Friday, November 11, 2011

Researchers Spot Blue Coat Web Control Gear In Another Repressive Regime: Burma

Since Web filtering and network monitoring gear from Blue Coat Systems turned up in Syria last month, the company has been scrambling to avoid a reputation as an Internet arms provider to the world’s most repressive dictatorships. A new report from Canadian researchers won’t help: It shows that Blue Coat gear has been used in Burma, too.

A team at Citizen Lab, a research center at the University of Toronto focused on Internet security and human rights, released evidence Wednesday that shows Blue Coat devices were deployed in Burma as well as Syria to filter and surveil the Internet. Using remote scanning tools and field researchers in both countries, they say they’ve found 13 more Blue Coat devices in Syria, as well as strong evidence that the company’s gear was used in Burma as well.

Citizen Lab found three clues that place Blue Coat gear used for surveillance and censorship in the military-controlled Southeast Asian country. First, they scanned IP addresses at Burma’s primary internet service provider Yatanarpon Teleport, and found names of devices that match Blue Coat’s names like “fw-webfilter” and “bc-director.” Second, they queried Blue Coat devices known to be in Syria and matched their error messages with those in Burma. And third, they correlated their own survey of 500 blocked websites in Burma with preset categories of filtering on Blue Coat devices like “Intimate Apparel and Swimsuits” and “LGBT,” and found a close-to-100% correlation.

“While not definitive, it is unlikely that this correlation would be as strong were Burma to use an alternative filtering system,” reads the report. Ron Deibert, a University of Toronto political science professor and Citizen Lab’s director, makes a stronger statement: ”With these three pieces of evidence, it’s practically impossible that these aren’t Blue Coat devices.”

A Blue Coat spokesperson I reached by phone declined to comment immediately and referred me to a statement on the company’s website published yesterday.”Blue Coat has become aware that certain Blue Coat ProxySG Web security appliances apparently were transferred illegally to Syria after being lawfully sold to a channel distribution partner for a seemingly appropriate designated end user. Blue Coat does not sell to countries embargoed by the US, and does not allow its partners to sell to embargoed countries,” the statement reads in part. “We don’t want our products to be used by the government of Syria or any other country embargoed by the United States. If our review of the facts about this diversion presents solutions that enable us to better protect against future illegal and unwanted diversion of our products, we intend to take steps to implement them.”

Burma, sometimes known as Myanmar, remains on a list of companies with whom the U.S. government carefully restricts trade, though it’s not clear whether sales of Blue Coat-type devices to the country would be illegal. Under the military junta that controls the country, opposition groups and minorities have been brutally repressed, and during a bloody crackdown on protests in 2007 the country became the first to temporarily shut down its Internet altogether.

The use of Blue Coat’s technology in Syria was revealed last month when the hacker group Telecomix exfiltrated and analyzed 54 gigabytes of data from a device in Syria. Blue Coat later admitted to the Wall Street Journal that its devices were in Syria, but claimed they had found their way to the country through sales to Iraq via the United Arab Emirates, and that the company hadn’t been aware of its gear’s presence in Syria. ”We don’t want our products to be used by the government of Syria or any other country embargoed by the United States,” Blue Coat executive Steve Daheb, told the Journal, adding that Blue Coat was “saddened by the human suffering and loss of human life” in Syria.

Some have expressed skepticism about Blue Coat’s ignorance of Syria’s use of its devices. “Bet you anything that the Syrian Blue Coat products are registered, and that they receive all the normal code and filter updates,” wrote security guru and blogger Bruce Schneier.

Blue Coat is only the latest Internet firm to face criticism for–wittingly or unwittingly–supplying dictators with tools for controlling and exploiting the Internet. Narus, a cybersecurity and digital surveillance subsidiary of Boeing, was found to have sold technology to the Libyan government. Cisco sold network censorship and spying gear to China. And a trio of other firms, American NetApp, French Qosmos, and German Ultimaco all had their technology used by the Italian firm Area SpA to set up a vast surveillance system in Syria.

While only some of those cases potentially violate U.S. trade restrictions, those companies’ ethical problems may be far more serious, says Jillian York, director of international freedom of expression at the Electronic Frontier Foundation. “It’s not about export controls,” she says. “Even if Blue Coat didn’t sell to Syria, they say they were selling to the UAE and Iraq, countries that also use these tools for unlawful surveillance and have no privacy controls.”

Citizen Lab’s Deibert says legal restrictions on trade can only go so far, particularly when non-U.S. companies offer competing products. “Legislation can only apply within jurisidations,” he says. “This really requires the media and researchers to lift the lid on the Internet and find out what goes on beneath the surface.”

Source : http://www.forbes.com/sites/andygreenberg/2011/11/09/researchers-spot-blue-coat-web-control-gear-in-another-bad-regime-burma/

0 comments:

Post a Comment