[liberationtech] Stephan Faris: The Hackers of Damascus – Businesweek

Tue Nov 27 12:00:44 PST 2012

Yosem: I couldn't agree more with you. And, I think along those lines we
should start thinking of pieces like Stephan's less as the endpoint and
more a spark for conversation -- a hypothesis, if you will, seeking
comment, relevant expertise, etc. I invited Stephan to share his response
for that very reason: so his thinking, and ours, could evolve.

There was once a movement called Precision
Journalism<http://www.unc.edu/~pmeyer/book/>that some of us interested
in changing how journalism works are dusting off
and revisiting. It's just what you describe, Yosem -- a method for aligning
journalistic inquiry and reportage with the scientific method. I hope the
platform I'm building <http://groundtruth.co> (code named GroundTruth for
now, but will be renamed soon), will be one tool in the precision
journalist's toolkit.

- Andrew

On Tue, Nov 27, 2012 at 1:47 PM, Yosem Companys <companys at stanford.edu>wrote:

> Yeah, though I would add that the points you raise, Jillian, apply to
> journalism in general.
>
> As an outsider, I find that journalists look to tell stories they find
> interesting via selective anecdotes.  But they would do better in most
> cases applying a scientific method to telling their stories (e.g., using
> the comparative approach, playing devil's advocate with their arguments and
> stating why competing explanations don't hold, questioning common sense
> causality, and backing up their pieces with scientific research).
>
> In the early 20th century, doing all of these things would have been quite
> an undertaking; in the 21st, all the media tools at our disposal make this
> a cinch.
>
> On Tue, Nov 27, 2012 at 11:37 AM, Jillian C. York <jilliancyork at gmail.com>wrote:
>
>> I really appreciate Stephan's comments here, but as an insider/outsider
>> (that is, someone working on this issue closely but who had absolutely
>> nothing to do with this particular story), I think that the concerns raised
>> are nonetheless valid.
>>
>> It's clear to me that there was no ill-intent on the part of the author,
>> but the simplification of networks by media is inherently problematic, in
>> that stories like this are then picked up by funders, government officials,
>> etc, looking for quick-and-dirty solutions.  While in this case, I don't
>> take issue with any of the actors Stephan focused on, I could offer up a
>> dozen prime examples where such oversimplification was indeed harmful or
>> counterproductive (James Ball's recent piece on circumvention tools<http://www.washingtonpost.com/world/national-security/online-tools-to-skirt-internet-censorship-overwhelmed-by-demand/2012/10/21/390457a2-082d-11e2-858a-5311df86ab04_story.html>in the WaPo comes to mind).
>>
>> If we are to move to a productive conclusion from this, I think it's the
>> need to inform journalists on *why* their simplifications can be so
>> problematic - which begs questions like, "who is this piece intended to
>> inform?" and "who will it actually inform?"
>>
>> Just my two cents,
>> Jillian
>>
>> On Tue, Nov 27, 2012 at 7:55 AM, Andrew Haeg <aohaeg at gmail.com> wrote:
>>
>>> I shared this thread thoughts with the author, Stephan (cc-ed here). And
>>> here's what he wrote and asked me to share with the group:
>>>
>>> "Interesting discussion. Having given it a little thought, it might be
>>> worth pointing out on the list that John and the other people I interviewed
>>> were careful to stress, several times over, that they were part of a larger
>>> community working in this space. Indeed, in reporting this piece I spoke to
>>> Syrian revolutionaries, international activists, a variety of hackers,
>>> people at think tanks and research institutions and so on. Some were
>>> comfortable to be mentioned. Others spoke to me on the explicit condition
>>> that they not be. In any case, for the purposes of telling what I hope was
>>> a compelling story, I finally decided to keep the focus on just one small
>>> slice of the Syrian cyberwar: a handful of representative figures who I
>>> thought a) illustrated some aspect of the large battle, b) had a direct
>>> role in the larger effort to neutralize the DarkComet malware and c) were
>>> willing to share their experiences under their real names. I don't think
>>> that decision detracts from the other, broader story of this battle as a
>>> community project. And it certainly doesn't prevent somebody else from
>>> telling the same tale from that perspective. Just my thoughts, if you don't
>>> mind passing them on (along with my email address for anybody who might
>>> want to continue this discussion directly). -s"
>>>
>>> As he says, feel free to respond directly to him with your thoughts.
