"Breaking news: traffic from Syria disappears from Internet."
So read a Tuesday alert issued by Umbrella Security Labs, which reported that all outbound Internet traffic from Syria had disappeared. The country's Internet connection remained offline for about 24 hours, before appearing to come online again about 11 a.m. Eastern Time Wednesday.
Multiple Internet monitoring firms corroborated the outage. "Since 18:45 UTC on May 7th, Renesys hasn't seen a flicker of activity," said Jim Cowie, CTO of Renesys, in a blog post Wednesday morning, before the country's Internet connection appeared to come back online. "We haven't been able to successfully send a ping or a traceroute to any host inside Syria. Government websites, universities, domain name servers, core infrastructure routers, banks, businesses, DSL customers, smartphones: all silent."
Akamai likewise confirmed the "traffic drop to Syria" with a chart that shows hits and megabits of data being delivered to the country plummeting to zero after 2 p.m. Eastern time Tuesday. Akamai confirmed that traffic levels remained at zero early Wednesday morning.
[ Is it easier to catch a hacker with honey? Read Sweet Password Security Strategy: Honeywords. ]
The blackout occurred after both of the top-level domain name servers for Syria -- ns1.tld.sy and ns2.tld.sy -- became unreachable. "Routing on the Internet relies on the Border Gateway Protocol (BGP). BGP distributes routing information and makes sure all routers on the Internet know how to get to a certain IP address," according to a blog post from Dan Hubbard, CTO of Umbrella Security Labs, which is the threat research division of OpenDNS. "When an IP range becomes unreachable it will be withdrawn from BGP, this informs routers that the IP range is no longer reachable," he said. But in the case of Syria, "currently there are just three routes in the BGP routing tables for Syria, while normally it's close to 80."
"Effectively, the shutdown disconnects Syria from Internet communication with the rest of the world," Hubbard said. "It's unclear whether Internet communication within Syria is still available. Although we can't yet comment on what caused this outage, past incidents were linked to both government-ordered shutdowns and damage to the infrastructure, which included fiber cuts and power outages."
Image courtesy of Renasys
This isn't the first time the Syrian Internet has blacked out. In November 2012, the Syrian government may have hit a "kill switch", taking the country's Internet services offline for two days, or else the infrastructure may have simply failed. Prior Syrian Internet outages occurred in July and August 2012, as well as June 2011.
According to Renasys, Syria's Internet connections comprise overland connections from its northern neighbor, Turkey, as well as three different submarine communications cables from Cyprus, Egypt and Lebanon. All told, Syria works with four different telecommunications providers, it said, although one of those connections -- with Turk Telekom -- has been offline for almost two weeks.
Renesys CTO Cowie said the latest Syrian Internet blackout shouldn't be surprising, given that the country remains in the midst of a bloody civil war. "In the middle of the chaos and tragedy of civil war, why is anyone surprised when the Internet stops working?" he said. "Isn't it actually more shocking and noteworthy that the Internet in Syria actually functions pretty well 360 days out of the year?"
The Internet outage may temporarily slow the efforts of the Syrian Electronic Army hacktivist group that's allied to the regime of Syrian president Bashar al-Assad. The group recently compromised Associated Press Twitter accounts and tweeted hoax messages about explosions at the White House. It later compromised the Twitter feeds for the Guardian and on Monday, satire site The Onion.
"To be flippant for a second, this outage might at least shed some light as to whether the Syrian Electronic Army -- who have been causing quite a nuisance by hacking media organizations lately -- are really based in Syria, or not, as some tend to suspect,"
said Graham Cluley, senior technology consultant at Sophos, in a blog post.
Antivirus systems alone can't fight a growing category of malware whose strength lies in the fact that we have never seen it before. The How To Detect Zero-Day Malware And Limit Its Impact report examines the ways in which zero-day malware is being developed and spread, and the strategies and products enterprises can leverage to battle it. (Free registration required.)