see no firm evidence that would determine there is Blue Coat equipment in Syria; in fact, it appears that these logs came from an appliance in a country where there are no trade restrictions. In addition, the log files appear to have come from a third party server that was storing log files uploaded from one of our appliances. The allegation that an organization penetrated one of our appliances through a security hole is flatly not true. There are no known vulnerabilities of our appliance that would allow such an action."

48 of 73 comments (clear)

  1. First time accepted submitter what? by Rosco+P.+Coltrane · · Score: 1

    Seriously, what's the deal with that "first time accepted submitter" thing? What does it bring to the story? Why do we care?

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
    1. Re:First time accepted submitter what? by ph4cr · · Score: 1

      Agreed. Is this a new policy? How does one get "accepted" to be a submitter? Is there a litmus test? Geek knowledge? Will we have to provide you with our real names ala Google + ? Just sayin!

    2. Re:First time accepted submitter what? by Belial6 · · Score: 1

      My guess would be to counter the endless complaints of favoritism to specific submitters. Perhaps Slashdot is trying to widen their net for submitters, and they feel that most people don't think their submission will even be considered. Thus they make a point to show that they do in fact take first time submitters.

    3. Re:First time accepted submitter what? by Anonymous Coward · · Score: 1

      Freshly reincarnated submitter Roland Piquepaille writes...

    4. Re:First time accepted submitter what? by Roland+Piquepaille · · Score: 2

      I resent that...

    5. Re:First time accepted submitter what? by Runaway1956 · · Score: 1

      Yes, it's the litmus test. Lick the paper strip, if it turns blue, you can post. If it turns red, you can't post. There's a well known correlation between your body's acidity and your intelligence, not to mention your relevancy. /sarcasm

      Sorry, couldn't resist. Litmus test, LMAO!!

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
    6. Re:First time accepted submitter what? by Runaway1956 · · Score: 1

      Actually, you resemble that . . .

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
    7. Re:First time accepted submitter what? by dyingtolive · · Score: 2

      No, actually, you're supposed to be quite dead, I'm afraid:

      http://www.zdnet.com/blog/btl/rest-in-peace-roland-piquepaille/11430

      --
      Support the EFF and Creative Commons. The war is coming, and they're supporting you...
    8. Re:First time accepted submitter what? by dcollins · · Score: 1

      I've been here for over 10 years, and I've never seen any of these complaints of submitter favoritism. Not once that I can recall. Maybe there's some insider-y meta-forum I don't know about.

      But this "first time submitter" thing craps on my face every single day now.

      --
      We know where leadership by an anti-intellectual "strongman" who scapegoats minorities and likes boisterous rallies goes
    9. Re:First time accepted submitter what? by fastest+fascist · · Score: 1

      Just more noise, like that "story" tag that is attached to, well, everything, as far as I can tell.

    10. Re:First time accepted submitter what? by VGPowerlord · · Score: 1

      I've been here for over 10 years, and I've never seen any of these complaints of submitter favoritism. Not once that I can recall. Maybe there's some insider-y meta-forum I don't know about.

      No, they've out right in the open. I don't know how you've missed them.

      Heck, I think even I've complained about it, particularly when Daniel Eran Dilger managed to get his largely fictional Pro-Apple stories (see: Roughly Drafted Magazine) published once or twice a week.

      (FYI: While I'm not a big fan of Apple, if your stories have actual facts in them, I'm not against Slashdot publishing them.)

      --
      GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
    11. Re:First time accepted submitter what? by idontgno · · Score: 2

      There's a well known correlation between your body's acidity and your intelligence, not to mention your relevancy.

      I've submitted several times, and never been accepted, but I'm not bitter.

      --
      Welcome to the Panopticon. Used to be a prison, now it's your home.
    12. Re:First time accepted submitter what? by Anonymous Coward · · Score: 1

      Exactly. Blue = base = bitter taste. If you're not bitter, that would mean you're acidic = red = sour.