>>>
>>> - Andrew
>>>
>>>
>>> On Mon, Nov 26, 2012 at 6:26 AM, John Scott-Railton <railton at ucla.edu>wrote:
>>>
>>>> Hi All,
>>>>
>>>> A few thoughts on the article. It uses a thread of one process of
>>>> dealing with malware and attacks in Syria to tell its story, and highlights
>>>> a couple of people who collaborate with each other and some of what they
>>>> have been doing.  It makes for an engaging read.  But for someone who reads
>>>> it and doesn't know the space this article could be read as suggesting that
>>>> this group of people is the only game in town.  It isn't.  By far.
>>>>
>>>>  The reality is decentralized, diverse and very collaborative.  A
>>>> community, in other words. And these communities are what make things
>>>> happen.  There are many networks of Syrians, technologists and folks in the
>>>> community of activists working on identifying and responding to malware and
>>>> other electronic attacks against the Syrian opposition. Or those working on
>>>> analyzing the techniques and tools of surveillance deployed at the network
>>>> level in SY.  The community process by which Dark Comet was first
>>>> identified after some false starts and unknown binaries first started
>>>> floating around the community are a great example. So was the later
>>>> discussion of Dark Comet and the ethical dimensions of the tool. Props to
>>>> TCX and their collaborators here, for example. There are many others who've
>>>> chosen to keep their names out of the media. The work of all of these
>>>> people contributes to all we know now, and serious progress on a lot of
>>>> fronts.
>>>>
>>>> A final note: I also wanted to acknowledge a particular person whose
>>>> name was surprisingly missing from the group specifically mentioned in the
>>>> Bloomberg piece, and who deserves credit for her role:  Eva
>>>> Galperin, International Freedom of Expression Coordinator  and prolific
>>>> blogger at EFF who will be familiar to many you as the co-author
>>>> with Morgan Marquis-Boire on every piece of blogging on SY malware that EFF
>>>> has posted to date.
>>>>
>>>> J
>>>>
>>>>
>>>> On Nov 15, 2012, at 12:02 PM, ilf <ilf at zeromail.org> wrote:
>>>>
>>>> http://www.businessweek.com/articles/2012-11-15/the-hackers-of-damascus
>>>>
>>>> Taymour Karim didn’t crack under interrogation. His Syrian captors beat
>>>> him with their fists, with their boots, with sticks, with chains, with the
>>>> butts of their Kalashnikovs. They hit him so hard they broke two of his
>>>> teeth and three of his ribs. They threatened to keep torturing him until he
>>>> died. “I believed I would never see the sun again,” he recalls. But Karim,
>>>> a 31-year-old doctor who had spent the previous months protesting against
>>>> the government in Damascus, refused to give up the names of his friends.
>>>>
>>>> It didn’t matter. His computer had already told all. “They knew
>>>> everything about me,” he says. “The people I talked to, the plans, the
>>>> dates, the stories of other people, every movement, every word I said
>>>> through Skype. They even knew the password of my Skype account.” At one
>>>> point during the interrogation, Karim was presented with a stack of more
>>>> than 1,000 pages of printouts, data from his Skype chats and files his
>>>> torturers had downloaded remotely using a malicious computer program to
>>>> penetrate his hard drive. “My computer was arrested before me,” he says.
>>>>
>>>> Much has been written about the rebellion in Syria: the protests, the
>>>> massacres, the car bombs, the house-to-house fighting. Tens of thousands
>>>> have been killed since the war began in early 2011. But the struggle for
>>>> the future of the country has also unfolded in another arena—on a
>>>> battleground of Facebook (FB) pages and YouTube accounts, of hacks and
>>>> counterhacks. Just as rival armies vie for air superiority, the two sides
>>>> of the Syrian civil war have spent much of the last year and a half locked
>>>> in a struggle to dominate the Internet. Pro-government hackers have
>>>> penetrated opposition websites and broken into the computers of Reuters
>>>> (TRI) and Al Jazeera to spread disinformation. On the other side, the
>>>> hacktivist group Anonymous has infiltrated at least 12 Syrian government
>>>> websites, including that of the Ministry of Defense, and released millions
>>>> of stolen e-mails.
