The Geekly Guy

This blog contains information regarding all things Linux, although any computer technology subject matter fits within the realm of this blog.

Tuesday, July 09, 2013

Web monitoring devices made by U.S. firm Blue Coat detected in Iran, Sudan

Web monitoring devices made by U.S. firm Blue Coat detected in Iran, Sudan

American-made devices used for Internet monitoring have been detected on government and commercial computer networks in Iran and Sudan, in apparent violation of U.S. sanctions that ban the sale of goods, services or technology to the autocratic states, according to new research.


Several things piqued my interest in this article.

1.  Before I even finished the first page, my thought was, "How could Blue Coat not know this?"  I realize that resellers can lie to Blue Coat, leaving them in the dark as to the location of the devices (as the article discussed actually occurred), but I find it difficult to believe that a vendor of such major standing doesn't have code in place that can tell the vendor the general location of the device.

2.  With bullet #1, how are maintenance agreements and licensing purchased and renewed when the device is essentially black-market?  Maybe with a bit of racketeering in the background?

3.  This appears to be a recurring theme with Blue Coat.

4.  This statement:

Researchers uncovered the tools by analyzing a massive database of 1.3 billion Internet protocol addresses compiled anonymously by someone who apparently used a network of hacked computers to generate the data — in itself a controversial technique.

I've a problem with the above.  You don't take data that was illegally gained and use it.  Who knows if the data was tampered with, for one.  As well, and this is my personal opinion, how are you going to place trust in the authenticity and details if the data was illegally obtained?

5.  Next statement:

The Citizen Lab, which said it was satisfied that using the Internet database for research was not illegal or unethical, said it verified the results independently by manually connecting to the devices on these countries’ networks.

I'm confused about the above.  Most properly installed management stations are going to be isolated from the internet (ie, you shouldn't be able to reach the device directly).  Sure, the devices could've been erroneously placed so that they could be reached from the internet, but I highly doubt each discovered device was misplaced.  And by "connecting to", does Citizen Lab mean that they were able to log into the machine?  Or do they mean they received a login and password prompt (or telnet'd to the devices, or used Nmap or some other technique that may identify the systems without actually logging into them)?

6.  The following statement really confused me:

In a statement to The Post, Blue Coat said, “Even when our products are unlawfully diverted to embargoed countries without our knowledge, we use various techniques to limit our products from receiving updates or support from our servers or support personnel.”Researchers said that blocking ability suggests the company can identify the location of its tools; Blue Coat declined to comment.
This ties into my first bullet.  They're indicating that they know how to limit their products from receiving updates and support.  Well, their normal techniques didn't work in this case.  Or maybe they were selectively turning a blind eye?  I mean, their techniques either work or they don't and I stated earlier that most major vendors should be capable of determining certain information about their purchased/leased devices (ie, it's location, whether maintenance and support is current...).

Blue Coat needs to elaborate on bullet #6, because their refusal to comment makes them look guilty in my eyes.

Labels: , , , , , ,


Post a Comment

<< Home