Syrian Malware Servers Survive, Then Die

← Back to Stories (view on slashdot.org)

Syrian Malware Servers Survive, Then Die

Posted by Soulskill on Friday November 30, 2012 @09:10AM from the like-most-things dept.

Nerval's Lobster writes "A massive outage knocked Syria's Internet offline Nov. 29 — with the exception of five servers implicated in serving malware earlier this year. But the next day, those five servers went dark as well. Internet analytics firm Renesys suggested late Nov. 29 that those five servers were likely offshore. 'Now, there are a few Syrian networks that are still connected to the Internet, still reachable by traceroutes, and indeed still hosting Syrian content,' the company wrote in a blog post. 'These are five networks that use Syrian-registered IP space, but the originator of the routes is actually Tata Communications. These are potentially offshore, rather than domestic, and perhaps not subject to whatever killswitch was thrown today within Syria.' By the morning of Nov. 30, those five servers went offline. 'The last 5 networks belonging to Syria, a set of smaller netblocks previously advertised by Tata Communications, have been torn down and are no longer routed,' Renesys wrote." CloudFlare has a blog post confirming that the Syrian government was responsible for flipping the switch, contrary to their claims. Meanwhile, Anonymous has started targeting the Syrian government's remaining websites and helping to get communications channels flowing out of Syria. Google is reminding people of its Speak2Tweet service, which lets people post to Twitter through voicemail over still-functioning phone lines.

23 comments

Min score:

Reason:

Sort:

Netcraft confirms it: by Anonymous Coward · 2012-11-30 09:20 · Score: 1

Syria is dead.
1. Re:Netcraft confirms it: by jonadab · 2012-12-01 11:24 · Score: 1
  
  Syria has always been dead. In no public or private utterance can it be admitted that situation has at any time been otherwise. Officially the change of status has never happened. Netcraft has confirmed that Syria is dead: therefore, Netcraft has always confirmed that Syria is dead, and thus Syria has always been dead. The failing third-world government of the moment always represents absolute evil, and thus it follows that any past or future situation in which that government might not be failing is impossible.
  
  --
  Cut that out, or I will ship you to Norilsk in a box.
2. Re:Netcraft confirms it: by jonadab · 2012-12-01 11:30 · Score: 1
  
  Just in case someone feels like being an idiot and taking my little allusion for more than the small bit of attempted humor that it is, I should probably clarify: I am not even remotely interested in taking sides in the current conflict in Syria. Please don't try to read anything political into my above post. It wasn't intended that way. It's just supposed to be silly and funny, that's all. Thanks.
  
  --
  Cut that out, or I will ship you to Norilsk in a box.
Well they're obviously by Chrisq · 2012-11-30 09:22 · Score: 0

Well they're obviously te Syrian suicide-bomb servers.
Distributed/ad hoc internetworking by Toe,+The · 2012-11-30 09:32 · Score: 3, Interesting

I've heard of ideas and even projects for ad hoc internetworking and/or phone networking. In these, there is no authoritative routing, but rather meshes of individual nodes (perhaps with uplinks to the "regular" internet/network).
Obviously there are enormous obstacles to developing such a thing. It's hard; it's fragile; it's messy; it's confusing to the user; and it's not profitable.
But when we read stories like this... shouldn't we give it some more thought?
1. Re:Distributed/ad hoc internetworking by timeOday · 2012-11-30 11:49 · Score: 1
  
  I actually think it would help immensely if such a service were not anonymous, and (by convention) limited to short text messages - basically like twitter. This is for two reasons, first, I simply don't think people will get excited about being mules for who knows what data payload; and second, a protocol reliant on happenstance proximity of cellphones towards an unknown exit node will be plenty slow and inefficient, even BEFORE intentionally routing it every which way for anonymity. I just don't think it's the right medium for smuggling out videos of atrocities or tactical information; for that, hand off usb sticks to trusted messengers, or whatever it is terrorists do. (I am not saying only terrorists have a need to communicate secretly and securely, only that the situation is the same whether you are rightly considered a "good guy" or a "bad guy.")
2. Re:Distributed/ad hoc internetworking by jonadab · 2012-12-01 12:02 · Score: 1
  
  I've given the notion quite a bit of thought, and I eventually concluded, somewhat reluctantly, that it's not practicable on a large scale, for fundamental reasons that have nothing to do with any specific design or protocol that might be attempted.
  
