By Stephan Faris on November 15, 2012 – Bloomberg – Scott-Railton’s involvement in the Syrian cyberwar wasn’t high-tech. Over several months, he set himself up as a bridge between two worlds, passing reports of hacking on to various companies who could investigate attacks on their users, take down bogus websites, and configure browsers to flag suspect sites as potential threats.
For Syrians, the system provided a quick, sure way to limit damage as attempts to break into accounts affiliated with the opposition became more sophisticated. For tech companies, it was an opportunity to address violations as they happened—though those violations have also exposed the vulnerabilities of some of the world’s most popular social networking services.
Facebook, which in 2011 responded to hacking attempts in Tunisia by routing communications through an encrypted server and asking users to identify friends when logging in, wouldn’t comment on what, if anything, the company is doing in Syria. Contacted by Bloomberg Businessweek, a spokesperson provided a statement saying: “Security is a top priority for Facebook and we devote significant resources to helping people protect their accounts and information, wherever they live and whatever the circumstances. … We will respond quickly to reports—whether from formal or informal channels—about worrying and problematic security threats from groups, organizations and, on occasion, from governments.”As the war intensified, the cyberattacks waged by pro-government Syrian hackers became more ambitious. In the weeks before his arrest in December 2011, Karim, the young doctor, had begun to suspect his hard drive had been compromised. His Internet bill—which in Syria varies according to the traffic being used—had more than quadrupled, though he still isn’t sure exactly how his computer was infected. He suspects the malware may have been transmitted by a woman using the name Abeer who contacted him on Skype last autumn and sent him photos of herself. Another possibility is a man who sent Karim an Excel spreadsheet and said he could provide monetary support for the revolution.
In prison, Karim’s captors mentioned both people. His interrogators knew about his high Internet bills, as well: “The policeman told me, ‘Do you remember when you were talking to your friend and you told him you had something wrong and paid a lot of money? At that time we were taking information from your laptop.’ ”
Before the Syrian revolution, Karim had never participated in politics. “I would just go to work and then go home,” he says. But the Arab Spring awakened something inside him, and when demonstrators gathered for a second week of major demonstrations, Karim joined them. The first protest he attended was also the first in which the regime deployed the army to crush dissent, killing dozens of demonstrators across the country. Shortly afterward, Karim signed up to man field hospitals, caring for wounded activists. The worst injuries were from snipers, he recalls. “Sometimes people would be shot in the back, and they’d be paralyzed. Sometimes we found bullets in the face, and all the bones in the face were broken. When we found people shot in the abdomen, sometimes we couldn’t do anything because we didn’t have the proper equipment.”
When it came to the Internet, Karim was typical of many of his fellow activists: enthusiastic, naive, and all too often complacent where security was concerned. “Sometimes we’d say to each other, ‘If there was no Internet, there would be no revolution,’ ” he says.Just 18 percent of Syrians use the Internet, and government restrictions along with sanctions by the U.S. and Europe have limited Syrians’ access to updated software and antivirus programs. Karim occasionally used the Tor application recommended by Othman but found the connection too slow for video. A friend in Qatar sent him a link to a secure VPN, but he wasn’t able to download the necessary software.
On Dec. 25, 2011, Karim met with a group of doctors to put the final touches on a plan to better coordinate the opposition’s field hospitals. The next day he spoke with a friend on Skype and agreed to meet him to film a Christmas video he hoped would be a show of unity between faiths. When he left his safe house, the police were waiting for him. They knew where they would find him and where he was going. “Skype was the best way for us, for communication,” he says. “We heard that Skype was very safe and that nobody can hack it, and there is no virus for Skype. But unfortunately, I was the first victim of it.