Journal d'investigation en ligne et d'information‑hacking
par KheOps

BlueCoat's Presence in Syria Finally Uncovered

As the reader probably knows, there has been a release of 54GB of BlueCoat logfiles a few weeks ago, finally leading to several mainstream medias mentioning the case, including BBC, the Washington Post and the Bureau of Investigative Journalism. However, I had feedback concerning this log release, notably about the fact that they had been redacted, i.e. that Telecomix removed a part of the information inside them.

As the reader probably knows, there has been a release of 54GB of BlueCoat logfiles a few weeks ago, finally leading to several mainstream medias mentioning the case, including BBC, the Washington Post and the Bureau of Investigative Journalism.

However, I had feedback concerning this log release, notably about the fact that they had been redacted, i.e. that Telecomix removed a part of the information inside them. I am not entering into the debate on whether this was a "good" or a "bad" idea, so let us keep this purely factual : the original log files contain the IP addresses of the (innocent) Syrian Internet subscribers who were visiting Internet websites while being watched by the BlueCoat devices. These IP addresses were all replaced by the fake IP address "0.0.0.0" before the release.

This notably allowed BlueCoat to firstly deny the presence of their devices in Syria, by stating that "0.0.0.0" were obviously not Syrian IP addresses and/or that Telecomix could have "invented" these log files. Given that the US State Departement now seems to be looking into this case, this possibility of denying the facts was reported to me as a particularly annoying thing by some people who are taking care of the case. The issue was notably mentioned by Jacob Appelbaum at the "Power of Adhocracy" conference held in Sweden. EDIT : The Wall Street Journal just published a complete article, notably stating that BlueCoat does...