As a result of a hack done on the registar MelbourneIT, many English and American media website are currently being hacked by the Syrian Electronic Army (at least that’s what everybody thinks so far). But something much more bizarre is going on right now on the Syrian Telecom Establishment’s website (STE).
STE is more than a simple ISP in Syria, it’s the mother of all Syrian ISP, all other national ISP depend on it to access the global internet. We talked about it a few month ago when busting Bluecoat appliances operating mass surveillance over the Syrian population.
But what is currently going on is far trickier: we are currently observing a very curious redirection from ste.gov.sy – the Syrian government’s ISP to ATT.com, a major American ISP, heavily involved in the PRISM program.
Below is a screencast recorded earlier this afternoon showing this strange redirection. So far, we don’t have any explanation, and no way to tell who did this or why. Is this the result of an American-side hack or a Syrian glitch, or maybe some mysterious Chinese hacker… Who knows.
Update 29/08- 13h
STE.GOV.SY : now with T-Mobile + Verizon + AT&T ?!
$ host ste.gov.sy
ste.gov.sy has address 184.108.40.206 (OrgName: Verizon Data Services LLC) ste.gov.sy has address 220.127.116.11 (OrgName: T-Mobile USA Inc.) ste.gov.sy has address 18.104.22.168 (AT&T Services, Inc.) ste.gov.sy mail is handled by 10 webmail.ste.gov.sy.
Additionaly, STE’s MX (emails) is pointing to a mail server located in Iran, nothing strange considering Hezbollah’s ties with El Assad’s regime though.
(The title of this post is just LULZ, the rest is dead serious)