Journal d'investigation en ligne et d'information‑hacking
par KheOps

#OpSyria: When the Internet does not let citizens down

We wrote a lot about Syria's Internet monitoring and censorship. We saw how the authorities, with the (possibly indirect) support of the BlueCoat manufacturer, spied on a vast majority of their population in order to arrest potential opponents. This notably led to some activists being tortured in order to obtain their Facebook or Gmail credentials, in turns allowing authorities to track down their friends and relatives.

We wrote a lot about Syria's Internet monitoring and censorship. We saw how the authorities, with the (possibly indirect) support of the BlueCoat manufacturer, spied on a vast majority of their population in order to arrest potential opponents. This notably led to some activists being tortured in order to obtain their Facebook or Gmail credentials, in turns allowing authorities to track down their friends and relatives.

Although it is still evolving and requires continuous attention, this dark situation has already been widely described and criticised, but very little attention has been paid to what could be done to improve people's communications condition. However, there exist people from here and there who have been trying to re-build secured communication channels. The underlying idea - maybe a bit idealistic - being that freedom of expression should be guaranteed for everybody, and that any person should have the ability to collect as many elements as they want in order to make up their mind on any topic.  In the Syrian context, this somewhat simple consideration is a critical point for which human lives are at stake.

Once again, individuals gathered under the banner of Telecomix have been trying to provide Syrian citizens with tools to reduce the risk of physical retaliation when expressing their opinion on the Internet. This  article tries to give a feedback on what has been done in this direction and how we have proceeded, without diving into technical details.

Bypassing the Wall (of Shame)

We were a bunch of people from American, European and Middle-East countries regrouped on the Telecomix IRC and naively full of good intentions. We knew absolutely nothing regarding the censorship in Syria. We only had the certainty that their outgoing communications were severely limited and that this was the cause of our lack of information. Apart from that, we were totally blind and thus wanted to reach people for two reasons:

  • Promote the use of security tools such as Tor, using HTTPS, avoiding spreading personal information on Internet, etc.
  • Try to help in letting data such as videos or personal testimonies get out of the country while preserving leakers' anonymity.

Technically speaking, it was quite easy to enter Syria. The country's IP ranges can be found easily on the Internet, and scanning all its IP addresses does not require any particular skill. Being a dozen armed with nmap, it was a matter of days. While sailing over the Syrian wires, we met those fifteen charming little BlueCoat devices, devoted to monitor (at least) the country's entire outgoing HTTP traffic and that can be found in the range 82.137.200.42-56. We also had the occasion to laugh when seeing corporate and governmental unprotected boxes, and found a few entry points inside the country that would later allow us to do outgoing connection tests from inside Syria. For a synthetic overview on the country's ISPs, one may want to see this document.

 

The Carrier Pigeons Attack

Establishing human contact was a much more difficult challenge, as the following questions had to be solved:

  • How to reach the maximum number of people ?
  • How to make them trust us and listen to the security advices we would try to give ?
  • How to avoid endangering them while communicating about censorship bypassing methods ?

The third point was the most crucial and did not allow us to contact a too small number of people, as an interception of the communication could have led them to be targeted by the government intelligence. We also decided to avoid Facebook, as it would have needed to post a message on some revolutionary groups pages and we knew that Syrian people's Facebook activity was tracked by authorities. The idea was thus to be as massive as possible and avoid targetting any particular kind of people. Both pro- and anti-Assad people would receive a message, that would not matter. And we would try to get trusted by writing our message as carefully as possible.

In one word, we would send spam. 6,000 e-mails were sent during the night of the 11-12th of August (CEST) with a short text in English and Arabic, and more important, a safety guidelines document written in both languages. E-mail addresses had been collected mainly by crawling the Web. A few faxes were also sent, and the document was relayed on Twitter all around the world.

By the time during which we prepared this campaign, the action widened and more people got involved, including journalists and a few Syrian people - who gave us a crucial help with Arabic translations - brougth to us thanks to the so-called Emergency Communication Division.

As if we had sent thousands of carrier-pigeons over the border, we did not get any direct feedback. Only a few people connected from time to time to the IRC server, most often not saying anything and leaving after a couple of minutes. This meant that something went through. But to be honest, we could hardly do anything more than hoping that a few people would install Tor and use HTTPS a little bit more than before.

