You are not logged in. LOG IN NOW >

After 3-Day Internet Shutdown, Syria's Regime is Now Targeting Activists with Powerful New Malware

BY Lisa Goldman | Thursday, December 6 2012

When the Internet in Syria was suddenly shut down last week, many activists feared that the Assad regime was preparing to cut the civilian population off — particularly the anti-regime activists who use social media to report illicitly on events that the international media are prevented from covering, like massacres of civilians. Suspicions increased when regime officials gave contradictory and illogical explanations for the sudden communications blackout.

The Internet connection was restored after only three days. But the Electronic Frontier Foundation reports that the restoration of online communication was accompanied by powerful new malware that targets anti-regime activists.

Last week, when the Assad regime shut down the Internet across the country for three days, one of the few IP addresses to stay online was the address implicated in the ongoing campaign of surveillance malware targeting Syrian dissidents since November 2011, including a fake anti-hacking tool, a fake Skype encryption tool, and
fake documents allegedly pertaining to the formation of the leadership council of the Syrian revolution. Now EFF has detected two new campaigns of surveillance malware associated with the same IP address — the first we have detected since this summer.

The EFF reporters warn that the malware cannot be removed without deleting and re-installing the entire operating system. The organization is "deeply concerned" about the regime's use of this powerful Internet tool to track and trap activists.

Personal Democracy Media is grateful to the Omidyar Network for its generous support of techPresident's WeGov section.