American hackers accidentally disconnected the Internet in Syria in 2012

    In a large interview with Wired magazine, Edward Snowden told many interesting things about the daily work of the CIA and the NSA, for example, about the MonsterMind response program to foreign cyber attacks with an automatic retaliation, about a secret data storage system in Bluffdale (Utah) called Mission Data Repository with yottabytes of information. Previously, the storage was called Massive Data Repository, but the old name was considered too creepy (and accurate).

    Another story is about a funny incident that happened in TAO (Tailored Access Operations) , the NSA's operational unit that is engaged in the practical implementation of backdoors on servers, computers and mobile phones around the world, where it is required to perform practical current tasks.

    In 2012, TAO hackers tried to remotely install an exploit on one of the routers of Syria's largest Internet provider, while the country was in a state of civil war. The exploit would give intelligence access to mail and other Internet traffic for most users (it might be necessary to change the routing tables in the BGP router). But something went wrong, and the router suddenly turned off and completely stopped responding. As a result of this failure, all of Syria suddenly lost its connection to the Internet.

    On Thursday, November 29 at 10:26 UTC (14:26 Moscow time), international communication channels with Syria completely disconnected. In the global routing table, all 84 blocks of Syrian IP addresses became inaccessible, effectively removing this state from the Internet.



    The process of disconnecting Syria from the Internettracked by western companies Renesys and Cloudflare.



    Western rebels suspected the government of the country was disconnecting, and the world community was genuinely outraged by the deprivation of civilians on the Internet.

    A bit about the work of TAO
    Judging by previously declassified documents, TAO uses different methods. For example, it filters out crash messages from Internet traffic if the user clicks on the “Send Report to Microsoft” button. These reports contain identification information about the computer, with which TAO can then track the traffic of a particular PC on the Internet without installing a backdoor.



    Another method for monitoring specific individuals is Quantum Insert - installing hidden servers at the backbone level (at backbone providers and traffic exchange points around the world) that intercept requests from users to specific sites - and respond to them earlier than real servers for which these queries are intended. Technically, a similar attack could be called MiTM with packet injection.

    According to available information, TAO has approximately 600 employees, civilian and military. They work in at least seven different offices. TAO is considered a key component of the NSA division called Signal Intelligence Directorate (SIGINT).



    Sometimes TAO operations fail, as the Syrian example shows.

    No one knew that the United States was involved in disconnecting communications in Syria. At the TAO command center, panicky state hackers experienced what Snowden in an interview calls the situation “oh shit” moment.

    They frantically tried to remotely fix the router and hide the traces of the attack so that the Syrians did not find the sophisticated software with which they managed to penetrate the network and carry out the attack. But since the equipment completely failed - the router did not turn on at all - the error could not be fixed.

    “Fortunately for the NSA, the Syrians have clearly focused on restoring the Internet’s functionality in the country,” Wired writes from Snowden, “rather than finding out the cause of the failure. But in the TAO command center, the hanging tension was defused with a joke: “If they spot it, everything can be blamed on Israel.”

    Also popular now: