Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Blue Coat and Syria

Collin Anderson collin at
Tue Oct 11 17:41:56 PDT 2011


It may have escaped the notice of some on this list that last week the
technology collective Telecomix released a set of logs that documents the
web traffic of users of the Syrian Telecommunications Establishment (Syria
Telecom). The logs had been deposited on a poorly secured filesystem by a
set of network monitoring appliances and, compressed, total about 54 GB. The
biggest issue surrounding the find has been the origin -- content filtering
hardware from the American firm Blue Coat.

Leila Nachawati, of Global Voices, has expounded on the immediate censorship
ramifications in an applaudable manner:

Today, Steve Schick, Marketing Director at Blue Coat, responded to the
allegations after they were posted on Slashdot.

Blue Coat does not sell to Syria and neither do we provide any kind of
> technical support, professional services or software maintenance. To our
> knowledge, we do not have any customers in Syria.

U.S. companies are prohibited from selling to Syria. In addition, we do not
> allow any of our resellers, regardless of their location in the world, to
> sell to an embargoed country, such as Syria.

We have seen logs posted that are allegedly from a Blue Coat appliance in
> use in Syria. From these logs, we see no firm evidence that would determine
> there is Blue Coat equipment in Syria; in fact, it appears that these logs
> came from an appliance in a country where there are no trade restrictions.
> In addition, the log files appear to have come from a third party server
> that was storing log files uploaded from one of our appliances. The
> allegation that an organization penetrated one of our appliances through a
> security hole is flatly not true. There are no known vulnerabilities of our
> appliance that would allow such an action.

However, I had previously documented that the devices were shown to be
calling home to Blue Coat's rating and load balancing services. This
indicates that, if the origin of the logs is as stated, Blue Coat appliances
were present in Syria.

Interestingly, and perhaps disconcertingly, after the announcement and
controversy, the server appliances configurations were changed in a way that
nmap would no longer identify them as Blue Coat ProxySG hardware. However,
through this research, Telecomix had identified monitoring services that are
open to the public, and describe a heterogenous environment of Cisco,
Barracuda and ... Blue Coat devices, at another location. Those devices
documented, without a shadow of doubt, 1.) remain in operation, 2.) handle a
high degree of traffic, 3.) exist in Syria.

While we can expect corporations to be profit-motivated, one cannot presume
they are dumb enough to risk federal or civil prosecution over involvement
with embargoed countries. From personal experience with Iran, hardware will
eventually find its way to where there is need — restrictions increase
price, not necessarily decreases availability. No company can reasonably be
held accountable for second-hand sales, and many have increased their
control of distributors as a result of leakages to embargoed countries. It
is unfortunate that Blue Coat chose denial, rather than a mature approach,
to handle the situation.


*Collin David Anderson* | @cda | Washington, D.C.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the liberationtech mailing list