  However, there are usually ways to get information in or out of a place that's disconnected from the internet for whatever reason. Ultimately, if *any* kind of communication in or out of the country is possible, somebody can use it indirectly to get information to or from the internet.
  
  Communication mechanisms that would work for this include, but are not limited to, the following: traditional phone lines; cables of any kind that cross the border, even if they were intended to carry power; satellite phones, or any other kind of bi-directional satellite link; radio transceivers, short-wave or otherwise; any postal service that delivers international mail, whether it's private or public; any location where it's possible for a person to cross the border, legally or otherwise; carrier pigeon; heliography; smoke signals; slips of paper in sealed glass or plastic bottles floating across the Mediterranean Sea; slips of paper in metal containers hurled across the border with trebuchets; words spelled out in fields using rocks and sticks, viewable by anybody with satellites or planes; messages can be dropped into the country from planes, either in robust containers or with parachutes; I'm sure there are other ways not listed here.
  
  None of this requires a networking protocol in any normal sense of that term. The message only has to get through to somebody who is willing to pass it along, and they can do so. Outbound messages, once picked up by anyone, can be spread via the regular internet, no problem. Is there one person anywhere outside Syria who's willing to post the stuff on Twitter? Similarly, inbound messages, once received within the country, can be communicated via whatever mechanisms people are using to communicate within the country, even if they can't reach the outside that way.
  
  Traditionally, one really common way to get information _into_ a geopolitical area where the local government is uncooperative is via radio, because the hard part of radio is the transmitter, and you can use one that's well outside the jurisdiction in question and transmit across the border. People on the inside just need cheap battery-operated transistor radios, which are remarkably difficult for the government to hunt down and eliminate. Jamming is of limited practicality, especially if the sending station is fairly powerful: you can jam it in a small area, but trying to jam it nationwide, if it's a strong signal, is very difficult. VOA is one example of an organization that has been doing this for decades.
  
  The harder part is getting information _out_ of the place. Traditional radio transmitters give away their position, so ones inside the country are relatively easy for the government to shut down (if they have effective control of the whole country, which admittedly may not currently be the case in Syria). However, it's possible to narrow-cast radio waves directionally, aiming for a particular known receiver, which I think may be approximately what satphones do. That would be harder to stop. In the case of Syria, though, I'm pretty sure both sides in this conflict have vehicular transport, so the easiest thing may just be to send couriers across the border (e.g., into Turkey or Jordan or maybe even Lebanon, which I think is not real far from Damascus) and send the message from there.
  
  --
  Cut that out, or I will ship you to Norilsk in a box.
nothing "confirmed" by Anonymous Coward · 2012-11-30 09:45 · Score: 1

Anyone knowing anything about BGP and stuff can tell that there are no more facts than this:
All IP ranges behind AS29386 seem to be offline.
Other than that, all we have is speculation. Cloudflame is in no position to "confirm" something.
It could be this way, it could be another way around.
It would not surprise me if some stupid gov shut of parts of internet. But in this case even the Syrian official TV channel had no internet and their daily press overview programme was forced to use only papers.
Also of note: this NYT piece makes it quite clear that it is in US interests not allow Syrian internet presence.
Good news for IPv4! by pepsikid · 2012-11-30 09:48 · Score: 5, Funny

Ya know what I think? I think we just freed up 84 unused netblocks for the rest of the Internet to use.
1. Re:Good news for IPv4! by Anonymous Coward · 2012-11-30 21:52 · Score: 0
  
  Ya know what I think? I think we just freed up 84 unused netblocks for the rest of the Internet to use.
  Well, that was stupid. How funny would that be if all the US netblocks were freed for the rest of internet? Haha!
  And I would love to see those morons who modded that up...
2. Re:Good news for IPv4! by Anonymous Coward · 2012-12-01 05:45 · Score: 0
  
  Actually, that would be a good thing, as everybody would then be forced to move to IPv6
Now why would the Syrian government want to.... by 3seas · 2012-11-30 10:11 · Score: 1

...commit genocide?
They know the world is watching and there are always ways of communicating around such a blackout, but the majority of people who'd speak up in disgust of what the government is apparently planning are not going to see it.
Its like news media hitting the mass market, only here it the sources of real news.
1. Re:Now why would the Syrian government want to.... by Threni · 2012-11-30 11:49 · Score: 2
  