    13. Re:First time accepted submitter what? by gorzek · · Score: 1

      It's a few extra words in the summary. Get over it. It sure isn't worth so much bitching.

      --
      Check out my world simulator thingy.
    14. Re:First time accepted submitter what? by Nyder · · Score: 1

      Agreed. Is this a new policy? How does one get "accepted" to be a submitter? Is there a litmus test? Geek knowledge? Will we have to provide you with our real names ala Google + ?

      Just sayin!

      Common sense tells me that a "First time accepted submitter" is someone who's submitted articles before, but it never got accepted, and this article is the first time that one of this persons submissions has been accept.

      --
      Be seeing you...
  2. Really by masternerdguy · · Score: 1

    A likely story.

    --
    To offset political mods, replace Flamebait with Insightful.
  3. Look, we've got the purchase order to prove it! by Qzukk · · Score: 3, Funny

    See, right here, we sold this equipment to "Totally Not a Front Company for Syria's Government, Inc" in some town called Syria, which I think was in Texas or somewhere.

    They did pay a lot for the shipping, though.

    --
    If I have been able to see further than others, it is because I bought a pair of binoculars.
    1. Re:Look, we've got the purchase order to prove it! by Anonymous Coward · · Score: 1

      "I'm not a witch, I'm not a witch!"
      "But you are dressed as one!"
      "They dressed me like this! And this isn't my nose, it's a false one!"
      "Did you dress her like this?"
      "No! No, no no, no, no! Yes. A bit! A bit."

    2. Re:Look, we've got the purchase order to prove it! by Anonymous Coward · · Score: 1

      The town I live in (in the US) has the same name as a town in Syria.

  4. Re:BULLSHIT by hedwards · · Score: 1

    Apart from going out of business, precisely what do you propose they do? Seriously, once they sell their items to another company, they don't have any control over where they end up.

    It remains to be seen if they truly are free of involvement here, but I wouldn't be surprised if it wasn't done by an authorized retailer.

  5. original accusation came from a by nimbius · · Score: 2

    french website that conducted their own investigation of the logs and determined that because they saw a bluecoat header, it was obviously bluecoat. they then reminded their audience they had no concrete evidence bluecoat had sold directly to syria any product. furthermore from a very generic, single header line, the exact model of the product was determined.

    id be way more inclined to believe the article as well, had it not been ended with the line "This is year 2011, states and private companies are here to protect you feel safe."

    http://reflets.info/bluecoats-role-in-syrian-censorship-and-nationwide-monitoring-system/

    --
    Good people go to bed earlier.
  6. What's missing here? by oldhack · · Score: 1

    Tim, you implied that the vendor's denial was half-assed mumble-wamble, but the response you produced seem pretty categorical.

    What are you trying to get at? Is there more to the background you have failed to note? Cuz, as it is, it appears you're grasping the straws to smear the outfit.

    --
    Fuck systemd. Fuck Redhat. Fuck Soylent, too. Wait, scratch the last one.
    1. Re:What's missing here? by timothy · · Score: 1

      Not trying to smear, and it seems like a pretty clear denial to me as well.

      There are two things in the answer that I'd like to see (preferrably) non Blue Coat employees address, though:

      1) "The allegation that an organization penetrated one of our appliances through a security hole is flatly not true. There are no known vulnerabilities of our appliance that would allow such an action" Is that the case? I don't know enough about it, but I'm sure there are people who do.

      2) "it appears that these logs came from an appliance in a country where there are no trade restrictions" -- I'd like to know what about the logs conveys that information. Not proposing anything conspiratorial, but curious.

      timothy

      --
      jrnl: http://tinyurl.com/c2l8yr / foes: http://tinyurl.com/ckjno5
    2. Re:What's missing here? by oldhack · · Score: 1

      Somebody mod the parent up - timothy is elaborating on his story post.