>>>>
>>>> The Syrian conflict illustrates the extent to which the very tools that
>>>> rebels in the Middle East have employed to organize and sustain their
>>>> movements are now being used against them. It provides a glimpse of the
>>>> future of warfare, in which computer viruses and hacking techniques can be
>>>> as critical to weakening the enemy as bombs and bullets. Over the past
>>>> three months, I made contact with and interviewed by phone and e-mail
>>>> participants on both sides of the Syrian cyberwar. Their stories shed light
>>>> on a largely hidden aspect of a conflict with no end in sight—and show how
>>>> the Internet has become a weapon of war.
>>>>
>>>> The cyberwar in Syria began with a feint. On Feb. 8, 2011, just as the
>>>> Arab Spring was reaching a crescendo, the government in Damascus suddenly
>>>> reversed a long-standing ban on websites such as Facebook, Twitter,
>>>> YouTube, and the Arabic version of Wikipedia. It was an odd move for a
>>>> regime known for heavy-handed censorship; before the uprising, police
>>>> regularly arrested bloggers and raided Internet cafes. And it came at an
>>>> odd time. Less than a month earlier demonstrators in Tunisia, organizing
>>>> themselves using social networking services, forced their president to flee
>>>> the country after 23 years in office. Protesters in Egypt used the same
>>>> tools to stage protests that ultimately led to the end of Hosni Mubarak’s
>>>> 30-year rule. The outgoing regimes in both countries deployed riot police
>>>> and thugs and tried desperately to block the websites and accounts
>>>> affiliated with the revolutionaries. For a time, Egypt turned off the
>>>> Internet altogether.
>>>>
>>>> Syria, however, seemed to be taking the opposite tack. Just as
>>>> protesters were casting about for the means with which to organize and
>>>> broadcast their messages, the government appeared to be handing them the
>>>> keys.
>>>>
>>>> Dlshad Othman, a 25-year-old computer technician in Damascus,
>>>> immediately grew suspicious of the regime’s motives. Young, Kurdish, and
>>>> recently finished with his mandatory military service, Othman opposed
>>>> President Bashar al-Assad. Working for an Internet service provider, he
>>>> knew that Syria—like many other countries, including China, Iran, Saudi
>>>> Arabia, and Bahrain—controlled its citizens’ access to the Web. The same
>>>> technology the government used to censor websites allowed it to monitor
>>>> Internet traffic and intercept communications. Popular services such as
>>>> Facebook, Skype, Google Maps, and YouTube gave Syria’s revolutionaries
>>>> capabilities that until a couple of decades ago would have been available
>>>> only to the world’s most sophisticated militaries. But as long as Damascus
>>>> controlled the Internet, they’d be using these tools under the eye of the
>>>> government.
>>>>
>>>> Shortly after the Syrian revolution began in March 2011, Othman’s
>>>> political views cost him his job. He decided to dedicate himself full time
>>>> to the opposition, joining the Syrian Center for Media and Freedom of
>>>> Expression in Damascus to document violence against journalists in the
>>>> country. He also began teaching his fellow activists ways to stay safe
>>>> online. Othman instructed them how to encrypt e-mails and encouraged them
>>>> to use tools like Tor software, which enables anonymous Web browsing by
>>>> rerouting traffic through a series of distant servers. When Tor turned out
>>>> to be too slow to live-stream protests or scenes of government attacks
>>>> against civilians, Othman began purchasing accounts on virtual private
>>>> networks (VPNs) and sharing them with his friends and contacts. A VPN is
>>>> basically a tunnel inside the public Internet that allows users to
>>>> communicate in a secure fashion. For a monthly fee, you can buy access to
>>>> servers that create encrypted paths between computers; the VPN also
>>>> disguises the identities and locations of your machine and others on the
>>>> network. Spies can’t read e-mails sent via VPN, and they have a hard time
>>>> figuring out where they came from.
>>>>
>>>> Othman’s efforts worked at first, but very quickly Damascus blocked
>>>> off-the-shelf VPNs and upgraded its Internet filters in ways that made the
>>>> VPNs inoperative. By the summer of 2011, Othman had become frustrated with
>>>> the Western VPN providers, which he felt were too slow to adapt to the
>>>> government’s crackdowns. He bought space on outside servers, set up VPNs of
>>>> his own, and began actively managing them to make sure safe connections
>>>> remained available.
