Snowden: The NSA, not Assad, took Syria off the Internet in 2012
In a Wired interview with well-known National Security Agency journalist James Bamford that was published today, Edward Snowden claimed that the US accidentally took most of Syria off the Internet while attempting to bug the country’s traffic. Snowden said that back in 2013 when he was still working with the US government, he was told by a US intelligence officer that NSA hackers—not the Assad regime—had been responsible for Syria’s sudden disconnect from the Internet in November and December of 2012
The NSA’s Tailored Access Office (TAO), Snowden said, had been attempting to exploit a vulnerability in the router of a “major Internet service provider in Syria.” The exploit would have allowed the NSA to redirect traffic from the router through systems tapped by the agency’s Turmoil packet capture system and the Xkeyscore packet processing system, giving the NSA access to enclosures in e-mails that would otherwise not have been accessible to its broad Internet surveillance.
Instead, the TAO’s hackers “bricked” the router, Snowden said. He described the event as an “oh shit” moment, as the TAO operations center team tried to repair the router and cover their tracks, to no avail.
“Fortunately for the NSA, the Syrians were apparently more focused on restoring the nation’s Internet than on tracking down the cause of the outage,” Bamford wrote. Snowden told him that someone joked, “If we get caught, we can always point the finger at Israel.”
It isn’t clear how the failure of a single router within Syria’s national network would have caused the outage on November 29, which lasted for nearly three days and cut off all traffic from the country to the outside world. It’s likely that the Syrian Telecommunications Establishment withdrew Syrian networks from Internet routing tables to prevent further attacks while they tried to determine the cause of the outage.
Syrian state television blamed “terrorists” for the outage at the time, though it was widely assumed the outage was part of a campaign by the Assad regime to deny communications to rebel groups. Syria had previously used illegally obtained network monitoring gear from Blue Coat to break SSL encrypted Web traffic and identify dissidents posting to blogs and social media.