      --
      Fuck systemd. Fuck Redhat. Fuck Soylent, too. Wait, scratch the last one.
  7. Not sure how they could stop it... by gtvr · · Score: 2

    In a world where Iran has nuclear centrifuges, Mexican drug lords have military weapons, Columbian drug cartels have submarines, how could Bluecoat stop some reseller from selling something to Syria?

  8. Re:Needless. by phil_aychio · · Score: 1

    I can't believe BlueCoat would go through all this hassle to prevent some Syrians from mining bitcoins.

    --
    obvious redundancy is obvious
  9. Our great shame by bazmail · · Score: 1

    Next July 4th when you're drunk on patriotism and shedding tears while looking at old glory remember that we, the US, are one of the worlds biggest exporters of oppression. Disgusting.

    1. Re:Our great shame by Nadaka · · Score: 1

      As an American Patriot, I am not sure its going to be that way for long (and may have already slipped from that position). America needs to do better than it is, for our own sake.

    2. Re:Our great shame by bazmail · · Score: 1

      Really? How so? Merely because you were born in it?

  10. Blue Coat does not intercept IM's by bzImage8 · · Score: 2

    After reading TFA.. i found:

    "The evidence we have collected proves that there is a ban on secured authentications for communication tools, such as MSN, Yahoo Messenger, or the Facebook Chat. Syrian people who use these services should be aware that local authorities already stoled their passwords and that all their communications are being intercepted."

    And as someone who has been implementing & supporting Proxy solutions for top 500 level companies in Latin America (yea, including Blue Coat & Squid).

    I can tell that at least with Blue Coat the "MSN" Interception was possible with really old versions of MSN, Blue Coat Stopped selling and even supporting the IM interception product years ago, why ? because it was really difficult to keep up with the new versions of MSN..

    So:

    1.- The article is misleading
    2.- All the Syrian country uses MSN v 1.0

    --
    Unix its simple, but sometimes it takes a geniuos to understand the simplicity -- Dennis Ritchie
  11. Analysis by homey+of+my+owney · · Score: 1

    Simple: Until you can prove it, we deny it.

  12. Re:BULLSHIT by LordLimecat · · Score: 1

    You misunderstand his complaint. He thinks that there is no place for equipment or software that filters the internet at all, whether it is voluntary or not.

  13. Re:IBM sold equipment to the nazis by LordLimecat · · Score: 1

    Thats really not accurate, there are many companies who use this type of thing, and that really doesnt qualify as oppression. As it is the company's network, they are perfectly free to mandate what comes in and out of it.

  14. Re:BULLSHIT by hedwards · · Score: 1

    Ah, clearly I did.

  15. Software is just software by Sean · · Score: 2

    What's next, giving the author of nmap the 3rd degree because someone did something bad with it?

  16. BlueCoat Knew - Syria's Devices Called Home by Myuu · · Score: 2

    I wrote about the matter this morning:

    "It would appear that all of Syria’s BlueCoat hardware calls home to update its ability to filter and monitor new objects that it has not encountered. Equally importantly, the Syrian logs are filled with queries related to BlueCoat systems, such as ‘bluecoat data collector,’ something that a general home user would have little interest in."

    http://b.averysmallbird.com/entries/bluecoat-and-syria-indicators-and-culpability

    There is currently a BlueCoat appliance located in Syria at 82.137.200.42; if the company needs any more of the dozen or so identified addresses of their hardware, I or Telecomix would be happy to oblige.

    --

    forget it.
  17. Re:IBM sold equipment to the nazis by humphrm · · Score: 1

    IBM sold what was considered a computer in those days to the Nazis, then the Nazis used them to tabulate their kills. Not the same type of computer that you typed your comment in on, but the same basic function; input, compute, output.

    Also, many other companies also sold to the Nazis during the WWII period including Standard Oil (Chevron, Amoco, and later BP) and AT&T and many others.

    Also, I hope you don't like Volkswagons, Porsches, Audis, Bentleys, Bugattis, Lamborghinis, SEATs, kodas or Scanias.

