This is a translation in English by Syria News / Hacktivist (Thanks) available here of our initial paper in french.
We were naively thinking that the US State Department (FR) had managed to decrease Blue Coat’s commercial zeal (FR). But what does a 2.8 million dollars fine represent for a company like Computerlink ? We now have the answer: nothing. We can already expect answers such as “it is not our fault” or “we could not know”. It however makes no doubt that they knew it, as this has already been explained and demonstrated. As usual, we are thus now waiting patiently for a Blue Coat denial quickly followed by a confession. Let’s however address right now the possible “we could not know” answer they could give.
Today, a message on IRC attracted our attention over a Pastebin page. This page shows the presence of not less than 34 Blue Coat appliances, which is way more than the number BlueCoat initially confessed for, pretending they could not know how they arrived there.
Blue Coat knows exactly the number of active appliances on the Syrian soil, because their devices contact the firm’s servers as soon as there is a software or filtering list update. Hence, the firm must have seen not less than 34 connections from Syrian IP addresses in their update servers’ logs. And we already know how these devices are used by Syrian ISP, all being under regime’s control.
Recent internet shutdowns in Syria motivated some people in scanning Syrian Telecommunications Establishment’s (AS29386) network as well as MTN’s (AS52209) network, which is peered only with STE.
inetnum: 82.137.217.0 - 82.137.217.255 netname: MTN descr: MTN Corporate country: SY admin-c: FET2-RIPE tech-c: FET2-RIPE status: ASSIGNED PA mnt-by: STEMNT-1 mnt-routes: STEMNT-1 source: RIPE # Filtere
Bingo : 34 appliances, including a Packet Shaper Firewall in the “3500″ product range which can be accessed here. The other appliances are shared on two different ranges: 188.160.1.0/24 (MTN) and 82.137.217.0/24 (STE). The packet shaper is on a different range, at address 91.144.8.243:
inetnum: 91.144.8.0 - 91.144.8.255 netname: SY-ISP-INET descr: INET Internet Service Provider country: SY admin-c: BF1657-RIPE tech-c: HA1563-RIPE status: ASSIGNED PA mnt-by: STEMNT-1 source: RIPE # Filtered
And now, the IP addresses of the BlueCoat equipment on the MTN network:
Nmap scan report for 188.160.1.52 Host is up (0.16s latency). PORT STATE SERVICE VERSION 80/tcp open http Blue Coat proxy server -- Nmap scan report for 188.160.1.54 Host is up (0.17s latency). PORT STATE SERVICE VERSION 80/tcp open http Blue Coat proxy server -- Nmap scan report for 188.160.1.60 Host is up (0.15s latency). PORT STATE SERVICE VERSION 80/tcp open http Blue Coat proxy server -- Nmap scan report for 188.160.1.62 Host is up (0.17s latency). PORT STATE SERVICE VERSION 80/tcp open http Blue Coat proxy server -- Nmap scan report for 188.160.1.161 Host is up (0.15s latency). PORT STATE SERVICE VERSION 80/tcp open http Blue Coat proxy server -- Nmap scan report for 188.160.1.162 Host is up (0.16s latency). PORT STATE SERVICE VERSION 80/tcp open http Blue Coat proxy server -- Nmap scan report for 188.160.1.163 Host is up (0.17s latency). PORT STATE SERVICE VERSION 80/tcp open http Blue Coat proxy server -- Nmap scan report for 188.160.1.164 Host is up (0.17s latency). PORT STATE SERVICE VERSION 80/tcp open http Blue Coat proxy server -- Nmap scan report for 188.160.1.165 Host is up (0.16s latency). PORT STATE SERVICE VERSION 80/tcp open http Blue Coat proxy server -- Nmap scan report for 188.160.1.166 Host is up (0.16s latency). PORT STATE SERVICE VERSION 80/tcp open http Blue Coat proxy server -- Nmap scan report for 188.160.1.167 Host is up (0.15s latency). PORT STATE SERVICE VERSION 80/tcp open http Blue Coat proxy server -- Nmap scan report for 188.160.1.168 Host is up (0.15s latency). PORT STATE SERVICE VERSION 80/tcp open http Blue Coat proxy server -- Nmap scan report for 188.160.1.169 Host is up (0.16s latency). PORT STATE SERVICE VERSION 80/tcp open http Blue Coat proxy server -- Nmap scan report for 188.160.1.170 Host is up (0.16s latency). PORT STATE SERVICE VERSION 80/tcp open http Blue Coat proxy server -- Nmap scan report for 188.160.1.172 Host is up (0.17s latency). PORT STATE SERVICE VERSION 80/tcp open http Blue Coat proxy server -- Nmap scan report for 188.160.1.173 Host is up (0.17s latency). PORT STATE SERVICE VERSION 80/tcp open http Blue Coat proxy server -- Nmap scan report for 188.160.1.174 Host is up (0.16s latency). PORT STATE SERVICE VERSION 80/tcp open http Blue Coat proxy server -- Nmap scan report for 188.160.1.175 Host is up (0.16s latency). PORT STATE SERVICE VERSION 80/tcp open http Blue Coat proxy server -- Nmap scan report for 188.160.1.184 Host is up (0.15s latency). PORT STATE SERVICE VERSION 80/tcp open http Blue Coat proxy server -- Nmap scan report for 188.160.1.185 Host is up (0.16s latency). PORT STATE SERVICE VERSION 80/tcp open http Blue Coat proxy server -- Nmap scan report for 188.160.1.186 Host is up (0.16s latency). PORT STATE SERVICE VERSION 80/tcp open http Blue Coat proxy server -- Nmap scan report for 188.160.1.187 Host is up (0.17s latency). PORT STATE SERVICE VERSION 80/tcp open http Blue Coat proxy server -- Nmap scan report for 188.160.1.188 Host is up (0.17s latency). PORT STATE SERVICE VERSION 80/tcp open http Blue Coat proxy server -- Nmap scan report for 188.160.1.189 Host is up (0.16s latency). PORT STATE SERVICE VERSION 80/tcp open http Blue Coat proxy server -- Nmap scan report for 188.160.1.190 Host is up (0.16s latency). PORT STATE SERVICE VERSION 80/tcp open http Blue Coat proxy server -- Nmap scan report for inet-ip-243.inet.sy (91.144.8.243) Host is up (0.16s latency). PORT STATE SERVICE VERSION 80/tcp open http-proxy thttpd (Blue Coat PacketShaper 3500 firewall) -- Nmap scan report for 82.137.217.16 Host is up (0.16s latency). PORT STATE SERVICE VERSION 80/tcp open http Blue Coat proxy server -- Nmap scan report for 82.137.217.17 Host is up (0.17s latency). PORT STATE SERVICE VERSION 80/tcp open http Blue Coat proxy server -- Nmap scan report for 82.137.217.18 Host is up (0.16s latency). PORT STATE SERVICE VERSION 80/tcp open http Blue Coat proxy server -- Nmap scan report for 82.137.217.19 Host is up (0.15s latency). PORT STATE SERVICE VERSION 80/tcp open http Blue Coat proxy server -- Nmap scan report for 82.137.217.20 Host is up (0.15s latency). PORT STATE SERVICE VERSION 80/tcp open http Blue Coat proxy server -- Nmap scan report for 82.137.217.21 Host is up (0.16s latency). PORT STATE SERVICE VERSION 80/tcp open http Blue Coat proxy server -- Nmap scan report for 82.137.217.22 Host is up (0.16s latency). PORT STATE SERVICE VERSION 80/tcp open http Blue Coat proxy server -- Nmap scan report for 82.137.217.23 Host is up (0.17s latency). PORT STATE SERVICE VERSION 80/tcp open http Blue Coat proxy server