Snowden: The NSA Caused a Massive Internet Blackout in Syria

In a new interview, the fugitive leaker claims the spy agency accidentally took down Syria’s Internet during its prolonged civil war.

National Journal
Add to Briefcase
Dustin Volz
Aug. 13, 2014, 5:51 a.m.

The Na­tion­al Se­cur­ity Agency in­ad­vert­ently brought Syr­ia’s In­ter­net to a screech­ing halt na­tion­wide in 2012 after a failed at­tempt to hack in­to the war-torn coun­try’s com­mu­nic­a­tions data, ac­cord­ing to a new claim by Ed­ward Snowden.

The fu­git­ive leak­er, in a sprawl­ing new in­ter­view with Wired, said that NSA agents tried to ex­ploit a core router of a ma­jor In­ter­net ser­vice pro­vider in or­der to tap in­to Syr­ia’s emails. But the plot back­fired, bring­ing the coun­try’s In­ter­net down for days amid an es­cal­at­ing civil war.

When he went to work for Booz Al­len Hamilton in early 2013, Snowden was already dis­il­lu­sioned with the gov­ern­ment’s sur­veil­lance prac­tices but “had not lost his ca­pa­city for shock,” writes James Bam­ford:

One day an in­tel­li­gence of­ficer told him that TAO—a di­vi­sion of NSA hack­ers—had at­temp­ted in 2012 to re­motely in­stall an ex­ploit in one of the core routers at a ma­jor In­ter­net ser­vice pro­vider in Syr­ia, which was in the midst of a pro­longed civil war. This would have giv­en the NSA ac­cess to email and oth­er In­ter­net traffic from much of the coun­try. But something went wrong, and the router was bricked in­stead—rendered totally in­op­er­able. The fail­ure of this router caused Syr­ia to sud­denly lose all con­nec­tion to the In­ter­net—al­though the pub­lic didn’t know that the U.S. gov­ern­ment was re­spons­ible. (This is the first time the claim has been re­vealed.)

In­side the TAO op­er­a­tions cen­ter, the pan­icked gov­ern­ment hack­ers had what Snowden calls an “oh shit” mo­ment. They raced to re­motely re­pair the router, des­per­ate to cov­er their tracks and pre­vent the Syr­i­ans from dis­cov­er­ing the soph­ist­ic­ated in­filt­ra­tion soft­ware used to ac­cess the net­work. But be­cause the router was bricked, they were power­less to fix the prob­lem.

For­tu­nately for the NSA, the Syr­i­ans were ap­par­ently more fo­cused on restor­ing the na­tion’s In­ter­net than on track­ing down the cause of the out­age. Back at TAO’s op­er­a­tions cen­ter, the ten­sion was broken with a joke that con­tained more than a little truth: “If we get caught, we can al­ways point the fin­ger at Is­rael.”

Syr­i­an Pres­id­ent Bashar al-As­sad’s gov­ern­ment has peri­od­ic­ally turned off In­ter­net ser­vices in spe­cif­ic areas be­fore launch­ing an at­tack, ac­cord­ing to The Wash­ing­ton Post. On at least three oc­ca­sions, the sporad­ic out­ages, which have con­tin­ued in­to this year, were na­tion­wide.

It is un­clear which black­out Snowden is ref­er­en­cing, but any black­out would have the po­ten­tial to dis­rupt com­mu­nic­a­tions among frac­tured rebel groups and aid the As­sad re­gime.

Dur­ing one massive, pro­longed black­out in Novem­ber of 2012, the As­so­ci­ated Press, a num­ber of oth­er news out­lets, and cy­ber­war­fare ex­perts con­cluded the Syr­i­an gov­ern­ment was likely to blame. Syr­i­an au­thor­it­ies, mean­while, poin­ted the fin­ger of re­spons­ib­il­ity at rebel in­sur­gents. Oth­er the­or­ies for how the black­out star­ted cir­cu­lated widely, but few ap­pear to have sug­ges­ted the U.S. gov­ern­ment could be the cul­prit.

The Novem­ber black­out was seen as the worst to hit Syr­ia since its civil war began in early 2011. Dur­ing the In­ter­net shut­down, Re­u­ters re­por­ted that As­sad’s forces were plan­ning a “mil­it­ary show­down around Dam­as­cus.”

U.S. of­fi­cials at­temp­ted to provide Syr­i­an op­pos­i­tion forces with an al­tern­at­ive to cir­cum­vent the black­out, and be­rated those thought to be re­spons­ible for bring­ing down the coun­try’s In­ter­net.

“We con­demn this latest as­sault on the Syr­i­an people’s abil­ity to ex­press them­selves and com­mu­nic­ate with each oth­er,” a State De­part­ment spokes­wo­man said at the time, not­ing that it had provided 2,000 units of com­mu­nic­a­tions gear to some rebel groups.

The NSA did not im­me­di­ately re­spond to a re­quest for com­ment re­gard­ing its po­ten­tial in­volve­ment with In­ter­net black­outs in Syr­ia.

Also in the Wired pro­file, Snowden claims to have wit­nessed a pro­gram, known as Mon­ster­Mind, un­der de­vel­op­ment that would hunt for the ori­gins of a po­ten­tial for­eign cy­ber­at­tack. Once threat­en­ing mal­ware was de­tec­ted at a point of entry, Mon­ster­Mind “would auto­mat­ic­ally fire back,” a level of ag­gres­sion which Snowden said gave him con­cern be­cause “at­tacks can be spoofed.”

“You could have someone sit­ting in China, for ex­ample, mak­ing it ap­pear that one of these at­tacks is ori­gin­at­ing in Rus­sia,” Snowden said. “And then we end up shoot­ing back at a Rus­si­an hos­pit­al. What hap­pens next?”

Snowden re­peated his harsh cri­ti­cisms of Dir­ect­or of Na­tion­al In­tel­li­gence James Clap­per, who months be­fore the ini­tial Snowden leaks told a Sen­ate pan­el that the U.S. did “not wit­tingly” col­lect data on mil­lions of Amer­ic­ans.

Clap­per “saw de­ceiv­ing the Amer­ic­an people as what he does, as his job, as something com­pletely or­din­ary,” Snowden said. The com­puter tech­i­cian ad­ded that Clap­per’s testi­mony in part drove him to ex­pose the NSA’s secret sur­veil­lance pro­grams.

Snowden, 31, is liv­ing in Rus­sia, where last week he earned a three-year res­id­ency per­mit after his one year of asylum ex­pired. He faces es­pi­on­age charges in the U.S. for leak­ing clas­si­fied gov­ern­ment secrets.


Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.