National Security Agency leaker Edward Snowden has claimed a team of NSA hackers was responsible for effectively knocking the entire country of Syria offline two years ago during a period of intense fighting in its still-ongoing civil war.
Snowden’s claim is significant because many observers believed one of several other parties to be responsible for the outage, including Syrian President Bashar Assad’s government, hackers aligned with but perhaps not a part of Assad’s government, or Israel.
Snowden’s story, as revealed in an interview with Snowden published Wednesday in WIRED, goes like this: The NSA team essentially tried to get access to a primary component of Syria’s main Internet Service Provider. Syria only has one big ISP, making it a particularly inviting target for electronic snooping; setting up that backdoor would have given the U.S. unparalleled access to nearly all digital communications within Syria, a major intelligence advantage.
But the plan backfired as the NSA team accidentally fried the very equipment it was trying to tap. The hardware was so vital to Syria’s Internet infrastructure that its loss essentially plunged the country into digital darkness — ironic, because other parts of the U.S. government were trying to keep Syria connected. Writer James Bamford describes Snowden’s claim:
WIRED‘s Snowden story has another cybersecurity scoop: The former NSA contractor claims for the first time that the U.S. government was (or still is) working on a cybersecurity response program that automatically detects and blocks incoming cyberattacks. However, the program — dubbed “MonsterMind” — isn’t just defensive: Once it blocks an attack, it then automatically carries out a counter-attack against what it thinks was the source, Snowden says.
That could be an issue, says Snowden, as good hackers can — and typically do — make their online attacks look like they’re coming from somewhere else. “You could have someone sitting in China, for example, making it appear that one of these attacks is originating in Russia. And then we end up shooting back at a Russian hospital,” he explains.
The NSA did not comment to WIRED on Snowden’s claims about Syria’s Internet outage or MonsterMind, but it’s possible that MonsterMind or programs like it would be designed to circumvent such spoofing by detecting a rerouted address and either standing down or switching targets.