Leaked Syrian log files reveal attempts to starve rebels of information
Users self-censor to avoid arrest
Syria's Bashar al Assad-led regime blocked scores of legitimate services and entire network regions in its bid to scrub out access to sites such as Reddit, Google and Skype, the first analysis of the nation's web filtering reveals.
Research by three Sydney researchers from National ICT Australia (NICTA), together with three French and British colleagues, examined 600Gbs of Blue Coat System filter logs leaked in 2011 that they say reveal stealthy and targeted censorship by the Assad regime.
Terence Chen, Arik Friedman and Mohamed Ali Kaafar of NICTA together with Abdelberi Chaabane and Mathieu Cunche of INRIA Lyon, France, and Emiliano De Cristofaro of the University College London found collateral damage from Syria's filtering effort.
"We find that traffic filtered in several ways: using IP addresses and domain names to block subnets or websites, and keywords or categories to target specific content," the team wrote in the paper Censorship in the Wild: Analysing Internet Filtering in Syria.
"We show that keyword-based censorship produces some collateral damage as many requests are blocked even if they do not relate to sensitive content. We also discover that Instant Messaging is heavily censored, while filtering of social media is limited to specific pages.
"Finally, we show that Syrian users try to evade censorship by using web/socks proxies, Tor, VPNs, and BitTorrent."
The group analysed logs stolen by Telecomix activists from seven Blue Coat SG-9000 proxies filtering Syrian web traffic for nine days between July and August 2011.
Since then Syria has invested US$500,000 in surveillance equipment meaning the country's capabilities may exceed that studied.
The analysis offered a "detailed snapshot" of filtering not possible through external probing, reporting filtering was based largely on URLs, keywords, destination IP addresses and custom categories.
Entire Israeli subnets were blocked, along with advertisements sporting the word "proxy" and VPN toolbars.
Bashar Al Assad remained Facebook-friendly however, with exception to groups associated with Free Syrian Army groups, and was less of a filter tyrant than counterparts in China and Iran allowing most of the 28 social networks through. Rebels visiting anti-government Facebook groups could be redirected to pro-Assad pages, the researchers contended but did not find.
Instead self-censorship filled in the gaps by citizens wishing to avoid arrest, the team found.
Censorship peaked due to high demand for blocked instant messaging wares like Skype, the researchers said. ®
Sponsored: 2016 Cyberthreat defense report