Our involvment and concern had increased a lot, but the other side of the wall still seemed terribly silent. We thus took a step towards a more penetrating action.

 

Good Morning, Bashar !

While still considering as essential the need to be careful when trying to establish contact, we wanted to do an action that would undoubtedly reach people.

No standard channel was allowing us to kindly ask every single Syrian to read our previously sent document, that many of them had probably already thrown away, either to their spam folder or because they feared some governmental manipulation. OK guys, then we would have to impose it. We would display it on their screens, by surprise and in unavoidable way. And, of course, during a long enough time so that they would not have anything else to do but read it.

We would use the same consideration as the one on which the Syrian censorship system relies: nearly all the Syrian Internet traffic happens on the Web. We thus targetted the Web traffic and decided to design a small website.

A kind of counter-propaganda operation. A subversive message of hope.

The website would be a comprehensive package of guidelines, advices and even software. We however had to avoid an excess of indormation to preserve it's clarity and efficiency.

It took about one month to design, write, discuss, erase, rewrite, correct and finally package the software. Many people gave their advice either on the design, on the technical content or on how the message would be welcomed on the Syrian side. One of our Syrian contacts put his heart and guts to provide us a perfectly polished Arabic translation. At this point, the 60MB Telecomix Safety Pack website was ready. It contained security Firefox plugins, a Tor bundle, secure instant messaging software, a link to the Telecomix chat and more. It also emphasized basic guidelines such as avoid revealing personal information over the Internet.

Some of those who had followed the preparation then began to ask me regularly "Is it D-Day ?". No, it is not. Do not fall into the trap of precipitation. Give all your attention to the last technical details to avoid ruining a month of sleepless nights spent in working and hoping.

19 mirrors, all using different domain names, managed by 2 load balancers. Not that huge, but hopefully robust enough to both reply to all requests and circumvent a potential blocking against some domain names. Webservers specially installed and configured for this aggressive broadcast. The crossing point between high technical skills, deep emotional involvment and decentralized technological power.

I "pushed the button" on the 5th of September at 1:53am CEST. Then came the anxious monitoring of our respective servers.

Thousands of requests were scrolling on the screen, several megabytes per second were passing through the main mirrors. All servers kept responding bravely to all these requests during the operation time.

Fucking hell yeah. It was working. Cheers, champaign !

 

Cafe-Syria

This time, the feedback came much quicker than we expected. Several dozens of Arabic-speaking nicknames appeared on our IRC channel, as result of clicking the link to our webchat.

Peoples reactions were heterogenous. Once again, many joined and quitted after only a couple of seconds/minutes. Some others seemed to be dazed as if they had been teleported to another planet (nicknames have been changed):

-!- syrian01 [syrian01@marmot.irc.telecomix.org] has joined #opsyria

< syrian01> اي

< lcd> syrian01: hello!

< syrian01> شو؟

< syrian01> مافهمت شي

< syrian01> hello

< syrian01> where am i

Of course, some pro-Assad people landed as well, and seemed quite upset by our operation (although our website did not take position against the regime itself but against the precise actions of censorship and monitoring), being a little bit aggressive and insisting to know our identities, maybe in case they got the opportunity to retaliate:

-!- syrian02 [syrian02@marmot.irc.telecomix.org] has joined #opsyria

< syrian02> بشار وبس

< syrian02> Ju, Till me about ur self, How old are u and where are u from

The most common pattern was however people who trusted us or had already heard of Telecomix during the Egyptian uprisings. As of this moment, nearly every evening saw its mix of English and Arabic discussions, Google Translate being of great help when we tried, for instance, to give instructions on how to install Tor. Although language issues made us fail often in helping efficiently people, at least some of them had increased their Internet security. Some Syrians even asked us how they could help us. Neat.

Having struggled for weeks to pass through this wall of shame and hoped that our action would decrease a bit the lonelyness of a few Syrians, I had a quite indescribable feeling of achievment when I spectated for the first time a discussion between two Syrians, no matter what  they were saying. Compared to our starting point a few weeks ago when we did not even know what was going on in the country, this vision seemed magical. The Internet had eventually pierced through. People of Homs could start knowing what was going on in Aleppo or Damascus, and vice-versa. And, of course all this on an anonymous system that does not leak personal data to users.