  Nobody cares what is happening in Syria. Think of all the headlines of the last few years about Libya, Egypt, Iraq etc etc. It's in the news for a few days/weeks then the focus of attention moves elsewhere. X killed, Y removed from power, Rebels are fighting government forces in Z. The internet is up, the internet is down, bloggers tweet about blah blah. So it goes on. Not saying it's not important to people in that area, or who know people who are affected. But people watch the news, generally, for entertainment, not facts. This story is only on Slashdot because of the internet angle. Currently it has 10 comments or so. I don't see it picking too many more up.
2. Re:Now why would the Syrian government want to.... by Anonymous Coward · 2012-11-30 21:55 · Score: 0
  
  Exactly my point. It makes no sense that .sy gov cut themselves off.
  They are trying hard to make their side of the story heard, so it makes simply no sense at all.
  And while we are at that: If the Syrian government had any KILL switch, then you can be pretty sure it would kill ALL AS numbers and BGP routes leading to/from Syria. This is no Luxembourg!
3. Re:Now why would the Syrian government want to.... by Immerial · 2012-12-01 02:07 · Score: 1
  
  It is clear that it was done deliberately by Syria... FTFA "In order for a whole-country outage, all four of these cables would have had to been cut simultaneously. That is unlikely to have happened."
  My worst fear is that they are going to try either chemical weapons or indiscriminate slaughter (whole towns/cities/women/children/refugees). If those reports got out they would lose what little international support they have from Russia and China, and that would basically be it. All the nations would swoop in with actual forces instead of sitting back and debating sanctions, giving of weapons, etc.
  It sounds like this is the end game for Assad. One last major chance to do so much damage that he and his supporters are the last ones standing when the curtains go back up.
Speak to tweet? by jeffmeden · 2012-11-30 10:20 · Score: 2

Is this really a thing? A service where your voice gets turned into an anonymized URL and posted to a generic twitter handle? Sounds productive... I wish Google would remind people that when phone lines work, maybe call a PERSON and make REAL contact, don't just shout into the void. This twitter obsession is nuts.
1. Re:Speak to tweet? by valkraider · 2012-11-30 11:08 · Score: 1
  
  I don't like Twitter either. But a single tweet can reach hundreds, thousands, or even millions of people. When you call a person, you reach - well - that person. I say we need Speak to Slashdot. ;)
XS4ALL also provides dial-up internet access by Anonymous Coward · 2012-11-30 11:58 · Score: 0

For Syrian users: Internet dialup access: +31205350535 user: xs4all password: xs4all (https://twitter.com/xs4all/status/274635064212598784)
Thats a reason, why all people should prefer by someones · 2012-11-30 12:00 · Score: 2

Thats a reason, why all people should prefer small autonomous over global decentralised over centralised networks for communication.
Killing off one centralised service is easy.
If you have enought control, you can even cut a global decentralised network into 2 or more.
But try killing off 100000 of small autonomous networks - if they are not even known - and noone knows them all - , how should they be killed?
1. Re:Thats a reason, why all people should prefer by Anonymous Coward · 2012-11-30 14:37 · Score: 1
  
  And what are, the downsides? I can't think of, any at all, he said sarcastically and with random commas.
Re: UUCP (Distributed/ad hoc internetworking) by Anonymous Coward · 2012-12-02 10:47 · Score: 0

Back in the day, I used to install and administer UUCP. gecalma.uucp ... ampex.uucp ... unet.uucp ... etc. I may still have some old business cards that have a UUCP email address on them - back when nobody knew what email addresses were, before .COM and .GOV and .ORG existed. Who remembers ptsfa.uucp?
A lot of people relied upon UUCP to get the message there. The Catholic Church in Florida used UUCP to interconnect all of their churches in the state of Florida, for instance, and published their connections to the appropriate newsgroups so that they could be mapped.
Modem protocols are still found buried in SMS, if I recall correctly - I'm a systems administrator, Jim, not a telecommunications engineer, but I have noticed and recognized those familiar AT command sequences, here and there, even today, 40 years later.
I'm pretty confident I could build a turnkey CDROM-based release of FreeBSD that did nothing but install a robust UUCP server - I've done it before, except it was an Apache server, not UUCP. It would take me about six months, I estimate.
Many laptops still have modem ports. An old laptop would make a dandy UUCP node - plugged into an UPS, hotwired to a car battery, pulling maybe 30 watts, it would run for weeks.
Alas, I have a family to provide for, and can't afford to take six months or a year off to develop this project/product. I estimate funding this development effort over one year's time - 12 months - would cost me ~$60K.
Suggestions on how to achieve this funding would be appreciated.
Authentication word: "player"