Report: Web monitoring devices made by U.S. firm Blue Coat detected in Iran, Sudan
By Ellen Nakashima
American-made devices used for Internet monitoring have been detected on government and commercial computer networks in Iran and Sudan, in apparent violation of U.S. sanctions that ban the sale of goods, services or technology to the autocratic states, according to new research.
Several of the devices, manufactured by California-based Blue Coat Systems, were also discovered in Syria. Although Blue Coat tools have been identified in Syria in the past, the new research indicates that the government of President Bashar al-Assad has more of the monitoring devices than previously known.
Experts say that in Syria, Blue Coat’s tools have been used to censor Web sites and monitor the communications of dissidents, activists and journalists. In Iran and Sudan, it remains unclear exactly how the technologies are being used, but experts say the tools could empower repressive governments to spy on opponents.
“These devices are turning up in places they’re not supposed to be,” said Morgan Marquis-Boire, a project leader at the University of Toronto’s Citizen Lab, which detailed the findings in a new report provided to The Washington Post. “The human rights implications of finding these surveillance technologies in these countries are extremely worrying. It’s a systemic problem.”
Blue Coat promotes itself as a leading provider of Web security and management. According to its Web site, it has 15,000 government and corporate customers worldwide. Its products, including high-end computer systems, are used for myriad purposes, including filtering for computer viruses and child pornography.
Some technology experts, however, have argued that because Blue Coat’s tools have various uses, they fall into regulatory gaps and are thus not subject to certain export restrictions.
“The only thing stopping the export of human-rights-abusing equipment to a country like Sudan is the blanket restriction on exports under the sanctions program,” said Collin Anderson, an independent consultant on the Blue Coat report, which is to be released Tuesday. “There are no controls in place right now on equipment that can also be used to violate human rights.”
David Murphy, Blue Coat’s chief operating officer and president, said the company takes reports about its products in countries under U.S. trade embargoes very seriously. The firm, he noted, is cooperating with a U.S. investigation into how a reseller managed to get the devices into Syria on a few occasions in 2010 and 2011.
“Blue Coat has never permitted the sale of our products to countries embargoed by the U.S.,” Murphy said. “We do not design our products, or condone their use, to suppress human rights. . . . Our products are not intended for surveillance purposes.”
A spokesman for the Treasury Department’s Office of Foreign Assets Control, which enforces U.S. sanctions, declined to comment on the new allegations other than to say, “Treasury takes sanctions violations very seriously and has aggressively pursued enforcement actions where violations have occurred.”
Blue Coat is not the only U.S. company at the center of concerns or allegations that its technology has been used by governments linked to human rights abuses. In 2011, activists raised concerns that technology made by Sunnyvale, Calif.-based Narus, now owned by Boeing, might have been used by the Egyptian government to track activists during the Arab Spring protests there. The firm has not commented on the allegations. In 2011, the Falun Gong movement filed a federal lawsuit alleging that Cisco Systems, which makes Internet routers, sold surveillance technology to the Chinese government for use in tracking members of the movement. Cisco has denied the allegations.
Still, Blue Coat has attracted particular scrutiny from the Citizen Lab, whose latest report marks the third time it has found the firm’s technology in countries with governments linked to human rights abuses. In its investigation, the Citizen Lab focused on two Blue Coat devices: ProxySG and PacketShaper. The tools can be used for Web filtering and traffic analysis and can help users view certain types of encrypted traffic, capabilities that are useful both to network security technicians and spy agencies.
Researchers uncovered the tools by analyzing a massive database of 1.3 billion Internet protocol addresses compiled anonymously by someone who apparently used a network of hacked computers to generate the data — in itself a controversial technique. The Citizen Lab, which said it was satisfied that using the Internet database for research was not illegal or unethical, said it verified the results independently by manually connecting to the devices on these countries’ networks.
The Citizen Lab, based at the Munk School of Global Affairs, found six devices in Iran, three in Sudan and four in Syria, including on networks operated by the state-owned Syrian Telecommunications Establishment. Each device, Marquis-Boire said, probably can monitor the traffic of thousands of individual users.
Blue Coat’s filtering tools were first discovered in Syria in 2011 by a “hacktivist” group, prompting a Commerce Department probe and, in April, a $2.8 million civil fine for one of the firm’s distributors in Dubai.
The department’s Bureau of Industry and Security, which enforces export rules, said the distributor falsely told Blue Coat that the products were being shipped to Iraq and Afghanistan.
“It is vital that we keep technology that can repress the Syrian people out of the hands of the Syrian government,” Eric L. Hirschhorn, the Commerce Department’s undersecretary for industry and security, said in April when the bureau announced the fine imposed on the Blue Coat distributor, Computerlinks FZCO.
Computerlinks FZCO said that under the terms of its settlement it was neither admitting nor denying the allegations.
In a statement to The Post, Blue Coat said, “Even when our products are unlawfully diverted to embargoed countries without our knowledge, we use various techniques to limit our products from receiving updates or support from our servers or support personnel.” Researchers said that blocking ability suggests the company can identify the location of its tools; Blue Coat declined to comment.
Large numbers of opposition members, Assad political opponents and journalists have been subject to arbitrary detention and torture in Syria since the outbreak of violence in that country in 2011. Activists say security forces often target the computer activity of opponents.
“When they arrest you, the first question is, ‘Where is your laptop and what is your password?’ ” said Bassam al-Ahmed, a Syrian human rights activist who was arrested last year and escaped to Istanbul. “Unfortunately, it’s so easy for the regime forces to know everything,” he said. “In most cases, they do.”
Iran, which uses sophisticated tools to censor the Internet and crack down on dissidents, is also facing tough economic sanctions imposed by Western countries seeking to curb its nuclear advances. Still, the Citizen Lab said it detected the presence of Blue Coat’s devices on several networks, including one belonging to the Information Technology Co., which is partially owned by Iran’s Revolutionary Guard Corps. The elite unit is believed to be heavily involved in Iran’s censorship of the Internet.
In Sudan, the Citizen Lab identified the Blue Coat devices on the networks of commercial Internet service provider Canar Telecom. The country, which also faces U.S. sanctions, continues to use the Internet to restrict freedom of expression and crack down on journalists. Sudanese Internet service providers have censored Web sites covering sensitive political protests.
The Citizen Lab said it has found Blue Coat devices in at least a dozen other countries that have poor human rights records, although those countries are not necessarily subject to U.S. sanctions. They include China, Bahrain, Saudi Arabia, Thailand, the United Arab Emirates and Ivory Coast.
Blue Coat, the latest report noted, showed an ability “to turn principles into practice” this year when it removed the “lesbian, gay, bisexual and transgender” category from its Web filter after civil-society groups raised concerns over the discriminatory nature of such a category and its use by the Defense Department and other institutions.