Today I gave a talk to an audicence consisting mostly of European Studies students at the Faculty of Social Sciences in Gothenburg. I mostly talked about the political paradox of Western "Net freedom" and dictatorship surveillance, and how we lost the credibility as Europeans to criticize other countries in the world. "Surveillance is bad elsewhere but OK in Europe" is simply not a valid strategy.
However, I like concrete examples as pedagogical vehicles for explaining how government surveillance really works. So, I talked about Bluecoat in Syria and how US and EU technology is used to spy on people.
While preparing my talk I repeated some of the diagnostic commands (see
above link) that were used to expose Bluecoat in the first place, just
out of curiosity. I ran
nmap -A -sS 184.108.40.206, and after two
minutes, to my surprise, the nmap program gives the same output as it
did almost a year ago. A small excerpt:
21/tcp open ftp Blue Coat ftpd 22/tcp filtered ssh 23/tcp filtered telnet 42/tcp filtered nameserver 80/tcp open http-proxy BlueCoat SG-400 http proxy 135/tcp filtered msrpc 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 593/tcp filtered http-rpc-epmap 1720/tcp filtered H.323/Q.931 1863/tcp open msnp? 2000/tcp filtered cisco-sccp 5050/tcp open mmcc? 5060/tcp filtered sip 5101/tcp open admdog? 8080/tcp open http-proxy BlueCoat SG-400 http proxy
So, even though Bluecoat devices get spotted around the world, for example in Burma and Syria, it seems that not much happens. The machines just keep running.
This raises a few questions:
1. Why won't Bluecoat disable the surveillance gear remotely? These machines were never supposed to be in Syria in the first place.
2. This device is legal to use in the EU due to the data retention directive. To put credible political pressure on Syria and Burma, we need to make them illegal in the EU to begin with. Only then can we legitimately demand their removal with reference to human rights.
Update: I chatted with my more tech-savvy friends and they say the latest bid is that Bluecoat claims that they can not disable the machines remotely, but they have stopped sending upgrades to them. Whether true or not is hard to tell because I can't find any official statements on this topic.