Besides the technical advices, new friendships grew indistinctively between people from this feeling of overcoming something together. Late night hours were more auspiscious to confidences and emotions, leading to interesting and/or touching testimonies "from the ground".

 

Snapshots from the Ground

Some discussion extracts give personal and subjective snapshots of what is going on in Syria. This small raw collection of quotes thus simultaneously gives an insight on how certain Syrian people feel about  the situation in their country and illustrates the result of our effort to bypass censorship and monitoring. The reader must however remember that nobody can ensure that any statement is actually true. I reported pieces of discussions that appeared sincere to me.

23:47:33< Muhammad> I want an advise: Today, a close man to the intelligence

                    told me that I must "take care" because my name is with

                    the intelligence. He said I must take care on Facebook and

                    then he left.

--

01:58:25< woodenpaw> and even if it's only a tea with friends and talk

01:58:30< woodenpaw> ;)

01:58:37<@KheOps> Yeah

01:58:38<@KheOps> :)

01:58:51< ahmad> my friends in jail :)

01:58:56<@KheOps> :/

01:59:01<@KheOps> All of them ?

01:59:10< ahmad> not really

01:59:13< ahmad> som of thm are died

01:59:20<@lcd> damn

01:59:22< ahmad> and the others in their houses

--

23:22:20< Muhammad> URGENT: HOMS: HEAVY GUNFIRE IN ALKHALDIAH.

23:22:28<@KheOps> What,right now

23:22:30<@KheOps> ?

23:22:44< Muhammad> Yes.

23:22:56< Ju> shit

23:23:07< Muhammad> And hearing the sound of a strong explosion.

--

23:29:42< Muhammad> I don't really believe in Sunna and Shia anyway..

23:31:23< Muhammad> We try to be far away from sectarianism in our

                    revolution.

--

23:56:20< Muhammad> Now I must go, I will study for tomorrow! Have an exam

                    :(

--

17:22:36< Muhammad> 3 cars like this car stoped in front of me.

17:23:27< deadbyte> what happened ?

17:23:36< Muhammad> And one of those Shabbiha was carrying a Klashen Cove.

17:23:41< Muhammad> I thought they are here for me

17:24:01< Muhammad> Because I they looked at me

17:24:05< Muhammad> But then

17:24:19< Muhammad> They left me

17:24:21< Muhammad> and waited in that area

17:24:51< Muhammad> to opress a demonstration we were planning to do..

17:24:53< Muhammad> *oppress

17:25:17< Muhammad> So these things happen all the time.

17:25:29< strix> Take care of you my friend !

17:25:46< Muhammad> I'm trying :)

17:25:59< Muhammad> But these men are top criminals, they can do anything.

17:26:33< Muhammad> In these days, they do not commit such crimes in the city

                    of [XXXXX].

17:27:03< Muhammad> Because the city "is under control".

17:27:21< Muhammad> But when It's not under control, like [XXXXX], you will

                    hear about these stories in our city.

--

00:00:05 <swedish> Zabadani is an area near Damscuse

00:00:27 <KheOps> YesI understand this

00:00:28 <swedish> it mountain between Syria and Lebanon

00:00:36 <swedish> ok

00:01:14 <swedish>  some of Syrian Army was there

00:01:37 <swedish> and some Soldires of this is broke

00:01:40 <KheOps> Yes, the Syrian Army went to Zabadini, ok

00:01:47 <swedish> and escaped

00:02:03 <KheOps> Ok, they escaped in the mountains ?

00:02:10 <swedish> yes

00:02:17 <swedish> and Mukhabarat

00:02:24 <swedish> was search for them

00:02:30 <KheOps> Ok

00:02:38 <KheOps> Did they find them ?

00:02:39 <swedish> for that they cut commenectios

00:02:45 <swedish> and the roads

00:02:52 <KheOps> Ok

00:02:55 <swedish> I think no

00:03:06 <swedish> because

00:03:23 <swedish> when I go from [XXXX] to [XXXXXX] today

00:03:57 <swedish> they stopped every car or bus come or out to [XXXXXX]

00:10:06 <swedish> I was there yesterday

--

00:48:06<swedish> and all that info got from people

00:48:23<swedish> what do you do with it ?

