Journal d'investigation en ligne et d'information‑hacking
par Rédaction

#BlueCoat spotted in #Syria once again

This is a translation in English by Syria News / Hacktivist (Thanks) available here of our initial paper in french. La mort, en bourse, c'est lucratif We were naively thinking that the US State Department (FR) had managed to decrease Blue Coat’s commercial zeal (FR). But what does a 2.8 million dollars fine represent for a company like Computerlink ? We now have the answer: nothing. We can already expect answers such as “it is not our fault” or “we could not know”.

This is a translation in English by Syria News / Hacktivist (Thanks) available here of our initial paper in french.

La mort, en bourse, c'est lucratif

We were naively thinking that the US State Department (FR) had managed to decrease Blue Coat’s commercial zeal (FR). But what does a 2.8 million dollars fine represent for a company like Computerlink ? We now have the answer: nothing. We can already expect answers such as “it is not our fault” or “we could not know”. It however makes no doubt that they knew it, as this has already been explained and demonstrated. As usual, we are thus now waiting patiently for a Blue Coat denial quickly followed by a confession. Let’s however address right now the possible “we could not know” answer they could give.

Today, a message on IRC attracted our attention over a Pastebin page. This page shows the presence of not less than 34 Blue Coat appliances, which is way more than the number BlueCoat initially confessed for, pretending they could not know how they arrived there.

Blue Coat knows exactly the number of active appliances on the Syrian soil, because their devices contact the firm’s servers as soon as there is a software or filtering list update. Hence, the firm must have seen not less than 34 connections from Syrian IP addresses in their update servers’ logs. And we already know how these devices are used by Syrian ISP, all being under regime’s control.