>>>>
>>>> Othman was still training and equipping activists in October 2011 when
>>>> he made a nearly fatal mistake. He gave an on-camera interview to a British
>>>> journalist who was later arrested with the footage on his laptop. Warned by
>>>> a friend through a Facebook message, Othman turned off his phone, removed
>>>> its SIM card—a precaution to avoid being tracked—and hid in a friend’s
>>>> Damascus apartment. He never went home. A month and a half later, at the
>>>> urging of activists who worried his arrest would compromise their entire
>>>> network, he escaped across the border to Lebanon. “I had been a source of
>>>> safety for my friends,” he says. “I didn’t want to become a source of
>>>> danger.”
>>>>
>>>> The struggle for Syria has transcended borders. In early 2011, from his
>>>> office at the University of California at Los Angeles, John Scott-Railton,
>>>> a 29-year-old graduate student in Urban Planning, joined the revolutions in
>>>> North Africa and the Middle East. Scott-Railton, working on a dissertation
>>>> on how poor communities in Senegal were adapting to climate change, had
>>>> spent time in Egypt and had close friends there. When revolutionaries in
>>>> Cairo occupied Tahrir Square, he set his studies aside. Working through his
>>>> contacts in the country, he helped Egyptians evade Internet censors and get
>>>> their message out to the world by calling protesters on the phone,
>>>> interviewing them, and publishing their views on Twitter. Later, when the
>>>> Arab Spring spread to Libya, he did the same, this time working with
>>>> Libyans in the diaspora to broaden his reach.
>>>>
>>>> In Syria, Scott-Railton recognized that the task would be different.
>>>> Once Assad’s government lifted restrictions on the Internet, activists were
>>>> having little trouble getting their voices heard; graphic videos alleging
>>>> government atrocities were lighting up Facebook and YouTube. The challenge
>>>> would be keeping them safe. “If we’re going to talk about how important the
>>>> Internet has been in the Arab Spring, we need to think about how it also
>>>> brings a whole new set of vulnerabilities,” says Scott-Railton. “Otherwise,
>>>> we’re going to be much too optimistic about what can be done.”
>>>>
>>>> The first documented attack in the Syrian cyberwar took place in early
>>>> May 2011, some two months after the start of the uprising. It was a clumsy
>>>> one. Users who tried to access Facebook in Syria were presented with a fake
>>>> security certificate that triggered a warning on most browsers. People who
>>>> ignored it and logged in would be giving up their user name and password,
>>>> and with them, their private messages and contacts.
>>>>
>>>> In response, Scott-Railton began nurturing contacts in the Syrian
>>>> opposition, people like Othman with wide networks of their own. “It wasn’t
>>>> that different from the strategy I had worked out in Libya: Figure out who
>>>> was trustworthy and then slowly build up,” he says. In the meantime, he
>>>> contacted security teams at major American technology companies whom he
>>>> could alert when an attack was detected. Scott-Railton declined to name
>>>> specific companies but confirmed he was in touch with security experts at
>>>> some of the biggest brand names. In the past year and a half,
>>>> pro-government hackers have successfully targeted Facebook pages, YouTube
>>>> accounts, and logins on Hotmail, Yahoo! (YHOO), Gmail, and Skype.
>>>>
>>>> Scott-Railton’s involvement in the Syrian cyberwar wasn’t high-tech.
>>>> Over several months, he set himself up as a bridge between two worlds,
>>>> passing reports of hacking on to various companies who could investigate
>>>> attacks on their users, take down bogus websites, and configure browsers to
>>>> flag suspect sites as potential threats.
>>>>
>>>> For Syrians, the system provided a quick, sure way to limit damage as
>>>> attempts to break into accounts affiliated with the opposition became more
>>>> sophisticated. For tech companies, it was an opportunity to address
>>>> violations as they happened—though those violations have also exposed the
>>>> vulnerabilities of some of the world’s most popular social networking
>>>> services.
>>>>
>>>> Facebook, which in 2011 responded to hacking attempts in Tunisia by
>>>> routing communications through an encrypted server and asking users to
>>>> identify friends when logging in, wouldn’t comment on what, if anything,
>>>> the company is doing in Syria. Contacted by Bloomberg Businessweek, a
>>>> spokesperson provided a statement saying: “Security is a top priority for
>>>> Facebook and we devote significant resources to helping people protect
>>>> their accounts and information, wherever they live and whatever the
>>>> circumstances. … We will respond quickly to reports—whether from formal or
>>>> informal channels—about worrying and problematic security threats from
>>>> groups, organizations and, on occasion, from governments.”
