[liberationtech] Blue Coat and Syria

[Jacob Appelbaum]

On 10/15/2011 05:47 PM, Aaron Huslage wrote:
> Has anyone considered the possibility that these boxes were procured on the
> (rather substantial) grey market that exists for network hardware? It also
> seems to me that it would be trivially easy for any entity to buy a bunch of
> network gear and have it shipped to a non-embargoed country where it is then
> taken legally into Syria.
> 

The devices in question are not very old, I think they were probably
brand new.

> You could even have service contracts on the stuff. No one would be the
> wiser. It's not like companies check up on the location of every box they
> sell.
> 

They phone home and Bluecoat knows the geoip location as part of their
analytics service. Additionally the IP addresses of these servers are on
known Syrian IP addresses.

> It doesn't take much imagination to see that BlueCoat isn't selling anything
> to Syria directly...in the least, plausible deniability is intact.
> 

Your thoughts are speculation and while reasonable, I see no evidence to
support it.

The evidence shows that there are Bluecoat devices in Syria. These
devices are running on Syrian IP addresses, phoning home to BlueCoat's
services and servers from Syria in a very detectable manner. All the
while Bluecoat denies it all and looks absolutely foolish.

In addition, these devices have had upgrades in the last year. Bluecoat
has a direct hand in these matters and those in Syria aren't even
bothering to cover their tracks.

All the best,
Jake