Recent internet shutdowns in Syria motivated some people in scanning Syrian Telecommunications Establishment’s (AS29386) network as well as MTN’s (AS52209) network, which is peered only with STE.

``` inetnum: 82.137.217.0 - 82.137.217.255

netname: MTN

descr: MTN Corporate

country: SY

admin-c: FET2-RIPE

tech-c: FET2-RIPE

status: ASSIGNED PA

mnt-by: STEMNT-1

mnt-routes: STEMNT-1

source: RIPE # Filtere ```

Bingo : 34 appliances, including a Packet Shaper Firewall in the “3500″ product range which can be accessed here. The other appliances are shared on two different ranges: 188.160.1.0/24 (MTN) and 82.137.217.0/24 (STE). The packet shaper is on a different range, at address 91.144.8.243:

inetnum: 91.144.8.0 - 91.144.8.255

netname: SY-ISP-INET

descr: INET Internet Service Provider

country: SY

admin-c: BF1657-RIPE

tech-c: HA1563-RIPE

status: ASSIGNED PA

mnt-by: STEMNT-1

source: RIPE # Filtered

And now, the IP addresses of the BlueCoat equipment on the MTN network:

Nmap scan report for 188.160.1.52

Host is up (0.16s latency).

PORT STATE SERVICE VERSION

80/tcp open http Blue Coat proxy server

--

Nmap scan report for 188.160.1.54

Host is up (0.17s latency).

PORT STATE SERVICE VERSION

80/tcp open http Blue Coat proxy server

--

Nmap scan report for 188.160.1.60

Host is up (0.15s latency).

PORT STATE SERVICE VERSION

80/tcp open http Blue Coat proxy server

--

Nmap scan report for 188.160.1.62

Host is up (0.17s latency).

PORT STATE SERVICE VERSION

80/tcp open http Blue Coat proxy server

--

Nmap scan report for 188.160.1.161

Host is up (0.15s latency).

PORT STATE SERVICE VERSION

80/tcp open http Blue Coat proxy server

--

Nmap scan report for 188.160.1.162

Host is up (0.16s latency).

PORT STATE SERVICE VERSION

80/tcp open http Blue Coat proxy server

--

Nmap scan report for 188.160.1.163

Host is up (0.17s latency).

PORT STATE SERVICE VERSION

80/tcp open http Blue Coat proxy server

--

Nmap scan report for 188.160.1.164

Host is up (0.17s latency).

PORT STATE SERVICE VERSION

80/tcp open http Blue Coat proxy server

--

Nmap scan report for 188.160.1.165

Host is up (0.16s latency).

PORT STATE SERVICE VERSION

80/tcp open http Blue Coat proxy server

--

Nmap scan report for 188.160.1.166

Host is up (0.16s latency).

PORT STATE SERVICE VERSION

80/tcp open http Blue Coat proxy server

--

Nmap scan report for 188.160.1.167

Host is up (0.15s latency).

PORT STATE SERVICE VERSION

80/tcp open http Blue Coat proxy server

--

Nmap scan report for 188.160.1.168

Host is up (0.15s latency).

PORT STATE SERVICE VERSION

80/tcp open http Blue Coat proxy server

--

Nmap scan report for 188.160.1.169

Host is up (0.16s latency).

PORT STATE SERVICE VERSION

80/tcp open http Blue Coat proxy server

--

Nmap scan report for 188.160.1.170

Host is up (0.16s latency).

PORT STATE SERVICE VERSION

80/tcp open http Blue Coat proxy server

--

Nmap scan report for 188.160.1.172

Host is up (0.17s latency).

PORT STATE SERVICE VERSION

80/tcp open http Blue Coat proxy server

--

Nmap scan report for 188.160.1.173

Host is up (0.17s latency).

PORT STATE SERVICE VERSION

80/tcp open http Blue Coat proxy server

--

Nmap scan report for 188.160.1.174

Host is up (0.16s latency).

PORT STATE SERVICE VERSION

80/tcp open http Blue Coat proxy server

--

Nmap scan report for 188.160.1.175

Host is up (0.16s latency).

PORT STATE SERVICE VERSION

80/tcp open http Blue Coat proxy server

--

Nmap scan report for 188.160.1.184

Host is up (0.15s latency).

PORT STATE SERVICE VERSION

80/tcp open http Blue Coat proxy server

--

Nmap scan report for 188.160.1.185

Host is up (0.16s latency).

PORT STATE SERVICE VERSION

80/tcp open http Blue Coat proxy server

--

Nmap scan report for 188.160.1.186

Host is up (0.16s latency).

PORT STATE SERVICE VERSION

80/tcp open http Blue Coat proxy server

--

Nmap scan report for 188.160.1.187

Host is up (0.17s latency).

PORT STATE SERVICE VERSION

80/tcp open http Blue Coat proxy server

--

Nmap scan report for 188.160.1.188

Host is up (0.17s latency).

PORT STATE SERVICE VERSION

80/tcp open http Blue Coat proxy server

--

Nmap scan report for 188.160.1.189

Host is up (0.16s latency).

PORT STATE SERVICE VERSION

80/tcp open http Blue Coat proxy server

--

Nmap scan report for 188.160.1.190

Host is up (0.16s latency).

PORT STATE SERVICE VERSION

80/tcp open http Blue Coat proxy server

--

Nmap scan report for inet-ip-243.inet.sy (91.144.8.243)

Host is up (0.16s latency).

PORT STATE SERVICE VERSION

80/tcp open http-proxy thttpd (Blue Coat PacketShaper 3500 firewall)

--

Nmap scan report for 82.137.217.16

Host is up (0.16s latency).

PORT STATE SERVICE VERSION

80/tcp open http Blue Coat proxy server

--

Nmap scan report for 82.137.217.17

Host is up (0.17s latency).

PORT STATE SERVICE VERSION

80/tcp open http Blue Coat proxy server

--

Nmap scan report for 82.137.217.18

Host is up (0.16s latency).

PORT STATE SERVICE VERSION

80/tcp open http Blue Coat proxy server

--

Nmap scan report for 82.137.217.19

Host is up (0.15s latency).

PORT STATE SERVICE VERSION

80/tcp open http Blue Coat proxy server

--

Nmap scan report for 82.137.217.20

Host is up (0.15s latency).

PORT STATE SERVICE VERSION

80/tcp open http Blue Coat proxy server

--

Nmap scan report for 82.137.217.21

Host is up (0.16s latency).

PORT STATE SERVICE VERSION

80/tcp open http Blue Coat proxy server

--

Nmap scan report for 82.137.217.22

Host is up (0.16s latency).

PORT STATE SERVICE VERSION

80/tcp open http Blue Coat proxy server

--

Nmap scan report for 82.137.217.23

Host is up (0.17s latency).

PORT STATE SERVICE VERSION

80/tcp open http Blue Coat proxy server
0 Commentaires
Une info, un document ? Contactez-nous de façon sécurisée