>>>>
>>>> As the war intensified, the cyberattacks waged by pro-government Syrian
>>>> hackers became more ambitious. In the weeks before his arrest in December
>>>> 2011, Karim, the young doctor, had begun to suspect his hard drive had been
>>>> compromised. His Internet bill—which in Syria varies according to the
>>>> traffic being used—had more than quadrupled, though he still isn’t sure
>>>> exactly how his computer was infected. He suspects the malware may have
>>>> been transmitted by a woman using the name Abeer who contacted him on Skype
>>>> last autumn and sent him photos of herself. Another possibility is a man
>>>> who sent Karim an Excel spreadsheet and said he could provide monetary
>>>> support for the revolution.
>>>>
>>>> In prison, Karim’s captors mentioned both people. His interrogators
>>>> knew about his high Internet bills, as well: “The policeman told me, ‘Do
>>>> you remember when you were talking to your friend and you told him you had
>>>> something wrong and paid a lot of money? At that time we were taking
>>>> information from your laptop.’ ”
>>>>
>>>> Before the Syrian revolution, Karim had never participated in politics.
>>>> “I would just go to work and then go home,” he says. But the Arab Spring
>>>> awakened something inside him, and when demonstrators gathered for a second
>>>> week of major demonstrations, Karim joined them. The first protest he
>>>> attended was also the first in which the regime deployed the army to crush
>>>> dissent, killing dozens of demonstrators across the country. Shortly
>>>> afterward, Karim signed up to man field hospitals, caring for wounded
>>>> activists. The worst injuries were from snipers, he recalls. “Sometimes
>>>> people would be shot in the back, and they’d be paralyzed. Sometimes we
>>>> found bullets in the face, and all the bones in the face were broken. When
>>>> we found people shot in the abdomen, sometimes we couldn’t do anything
>>>> because we didn’t have the proper equipment.”
>>>>
>>>> When it came to the Internet, Karim was typical of many of his fellow
>>>> activists: enthusiastic, naive, and all too often complacent where security
>>>> was concerned. “Sometimes we’d say to each other, ‘If there was no
>>>> Internet, there would be no revolution,’ ” he says.
>>>>
>>>> Just 18 percent of Syrians use the Internet, and government
>>>> restrictions along with sanctions by the U.S. and Europe have limited
>>>> Syrians’ access to updated software and antivirus programs. Karim
>>>> occasionally used the Tor application recommended by Othman but found the
>>>> connection too slow for video. A friend in Qatar sent him a link to a
>>>> secure VPN, but he wasn’t able to download the necessary software.
>>>>
>>>> On Dec. 25, 2011, Karim met with a group of doctors to put the final
>>>> touches on a plan to better coordinate the opposition’s field hospitals.
>>>> The next day he spoke with a friend on Skype and agreed to meet him to film
>>>> a Christmas video he hoped would be a show of unity between faiths. When he
>>>> left his safe house, the police were waiting for him. They knew where they
>>>> would find him and where he was going. “Skype was the best way for us, for
>>>> communication,” he says. “We heard that Skype was very safe and that nobody
>>>> can hack it, and there is no virus for Skype. But unfortunately, I was the
>>>> first victim of it.”
>>>>
>>>> In a statement to Bloomberg Businessweek, a spokesperson for Skype,
>>>> which is owned by Microsoft (MSFT), said, “Much like other Internet
>>>> communication tools with a very large user base—be it e-mail, IM, or
>>>> Voip—Skype has been used by persons with malicious intent to trick or
>>>> manipulate people into following nefarious links. … This is an ongoing,
>>>> industrywide issue faced by all peer-to-peer software companies. Skype is
>>>> committed to the safety and security of its users, and we are taking steps
>>>> to help protect them.”
>>>>
>>>> Karim spent 71 days in Syrian detention before being released on bail
>>>> pending a military trial. After his release he fled the country, sneaking
>>>> from village to village until he arrived in Jordan. There he discovered
>>>> that many other activists had been contacted by the woman named Abeer. A
>>>> few weeks after his release, he received a message from her on Facebook
>>>> offering to send him more pictures. He refused.
>>>>
>>>> In January 2012, less than a month after Karim’s arrest, Othman—by then
>>>> in Lebanon—came across a laptop belonging to an international aid worker.
