Spyware designed to spy on protesters

With the Arab Spring now mostly a thing of the past, many regimes are certain to turn to more technological means to monitor the movements of protesters. This is true in Syria, where protests still rage, as the people of that country seek to bring about change to their government.

Not everyone is your "friend" online. Graphic by Ashley Kincaid.

Syria is the first nation to be publicly accused of using a computer virus to spy on the activities of protesters. This is just the latest case of cyber-born espionage. In early 2011, Iran was on the receiving end of a cyber attack. A computer virus damaged the centrifuges at a number of nuclear refineries in Iran; this virus was known as Stuxnet and currently no country or organization has claimed responsibility for the cyber attack.

While Stuxnet was rumored to have caused serious damage and delay to Iran in their development of enriched uranium, this spyware is much more threatening. This is the first reported case of a government actively using viruses to spy on the activities of people within their country. The two viruses do various things: one is a more complexly designed virus that is capable of concealing itself among hidden temporary files on a user’s computer while the other is a less complex virus that is not able to hide as well.

Examination of both viruses shows that that they were produced either December of 2011 or early January of this year. The more complex virus is known as a Trojan, meaning that attackers using the virus often get others to install it by claiming it is something else and distributing a download link. One aid worker in Syria fell victim to this Trojan; it took screen shots of her computer, recorded her accounts and passwords, and then sent all that information to an unknown recipient. She only knew her computer was infected when she discovered the passwords to her Facebook and some of her email accounts had been changed.

The other virus, backdoor.breut, tries to hide its existence on a machine by deactivating the anti-virus on the computer. It then attempts to give hackers remote access to the computer, allowing them to install various programs such as keyloggers. It also accesses a computer’s webcam and snaps shots of the user. The virus tries to gather as much information as possible in the shortest amount of time, but its lack of sophistication means that while it does attempt to disable a computer’s anti-virus, an aware user would notice the changes over a long enough period of time. Analysis shows that this virus sends all the information it gathers to a Syrian Telecommunications Establishment server.

This is just one more step to a world where most battles will go unseen beneath the glow of computer screens. As technology becomes the key means of communication, more will be done to take advantage of the weaknesses inherent in a digital revolution.