Syria Dropping Off The Internet In 2012 Was Result Of NSA Hack Gone Wrong, Not Syrian Government

from the because-of-course-it-was dept

You may recall that, back in 2012, Syria suddenly dropped off the face of the internet. It actually happened twice. There was all sorts of speculation about how it happened.
At the time, Cloudflare's analysis was one of the most thorough, noting that it almost certainly "was done through updates in router configurations" rather than a physical failure or a cable cut or something. Of course, everyone assumed that it was the Syrian government, trying to cut off access to the outside world.

However, in James Bamford's big Wired article about Ed Snowden, Snowden reveals it was actually an NSA hack gone wrong:
One day an intelligence officer told him that TAO—a division of NSA hackers—had attempted in 2012 to remotely install an exploit in one of the core routers at a major Internet service provider in Syria, which was in the midst of a prolonged civil war. This would have given the NSA access to email and other Internet traffic from much of the country. But something went wrong, and the router was bricked instead—rendered totally inoperable. The failure of this router caused Syria to suddenly lose all connection to the Internet—although the public didn't know that the US government was responsible. (This is the first time the claim has been revealed.)

Inside the TAO operations center, the panicked government hackers had what Snowden calls an “oh shit” moment. They raced to remotely repair the router, desperate to cover their tracks and prevent the Syrians from discovering the sophisticated infiltration software used to access the network. But because the router was bricked, they were powerless to fix the problem.

Fortunately for the NSA, the Syrians were apparently more focused on restoring the nation’s Internet than on tracking down the cause of the outage. Back at TAO’s operations center, the tension was broken with a joke that contained more than a little truth: “If we get caught, we can always point the finger at Israel.”
Thus, it appears that Cloudflare's speculation that it was done as a router update was entirely correct -- just that no one realized it was the NSA that was updating the routers, rather than the Syrians.

Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Anonymous Coward, Aug 13th, 2014 @ 12:31pm

    In the words of Stephen Colbert

    TAO are a bunch of "Blame Israel Firsters!"

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Anonymous Coward, Aug 13th, 2014 @ 12:43pm

    i'm waiting to see how long it takes for Erdigan in Turkey to start the same shit Assad did. he's already had Facebook blocked. what do the citizens think he'll do when there is some sort of rebellion to his laws and how he wants the way of life to be? i think the Turks are going to be in for some bad happenings in the near future. shame!

     

    reply to this | link to this | view in thread ]

  3.  
    icon
    Toestubber (profile), Aug 13th, 2014 @ 12:48pm

    Re:

    Somebody didn't read the article.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Anonymous Coward, Aug 13th, 2014 @ 1:05pm

    Either way, it was by the hands of a rogue state.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Coward, Aug 13th, 2014 @ 1:08pm

    Bye Bye, Cisco

    I think if were an ISP running Cisco routers I'd be looking for something else. Having the NSA tap your network is one thing. You can always just play stupid about that. Having them brick your network is a whole other thing.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, Aug 13th, 2014 @ 1:10pm

    Re: Bye Bye, Cisco

    Oops, "I think if I were..."

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Coward, Aug 13th, 2014 @ 1:20pm

    Re: Bye Bye, Cisco

    Another economic victim of the NSA.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Anonymous Coward, Aug 13th, 2014 @ 1:28pm

    I think I'm turning Japanese

    One month previous to this outage, Defense Secretary Panetta was warning of a future "cyber Pearl Harbor". ( http://www.defense.gov/transcripts/transcript.aspx?transcriptid=5136 ). He forgot to mention that we'd be playing the part of the Japanese in this Pearl Harbor re-enactment.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Anonymous Coward, Aug 13th, 2014 @ 1:40pm

    What happens when they strick back?

    When would it be acceptable in war for a country to strike back at the US? How many crooked things like this can our government pull on other countries before our civilians become justified targets?

    Nothing like constantly pissing off the very people we want nothing to do with.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    mcinsand, Aug 13th, 2014 @ 1:57pm

    Re: I think I'm turning Japanese

    Did you really have to use that title? Although I liked the song then and now, it's catchy enough to take hours to get out of your head.

     

    reply to this | link to this | view in thread ]

  11.  
    icon
    nasch (profile), Aug 13th, 2014 @ 2:09pm

    Re: What happens when they strick back?

    When would it be acceptable in war for a country to strike back at the US?

    I think any attack on the US would be labeled terrorism or war crimes.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, Aug 13th, 2014 @ 2:24pm

    This is funny, in a gallows humor kind of way. Everyone is worried about governments wanting to deploy an "internet kill switch", and then the NSA does it by accident.

     

    reply to this | link to this | view in thread ]

  13.  
    icon
    Violated (profile), Aug 13th, 2014 @ 2:43pm

    That incident sounds like a Cyber War attack even if it was an accident which makes it lucky that Syria did not take down United States Governmental services, or worse, even if they may lack that technology.

    So the US terror campaign against the on-line world continues one country at a time.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Monkyyy, Aug 13th, 2014 @ 4:25pm

    ANd if this happens here; do do I "downgrade" my router?

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Zem, Aug 13th, 2014 @ 4:36pm

    Had to say it.

    The american cyberattack was routed.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, Aug 13th, 2014 @ 4:39pm

    The Syrian Gov. fell on the NSA's sword. They took all the blame for something they didn't do. Wonderful...

     

    reply to this | link to this | view in thread ]

  17.  
    icon
    Patrick (profile), Aug 14th, 2014 @ 12:19am

    So an entire country's internet went through one router?

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Anonymous Coward, Aug 14th, 2014 @ 1:48am

    And who is the routers' manufacturer? Would you be nice enough to inform the public?

    I just need to know what to avoid in hardware store.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    ryuugami, Aug 14th, 2014 @ 2:16am

    Re: Re:

    Or even the headline.

     

    reply to this | link to this | view in thread ]

  20.  
    icon
    nasch (profile), Aug 14th, 2014 @ 6:43am

    Re:


    I just need to know what to avoid in hardware store.


    You suppose the one on the next shelf is NSA-proof?

     

    reply to this | link to this | view in thread ]

  21.  
    icon
    LduN (profile), Aug 14th, 2014 @ 7:28am

    Syria was using a central 5 year old Belkin router for their internets... turns out that it wasn't even a hack, just cheapness

     

    reply to this | link to this | view in thread ]

  22.  
    icon
    John Fenderson (profile), Aug 14th, 2014 @ 8:49am

    Re:

    It's possible.

    In 2011, Syria had a bit under 5 million internet users. A single high-capacity, multigigabit router could handle that. Although one would think they'd have more than one for redundancy purposes if nothing else. It might be the case that the NSA was installing software on all (both?) of the routers simultaneously and bricked them all, or that their failover mechanism, umm, failed.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
Advertisement
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
Advertisement
Recent Stories
Advertisement
Support Techdirt - Get Great Stuff!

Close

Email This

This feature is only available to registered users. Register or sign in to use it.