Slashdot Mirror

← Back to Stories (view on slashdot.org)

Blue Coat Concedes Its Devices Operating in Syria

Posted by timothy on from the hat-tip-to-jake dept.

A few weeks ago, in reaction to claims that Blue Coat systems were being used to track internet use in Syria, a company spokesman denied the charges here, saying "To our knowledge, we do not have any customers in Syria," and that the company followed the web of regulations that would prohibit sale to certain countries, Syria among them. In response to the logs on which the claims were based, he said "it appears that these logs came from an appliance in a country where there are no trade restrictions." A report at the Wall Street Journal says that the company has now acknowledged that Blue Coat devices are being used in Syria after all; the paper reports that at least 13 of the censorware boxes are in use there, and cites an unnamed source who says "as many as 25 appliances have made their way into Syria since the mid-2000s, with most sold through Dubai-based middlemen."

8 of 90 comments (clear)

  1. Duh! by chill · · Score: 4, Insightful

    Who here is surprised by this?

    I'm sure a nice premium was paid to the Dubai distributor, who also most likely set up proxies for Syria so the update requests to BlueCoat look like they originate in the UAE.

    I'd be stunned to learn there wasn't more than a few dedicated suppliers in the Middle East who do nothing BUT funnel high-tech equipment into Syria and Iran, along with anyone else who pays in cash. They probably have plenty of competition from Russian distributors.

    --
    Learning HOW to think is more important than learning WHAT to think.
  2. Re:to be fair by fuzzyfuzzyfungus · · Score: 5, Interesting

    That would depend, in part, on a couple of things:

    1. How "3rd party" are the 3rd parties? Shit does get smuggled sometimes; but people have been known to wink that their Dubai based VARs so long as the money is there...

    2. How independent of the mothership are Blue Coat's censorship appliances. Some enterprise gear is relatively independent. Buy it, plug it in, the only remaining contact with the vendor is a warranty call if needed. Some enterprise gear is virtually a rented extension of the vendor's own network: You plug it in, it phones home more or less constantly for updates, with status reports, to go into cripple-mode if the service contract isn't paid up, to initiate service calls for shot FRUs, etc. If Blue Coat's devices are the former, smuggling should be pretty trivial. If the latter, I'd want to hear a very convincing account of how the re-allocation of equipment was hidden from them. It certainly wouldn't be impossible to keep a device from phoning home(software pirates do that sort of thing routinely, and there are other proxying and such tricks that could theoretically be used); but if Blue Coat knew that serial #s X,Y,Z were routinely phoning in for updates from IPs in Syria, and just sort of whistled a happy tune, they are't exactly blameless.

    According to the whitepaper for their "Webpulse" 'cloud-based infrastructure', which appears to be integrated into their various perimeter security appliances, their devices are in more or less constant contact with them, and data including unclassifed URLs and binaries may be sent back to them from the security appliances for analysis and the release of detection rulesets to the customerbase.

    Unless Syria was running some sneaky scheme for cloaking the location of their Blue Coat devices, or was turning off their most marketed features and running them dumb, Blue Coat should have been well aware of what was going on, and roughly where...

  3. Re:to be fair by Ethanol-fueled · · Score: 3, Interesting

    1. How "3rd party" are the 3rd parties? Shit does get smuggled sometimes; but people have been known to wink that their Dubai based VARs so long as the money is there...Blue Coat should have been well aware of what was going on, and roughly where...

    Hey, that rhymes. What you stated also happens all the time. When shadowy new laws designed to enrich US arms dealers are knee-jerkedly signed in times of war, the arms components suppliers wink at their middlemen in South America or the Middle East, who wink back at them saying "no, these ITAR-controlled components will most certainly not be resold to Cuba, Iran, North Korea, Sudan or Syria! Wink wink."

    Then the US gubmint finds out and fines the hell out of, say, Lockheed Martin. Lockheed Martin, in turn, says that they had no idea that the components were to be sold to Syria and cites a twisted interpretation of said shadowy US war law.

  4. Re:to be fair by Dunbal · · Score: 2

    smuggling hardware into a banned country

    What? Person A purchase from the US and ships to a a friendly non-US country. Person B buys it there and ships it to a neutral country. Person C sells it to a Syrian who then imports it from the neutral country. And it's all perfectly legal. Wait, you presume that US laws should apply to everyone in the whole world? You can't even get your own TSA to listen to your laws.

    --
    Seven puppies were harmed during the making of this post.
  5. BS alert by TheGratefulNet · · Score: 2

    quoting:

    Blue Coat told The Wall Street Journal the appliances were transmitting automatic status messages back to the company as the devices censored the Syrian Web. Blue Coat says it doesn't monitor where such "heartbeat" messages originate from.

    I call BS.

    who, here, believes the company goes to the trouble of having the appliances phone home and yet does not scrutinize every bit of info that comes back, *especially* what subnets and routes its connected to?

    shit, man, if I was the company, *I* would do such things and I'm one of the good guys. there's no way a vendor would not want to see data and look for things that are not registered or show up all of a sudden, etc. the license fees are not insignificant (I'm guessing, but its a fair guess) and so any new box would cause an alarm. again, I would do this and I'm not even in this business.

    --

    --
    "It is now safe to switch off your computer."
  6. Re:to be fair by Ethanol-fueled · · Score: 3, Interesting

    That's what ITAR is supposed to address.

    Shortly after a close friend *cough, cough* was hired at a company I don't work for *cough cough* The HR manager gave a brief powerpoint summary of ITAR, then went on to say^W tell him with an evil grin, "But we have ways of getting around that." According to those rules, there are 5 countries on our government's shit-list that we never sell to: Cuba, Iran, North Korea, Sudan, and Syria. For many others, requests have to be filed and delays of months are not unheard of. It's how the State Department plays favorites.

    Besides using third-party "export firms" for the deals, simpler tricks may be played - playing games with serial numbers, for example. The subject of any serious ITAR-compliant transaction also may include Customs opening up the gadget in question, to ensure nobody's smuggling coke or setting them up the bomb.

  7. Re:Misplaced Priorities? by voss · · Score: 2

    Actually 18 US states allow first cousin marriages which has nothing to do with islamic law. In fact cousin marriage was legal in all US states prior to the civil war.

    http://en.wikipedia.org/wiki/Cousin_marriage

  8. Re:Sale may require full transfer of terms by perpenso · · Score: 2

    and that any party you sell it to also agree to these terms.

    And such countries that recognize the right of first sale render said contract null and void. You cannot bind third parties (or fourth or fifth parties) to your contract, especially when they reside/operate in a country far away from where the contract was signed.

    It is the seller that is restricted, if the other party can not be bound then the seller can not sell.