Today I gave a talk to an audicence consisting mostly of European Studies students at the Faculty of Social Sciences in Gothenburg. I mostly talked about the political paradox of Western “Net freedom” and dictatorship surveillance, and how we lost the credibility as Europeans to criticize other countries in the world. “Surveillance is bad elsewhere but OK in Europe” is simply not a valid strategy.
However, I like concrete examples as pedagogical vehicles for explaining how government surveillance really works. So, I talked about Bluecoat in Syria and how US and EU technology is used to spy on people.
While preparing my talk I repeated some of the diagnostic commands (see above link) that were used to expose Bluecoat in the first place, just out of curiosity. I ran
nmap -A -sS 18.104.22.168, and after two minutes, to my surprise, the nmap program gives the same output as it did almost a year ago. A small excerpt:
21/tcp open ftp Blue Coat ftpd
22/tcp filtered ssh
23/tcp filtered telnet
42/tcp filtered nameserver
80/tcp open http-proxy BlueCoat SG-400 http proxy
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
1720/tcp filtered H.323/Q.931
1863/tcp open msnp?
2000/tcp filtered cisco-sccp
5050/tcp open mmcc?
5060/tcp filtered sip
5101/tcp open admdog?
8080/tcp open http-proxy BlueCoat SG-400 http proxy
So, even though Bluecoat devices get spotted around the world, for example in Burma and Syria, it seems that not much happens. The machines just keep running.
This raises a few questions:
1. Why won’t Bluecoat disable the surveillance gear remotely? These machines were never supposed to be in Syria in the first place.
2. This device is legal to use in the EU due to the data retention directive. To put credible political pressure on Syria and Burma, we need to make them illegal in the EU to begin with. Only then can we legitimately demand their removal with reference to human rights.
Update: I chatted with my more tech-savvy friends and they say the latest bid is that Bluecoat claims that they can not disable the machines remotely, but they have stopped sending upgrades to them. Whether true or not is hard to tell because I can’t find any official statements on this topic.