Snowden: The NSA Caused a Massive Internet Blackout in Syria

In a new interview, the fugitive leaker claims the spy agency accidentally took down Syria’s Internet during its prolonged civil war.

National Journal
Add to Briefcase
Dustin Volz
Aug. 13, 2014, 5:51 a.m.

The Na­tion­al Se­cur­ity Agency in­ad­vert­ently brought Syr­ia’s In­ter­net to a screech­ing halt na­tion­wide in 2012 after a failed at­tempt to hack in­to the war-torn coun­try’s com­mu­nic­a­tions data, ac­cord­ing to a new claim by Ed­ward Snowden.

The fu­git­ive leak­er, in a sprawl­ing new in­ter­view with Wired, said that NSA agents tried to ex­ploit a core router of a ma­jor In­ter­net ser­vice pro­vider in or­der to tap in­to Syr­ia’s emails. But the plot back­fired, bring­ing the coun­try’s In­ter­net down for days amid an es­cal­at­ing civil war.

When he went to work for Booz Al­len Hamilton in early 2013, Snowden was already dis­il­lu­sioned with the gov­ern­ment’s sur­veil­lance prac­tices but “had not lost his ca­pa­city for shock,” writes James Bam­ford:

One day an in­tel­li­gence of­ficer told him that TAO—a di­vi­sion of NSA hack­ers—had at­temp­ted in 2012 to re­motely in­stall an ex­ploit in one of the core routers at a ma­jor In­ter­net ser­vice pro­vider in Syr­ia, which was in the midst of a pro­longed civil war. This would have giv­en the NSA ac­cess to email and oth­er In­ter­net traffic from much of the coun­try. But something went wrong, and the router was bricked in­stead—rendered totally in­op­er­able. The fail­ure of this router caused Syr­ia to sud­denly lose all con­nec­tion to the In­ter­net—al­though the pub­lic didn’t know that the U.S. gov­ern­ment was re­spons­ible. (This is the first time the claim has been re­vealed.)

In­side the TAO op­er­a­tions cen­ter, the pan­icked gov­ern­ment hack­ers had what Snowden calls an “oh shit” mo­ment. They raced to re­motely re­pair the router, des­per­ate to cov­er their tracks and pre­vent the Syr­i­ans from dis­cov­er­ing the soph­ist­ic­ated in­filt­ra­tion soft­ware used to ac­cess the net­work. But be­cause the router was bricked, they were power­less to fix the prob­lem.

For­tu­nately for the NSA, the Syr­i­ans were ap­par­ently more fo­cused on restor­ing the na­tion’s In­ter­net than on track­ing down the cause of the out­age. Back at TAO’s op­er­a­tions cen­ter, the ten­sion was broken with a joke that con­tained more than a little truth: “If we get caught, we can al­ways point the fin­ger at Is­rael.”

Syr­i­an Pres­id­ent Bashar al-As­sad’s gov­ern­ment has peri­od­ic­ally turned off In­ter­net ser­vices in spe­cif­ic areas be­fore launch­ing an at­tack, ac­cord­ing to The Wash­ing­ton Post. On at least three oc­ca­sions, the sporad­ic out­ages, which have con­tin­ued in­to this year, were na­tion­wide.

It is un­clear which black­out Snowden is ref­er­en­cing, but any black­out would have the po­ten­tial to dis­rupt com­mu­nic­a­tions among frac­tured rebel groups and aid the As­sad re­gime.

Dur­ing one massive, pro­longed black­out in Novem­ber of 2012, the As­so­ci­ated Press, a num­ber of oth­er news out­lets, and cy­ber­war­fare ex­perts con­cluded the Syr­i­an gov­ern­ment was likely to blame. Syr­i­an au­thor­it­ies, mean­while, poin­ted the fin­ger of re­spons­ib­il­ity at rebel in­sur­gents. Oth­er the­or­ies for how the black­out star­ted cir­cu­lated widely, but few ap­pear to have sug­ges­ted the U.S. gov­ern­ment could be the cul­prit.

The Novem­ber black­out was seen as the worst to hit Syr­ia since its civil war began in early 2011. Dur­ing the In­ter­net shut­down, Re­u­ters re­por­ted that As­sad’s forces were plan­ning a “mil­it­ary show­down around Dam­as­cus.”

U.S. of­fi­cials at­temp­ted to provide Syr­i­an op­pos­i­tion forces with an al­tern­at­ive to cir­cum­vent the black­out, and be­rated those thought to be re­spons­ible for bring­ing down the coun­try’s In­ter­net.

“We con­demn this latest as­sault on the Syr­i­an people’s abil­ity to ex­press them­selves and com­mu­nic­ate with each oth­er,” a State De­part­ment spokes­wo­man said at the time, not­ing that it had provided 2,000 units of com­mu­nic­a­tions gear to some rebel groups.

The NSA did not im­me­di­ately re­spond to a re­quest for com­ment re­gard­ing its po­ten­tial in­volve­ment with In­ter­net black­outs in Syr­ia.

Also in the Wired pro­file, Snowden claims to have wit­nessed a pro­gram, known as Mon­ster­Mind, un­der de­vel­op­ment that would hunt for the ori­gins of a po­ten­tial for­eign cy­ber­at­tack. Once threat­en­ing mal­ware was de­tec­ted at a point of entry, Mon­ster­Mind “would auto­mat­ic­ally fire back,” a level of ag­gres­sion which Snowden said gave him con­cern be­cause “at­tacks can be spoofed.”

“You could have someone sit­ting in China, for ex­ample, mak­ing it ap­pear that one of these at­tacks is ori­gin­at­ing in Rus­sia,” Snowden said. “And then we end up shoot­ing back at a Rus­si­an hos­pit­al. What hap­pens next?”

Snowden re­peated his harsh cri­ti­cisms of Dir­ect­or of Na­tion­al In­tel­li­gence James Clap­per, who months be­fore the ini­tial Snowden leaks told a Sen­ate pan­el that the U.S. did “not wit­tingly” col­lect data on mil­lions of Amer­ic­ans.

Clap­per “saw de­ceiv­ing the Amer­ic­an people as what he does, as his job, as something com­pletely or­din­ary,” Snowden said. The com­puter tech­i­cian ad­ded that Clap­per’s testi­mony in part drove him to ex­pose the NSA’s secret sur­veil­lance pro­grams.

Snowden, 31, is liv­ing in Rus­sia, where last week he earned a three-year res­id­ency per­mit after his one year of asylum ex­pired. He faces es­pi­on­age charges in the U.S. for leak­ing clas­si­fied gov­ern­ment secrets.