    --
    -- "In order to have power, I must be taken seriously." -Mojo Jojo
  18. Real easy way for Bluecoat to do it's best by phayes · · Score: 1

    Bluecoat is not just a box, it's a service. If Bluecoat is serious about not wanting to be used by Syria they should blackhole Syria's IP ranges. No this can't shut off the service as the syrians could use a proxy server outside their IP ranges but it would show that Bluecoat has made an effort...

    --
    Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
    1. Re:Real easy way for Bluecoat to do it's best by TheGratefulNet · · Score: 1

      its not just bluecoat. there are 50 companies (well, not that many but close) in the bay area, alone, who are so into DPI and other invasions of privacy and tell this to one audience as a 'security tool' and all the while selling it to the owners of the country/company as a spy tool.

      I won't name names (they have lawyers; I don't) but any networking company worth anything beyond home unmanaged switches DOES have or PLANS to have DPI and sell it to many bad folks.

      10 or 15 years ago, switching was hot. before that, routing was hot. now, all that is simple and solved; what's the new hotness? spying and complex hardware assisted triggering on DPI. user-written code that RUNS ON the core routers and gets its finger on the bits (directly). the big vendors are allowing user-written code to override normal routing protocols and data forwarding.

      beware, that's all I can say. networking is not the 'transparent' thing it once was ;(

      --

      --
      "It is now safe to switch off your computer."
    2. Re:Real easy way for Bluecoat to do it's best by phayes · · Score: 1

      No argument here, I install & maintain Bluecoats & other security related solutions for a living. Fortunately for my consience, my clients are a lot less oppressive/dangereous that the SG.

      --
      Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
  19. Re:BULLSHIT by Anonymous Coward · · Score: 1

    I interviewed at that company, once. What they told me turned me off so much (privacy and spying issues) that I walked away from a pretty firm job offer.

    DPI this and filter that and MITM ssl attacks.

    NO THANKS.

    They try to explain it as 'helping' but as Jon Stewart says, you are not helping AT ALL.

    I had to say no to the job offer. I can't help bad people 'win' like that.

    The whole premise is anti-freedom. Sickened me so much.

  20. What about OS tools? by juosukai · · Score: 2

    Sure, using IT infra in this ways is purely evil. And no, companies should not provide any tools for oppressive regimes.

    But when will see the first complaints that Open Source tools allow governments to do largely the same things?

    I'm nos saying that OS is bad, but is there anyway that OS projects can ensure that their products are used for oppressive means? /jussi

  21. Re:IBM sold equipment to the nazis by GameboyRMH · · Score: 1

    Don't forget Siemens, and Mitsubishi built Japanese fighters...

    --
    "When information is power, privacy is freedom" - Jah-Wren Ryel
  22. Re:BULLSHIT by aztracker1 · · Score: 1

    Yeah.. and intel, and any other vendor that sold hardware to Syria is part of the problem too...

    --
    Michael J. Ryan - tracker1.info
  23. If you have a user.... by nweaver · · Score: 1

    If you have a user behind this proxy willing to run Netalyzr and send us the results link either direct to netalyzr-help@icsi.berkeley.edu or to you, I'd be very interested in seeing if we can see the BlueCoat proxy in our Netalyzr testing.

    --
    Test your net with Netalyzr
  24. Re:BULLSHIT by LordLimecat · · Score: 1

    Wait, you interviewed there and you didnt even understand their core business? You do know that filtering is basically what they do right?

    Do you start your interviews off by asking, "so....what is your company called, what do you do, and why am I here"?

    Its like getting pissed off at Microsoft because you discovered mid-interview that theyre responsible for Windows.

  25. Re:Sounds like an attempted smear campaign by scdeimos · · Score: 1

    They took Gordon Gekko at his word: Greed is good.

  26. Re:IBM sold equipment to the nazis by earthforce_1 · · Score: 1

    Hitler kept a picture of Henry Ford on his desk; and it wasn't because he liked his cars.

    --
    My rights don't need management.