Syria’s Throwing of the Internet Kill Switch Raises Lots of Questions
The folks at Renesys, who were the first to notice that something was amiss with the telecom infrastructure of the war-torn Middle Eastern nation, have been hard at work sifting through their data — and they’ve found something interesting.
At least five networks operating outside Syria, but still operating within Syrian-registered IP address spaces, are still working, and are apparently controlled by India’s Tata Communications.
These same networks, Renesys says, have some servers running on them that were implicated in an attempt to deliver Trojans and other malware to Syrian activists. The payload was a fake “Skype Encryption Tool” — which is, on its face, kind of silly, because Skype itself is already encrypted to some degree — that was actually a spying tool. The Electronic Frontier Foundation covered the attempted cyber attack at the time.
Cloudflare has also been monitoring the situation in Syria and has made a few interesting observations.
First, pretty much all Internet access in the country is funneled through one point: The state-run, state-controlled Syrian Telecommunications Establishment. The companies that provide this capacity running into the country are PCCW and Turk Telekom as the primary providers, with Telecom Italia and Tata providing additional capacity.
There are, Cloudflare notes, four physical cables that bring Internet connectivity into Syria. Three of them are undersea cables that land in the coastal city of Tartus. A fourth comes in from Turkey to the north. Cloudflare’s Matt Prince says it’s unlikely that the cables were physically cut.
Cloudflare put together a video of what it looked like watching the changes in the routing tables happen live. It’s less than two minutes long.
So the question is: Why now? Clearly, the Syrian regime is under more pressure than ever before. Previously, it tended to view the country’s Internet as a tool to not only get its own word out to the wider world, but also to try and spy on and monitor the activities of the rebels and activists.
With fighting intensifying in and around the capital and the commercial city of Aleppo, the decision to throw the kill switch might indicate a decision to try to disrupt enemy communications. Or it might mask a seriously aggressive military action that it wants to keep as secret as possible. We don’t know yet.