>>>> The worker believed the laptop had been compromised. After making a
>>>> preliminary analysis, Othman sent an image of the entire hard drive to
>>>> Scott-Railton. Among the people Scott-Railton reached out to was a
>>>> dreadlocked New Zealander named Morgan Marquis-Boire, a security engineer
>>>> at Google (GOOG) in California. In his spare time, Marquis-Boire had begun
>>>> investigating cyberattacks on opposition figures in the Middle East after
>>>> being approached by activists who saw him speak at a conference. “I’m a
>>>> firm believer in the facilitation of freedom of expression on the
>>>> Internet,” he says. “The censorship that occurs when people are afraid to
>>>> speak is actually the most powerful type of censorship that’s available.”
>>>>
>>>> Marquis-Boire, 33, wasn’t the first person to analyze the infected hard
>>>> drive, but his examination was deep and thorough. The laptop, he
>>>> determined, had been successfully hacked three times in rapid succession.
>>>> The first piece of malware had arrived on Dec. 26, 2011, during the early
>>>> hours of Karim’s detention. It had been sent to the computer’s owner
>>>> through Karim’s Skype account, embedded in the proposal for the
>>>> coordination of field hospitals he had finalized the night before his
>>>> arrest.
>>>>
>>>> The malware, DarkComet, was a remote access “trojan.” It allowed its
>>>> sender to take screenshots of the victim’s computer, monitor her through
>>>> the video camera, and log what she typed. Every digital move the laptop’s
>>>> owner made was being recorded—and the reports were being routed back to an
>>>> IP address in Damascus.
>>>>
>>>> The network Scott-Railton had set up was faced with a new challenge.
>>>> The people behind the attacks were no longer casting a wide net and waiting
>>>> to see who they caught. They were specifically targeting revolutionaries
>>>> such as Karim and his contacts. Security experts at major tech companies
>>>> can restore access to hacked accounts or issue takedown orders when hackers
>>>> set up fake versions of their websites. But there’s little they can do for
>>>> a user whose computer has been captured by hackers.
>>>>
>>>> Scott-Railton and his collaborators began to study their opponent.
>>>> Syrians like Othman with close contacts to the opposition began gathering
>>>> suspicious files that might contain malware and funneling them to
>>>> Scott-Railton. He passed them on to Marquis-Boire, who published his
>>>> findings in blog posts for the Electronic Frontier Foundation, an advocacy
>>>> organization based in San Francisco that promotes civil liberties on the
>>>> Internet. A pattern soon emerged. The attacks used code widely available
>>>> online. In the case of the DarkComet trojan that had been sent from Karim’s
>>>> computer, the malware had been developed by a French hacker in his twenties
>>>> named Jean-Pierre Lesueur who offered it as a free download on his website.
>>>>
>>>> What made the hacks so effective was their deviousness. Malware was
>>>> discovered in a fake plan to help protesters besieged in the city of
>>>> Aleppo; in a purported proposal for the formation of a post-revolution
>>>> government; and on Web pages that claimed to show women being raped by
>>>> Syrian soldiers.
>>>>
>>>> Whenever possible, the people behind the attacks would use a
>>>> compromised account to spread the malware further. In April 2012, the
>>>> Facebook account of Burhan Ghalioun, then the head of the Syrian
>>>> opposition, was taken over and used to encourage his more than 6,000
>>>> followers to install a trojan mocked up to look like a security patch for
>>>> Facebook.
>>>>
>>>> Scott-Railton’s network allowed antivirus companies to update their
>>>> software so it would recognize the malware and warn Syrian activists. Once
>>>> Marquis-Boire identified DarkComet, a group of hackers who went by the name
>>>> Telecomix began putting pressure on its creator, Lesueur, to take it down.
>>>> In February 2012, less than a month after the trojan had been discovered,
>>>> he released a patch that would remove his program from an infected
>>>> computer. “i was totally shocked to see that the syrian gouv used my tool
>>>> to spy other people,” he wrote in a typo-laden post on his personal blog.
>>>> “Since now 4 years i code DarkComet for people that are interested about
>>>> security, people that wan’t to get an eye on what their childs doing on the
>>>> internet, for getting an eye to notified employees, to administrate their
>>>> own machines, for pen testing but NOT AS A WAR WEAPON.”
>>>>
>>>> In July, Lesueur took the program down altogether. The weapon that had
>>>> been launched from Karim’s computer—and very likely the one that landed him
>>>> in jail—had been disarmed.