00:48:27<KheOps> Sometimes I buy new materials, but not often

00:48:40<KheOps> That is a very goodquestion...

00:48:55<swedish> sell to Press ??

00:49:03<swedish> or media ?

--

22:32:07< Ju> ahmad: but you can ear gunfire in the street ?

22:32:32< ahmad> yeah i can hear that

22:32:43< Kapre> death no matterwhere is sad

22:32:43< hazrid> where in syria ahmad?

22:32:47< hazrid> I'm in [XXXXX] atm

22:33:18< ahmad> and sometimes i hear panzers

22:33:32< ahmad> hazarid : you've nothing there :)

22:33:37< ahmad> ما في شي عندكون بخوف هنيك

22:33:39< ahmad> كلو تمام

22:33:40< ahmad> :)

22:33:47< hazrid> t82 or 85, and t72s

22:33:52< hazrid> some t65s too

22:33:54< hazrid> a lot actually

--

00:46:16< Aimar> I can give alot of Fack info, and u will distribute it

--

01:08:23< Aimar> can I ask what do u know about Syria to do like this

                 chat website and Server?

 

Tools and Needs

As a kind of conclusion, let's state in a few words what we provide at the moment, what is going on, and which help we need.

Technically speaking, we basically welcome people on the Telecomix IRC server (irc.telecomix.org, SSL 6697, #opsyria), accessible through a secured webchat. We try to be as present as possible and assist people as much as we can for installing at least Tor and checking that HTTPS connections are not undergoing Man-In-The-Middle attacks. We have a brand new translation bot that works whenever she wants, to improve Arabic-English communications. We have much more sense of humour than Mukhabarat. We try to build pre-configured Tor packages. We set up Tor bridges and VPN endpoints to improve the possibilities to escape censorship. We make websites and wikis to compile advices and security instructions and collect mirrors to host them. We provide an anonymous e-mail address to receive anonymous testimonies from Syrians. We create backchannels on the IRC server and welcome people in private conversations when they need to let information out. We finally also set up two secured Mumble servers to propose an alternative to Skype.

The main things going on right now consist in increasing the number of Tor bridges and VPN endpoints. On the human contact point, providing technical support is a continuous work. Listening to people's stories is also a must-do as it participates to the extraction of information. It is also essential to build trust relationships with often defiant Syrian newcomers. Giving them some trust and telling them some nice words often plays a central role.

It is without surprise that we would accept with pleasure any reliable and trustworthy people who would like to give some CPU power, bandwidth or disk space. Human time would also be highly welcome, especially from people who could help in setting up Tor on newbies' computers.

Finally, as the place seems to become a crossing point for a (still small) number of Syrian internauts, other Syrian citizens are welcome.

 

Acknowledgements

I will, of course, forget some people here. Stating that about a hundred people have contributed at least once to this action is not overrated. Many thanks to all of them, who gave at some point a bit of something to defend freedom of expression.

It is a magical feeling to cross all the borders and work together with people from all around the world, being gathered around a similar conception on freedom of expression. Among the concerned countries, we have at least France, the United States of America, Germany, Sweden, Tunisia and of course Syria.

I can not do without naming some of the hard workers with whom I shared the biggest bits of both anxiousness and joy. Woodenpaw for always contributing quickly, intelligently and strongly to the collective effort. Muhammad for his courage, realism and ever-lasting sympathy. Ju for sharing her knowledge of the ground and welcoming everyone with an Arabic sentence. Punkbob and lcd for being present during the most crucial moments and continuing this long-lasting effort, including the welcoming of newcomers. TheDoctor for his conciliatory and soothing advices as well as for his efforts on the BlueCoat analysis. Zeroconf and truck for bringing up solutions extremely quickly.

And of course the Reflets.info team for pushing the action in a so enthusiastic and encouraging manner.

 

Bonus Track

Today, September the 11th, is Bashar Al-Assad's birthday.

0 Commentaires
Une info, un document ? Contactez-nous de façon sécurisée