How did Syria cut off the entire country from the Internet?

May 8, 2013

Web monitoring firm Akamai shows the drastic drop-off on Tuesday (Akamai)

On Tuesday at around 2:45 p.m. EST, Web monitors noticed something strange: Internet traffic in and out of Syria had dropped down to zero. It was as if the entire country had simultaneously unplugged its modems and switched off its smart phones, all at the same moment. And it's still down. How does an entire country go dark?

We can't know what happened for sure, but it's almost certain that this was not an accident and that the Syrian government pulled the plug.

Syria has actually done this once before, when it shut down all Internet activity for 48 hours in November. When that happened, the prevailing theory among Web security analysts was that the Syrian government had manipulated its routers to deny all traffic in or out of the country.

Map showing the Internet cables in and out of Syria. Map showing the Internet cables in and out of Syria.

First, here's what probably didn't happen: cut cables. During the November shut-down, the Syrian government claimed that terrorists had cut the Internet cables connecting the country to the outside world. But this is extremely unlikely for two reasons. First, because four different sets of cables link Syria's Web to the broader world, three of them running underwater and a fourth overland into Turkey. For rebels to reach all four, much less cut them all at the exact same moment, seems implausible. The second reason this seems unlikely is that Internet service came back online in only 48 hours, suspiciously quickly if the issue was cut cables.

The prevailing theory for what caused the last shutdown is, well, technical. An analyst named Matthew Prince, who works for the Web security firm CloudFlare, wrote a long report on his company's site that concluded, "While we cannot know for sure, our network team estimates that Syria likely has a small number of edge routers. All the edge routers are controlled by Syrian Telecommunications. The systematic way in which routes were withdrawn suggests that this was done through updates in router configurations, not through a physical failure or cable cut."

CloudFlare provided a video showing Web traffic gradually being diverted from Syria's many Web routers. Imagine that each of those little nodes are routers and the lines are Web traffic and you can actually see the shutdown happening:

Syria Internet Nov. 29, 2012 from CloudFlare on Vimeo.

We also heard a similar theory from Rob Faris, the research director at Harvard University's Berkman Center for Internet and Society. "If a country wanted to remove itself from the Internet, it can," Faris told the Huffington Post. "There are a limited number of international gateways, and it's really just a matter of how many telephone calls need to be made."

Faris, echoing CloudFlare's theory that Syria had engineered its routers to misdirect traffic, suggested that Syrian IT officials could simply "tweak the routing tables" so that all requests in and out get sent into a "black hole."

There's also the important question of why Syria would do this. When the November shut-down first began, many feared that regime forces were about to commit some sort of act it didn't want the world to see. But no such act came during the 48-hour shutdown. In retrospect, it looks most likely that the regime may have been worried about an ongoing rebel assault against the Damascus airport, an important link to the outside world, and may have shut down Web access as a way to disrupt internal rebel communications.

We'll be watching this throughout the day so check back.

Comments
Show Comments
Most Read World

world

worldviews

Success! Check your inbox for details.

See all newsletters