Syria ramps up cyber mining to target activists

While web surveillance is far from a new issue in Syria, it appears that under the current state of insecurity the Assad government is raising surveillance to the next level, militarizing the web and using the internet as a tool to target and punish opponents of the government.

Just last week, EFF reported a new Trojan bug, concealed in a Skype message with supposed information regarding a plan meant to spark the interest of dissidents. Once the Trojan called DarkComet RAT is installed on a computer, a remote administrator can capture webcam activity, disable antivirus program notifications, record keystrokes, steal passwords, and more. The fact that all the collected data appears to be sent to only one IP address leads many to believe that the government is behind the bug. More common ways in which the Syrian government is monitoring are through blocking access to social networking sites, as well as filtering or disrupting systems in heavy use, maintained by its very sophisticated and robust system developed by U.S.-based Blue Coat Technologies. The traffic that does manage to get past these filters is probably monitored.

There is no evidence that Damascus is slowing access to the web or slowing access speed, as they have in the past – perhaps all the more concerning, given the evidence that they are collecting unlimited amounts of private information. The risks are high that with the information the Assad government is able to collect, an incident similar to that involving British journalist Sean McAllister from last fall, where his underground sources were exposed due to carelessness in encrypting research files, could happen again. McAllister’s sources have since either disappeared or fled.

Some Syrian groups, such as the Free Syrian Computer Society, suggest ways to circumvent surveillance, reminding users to check for a secure connection and to use Tor, a VPN, and proxies whenever possible. However, even more net savvy users should take caution as malicious software has also been found on rogue copies of trusted internet proxy software applications such as Green Simurgh.

The open web has been the most critical informant of the current unrest in Syria, a country that is essentially a war zone but that still remains closed off to foreign reporters. Activist groups like the Local Coordination Committee, the Syrian Observatory of Human Rights, SHAMSNN, as well as other users on social media sites are vital. At the same time, Syrians need to become even more vigilant regarding their web activity. As EFF’s Eva Galperin puts it:

It’s very easy when you’re leaving the house every day and you’re simply risking your life by stepping out onto the street to think ‘Well, they’re spying on me anyway, so I should take no precautions.’ To that I say it’s extremely important to take precautions. It’s one thing to say the government can spy on you; it’s quite another to make it easy for them to do so. Don’t make it easy for them.