>>>>
>>>> The cyberwar in Syria rages on. Othman and others like him spend hours
>>>> fending off attacks on their VPNs. He says he knows of at least two
>>>> activists who were detained and killed after their computers were
>>>> undermined. Scott-Railton continues to relay reports of compromised
>>>> accounts and fake Web pages to contacts in the tech industry. “Every day, I
>>>> get contacted by Syrians with security concerns,” he says. Marquis-Boire is
>>>> doing his best to trace the attacks back to their source.
>>>>
>>>> Since Karim’s release from detention and his escape from Syria earlier
>>>> this year, he has lived in Jordan. When he recently ran a scan on his new
>>>> computer, he found he had been infected once again. “I receive thousands of
>>>> e-mails, videos, and requests and images from activists and friends,” he
>>>> says. “And there are a lot of people who I don’t know who they are.” In
>>>> July the Syrian Electronic Army, a pro-government group, released what it
>>>> said were 11,000 user names and passwords of “NATO supporters,” meaning
>>>> members of the Syrian opposition.
>>>>
>>>> In October, I attempted to contact the Syrians involved in the
>>>> government’s cyberwar. Before doing so, I changed most of my passwords. I
>>>> set up two-step verification on my Gmail account, an extra layer of
>>>> security that makes it harder for hackers to take over an account remotely.
>>>> I installed the Tor Browser Bundle and updated the WordPress software on my
>>>> website. And then I dropped a line on Twitter to @Th3Pr0_SEA, an account
>>>> that describes itself as belonging to the leader of the Special Operations
>>>> Department of the Syrian Electronic Army, the most visible virtual actor on
>>>> the government side. @Th3Pr0_SEA wrote back soon after, and we agreed to
>>>> meet on Google Chat. Minutes later, somebody tried to reset the password of
>>>> my Yahoo Mail account.
>>>>
>>>> @Th3Pr0_SEA wouldn’t tell me much about himself. Two members of his
>>>> organization had been kidnapped and murdered by members of the opposition,
>>>> he said, after posting under their real names on Facebook. He told me he
>>>> had been a student when the uprising began. When I asked his religion, he
>>>> answered, “i’m Syrian :)”
>>>>
>>>> Researchers have described the Syrian Electronic Army as a
>>>> paramilitary-style group working in coordination with the country’s secret
>>>> services and linked to the Syrian Computer Society, a government
>>>> organization once headed by Assad himself before he became president. In
>>>> our chat, @Th3Pr0_SEA denied the connection, repeating the group’s claims
>>>> that it’s not an official entity and that its membership is unpaid,
>>>> motivated only by patriotism. When I asked why the group’s website was
>>>> hosted on servers owned by the Syrian Computer Society, he answered that
>>>> his group paid for the service. “If we host our website outside of Syria
>>>> servers, it will get deleted and probably hacked,” he wrote.
>>>>
>>>> Before I finished my interview with @Th3Pr0_SEA, I asked him whether he
>>>> had been the one who tried to reset my Yahoo password. He denied it. “i
>>>> think someone saw you,” he said, “when you talked me on twitter.” He also
>>>> told me, “there is a big surprise from Special Operations Department coming
>>>> soon, but i can’t tell you anything about it.”
>>>>
>>>> --
>>>> ilf
>>>>
>>>> Über 80 Millionen Deutsche benutzen keine Konsole. Klick dich nicht weg!
>>>>  -- Eine Initiative des Bundesamtes für Tastaturbenutzung
>>>> --
>>>> Unsubscribe, change to digest, or change password at:
>>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>>
>>>>
>>>> John Scott-Railton
>>>> www.johnscottrailton.com
>>>>
>>>> PGP key ID: 0x3e0ccb80778fe8d7
>>>> Fingerprint: FDBE BE29 A157 9881 34C7  8FA6 3E0C CB80 778F E8D7
>>>>
>>>>
>>>> --
>>>> Unsubscribe, change to digest, or change password at:
>>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>>
>>>
>>>
>>> --
>>> Unsubscribe, change to digest, or change password at:
>>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>>
>>
>>
>>
>> --
>> US: +1-857-891-4244 | NL: +31-657086088
>> site:  jilliancyork.com <http://jilliancyork.com/>* | *
>> twitter: @jilliancyork* *
>>
>> "We must not be afraid of dreaming the seemingly impossible if we want
>> the seemingly impossible to become a reality" - *Vaclav Havel*
>>
>>
>> --
>> Unsubscribe, change to digest, or change password at:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>>
>
>
> --
> Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20121127/775c2a8f/attachment.html>