Belarusian Officials Shut Down Internet With Technology Made by U.S. Firm
(Bloomberg) -- The government of Belarus shut down access to much of the internet during a crucial election this month by using equipment manufactured by a U.S. company to block people's access to thousands of websites, according to two people familiar with the matter.
Sandvine Inc. makes what's known as “deep packet inspection” equipment, used to monitor and filter network traffic. It was obtained by Belarus’s National Traffic Exchange Center, which manages the country’s internet networks, as part of a $2.5 million contract with the Russian technology supplier Jet Infosystems, which supplied the Sandvine equipment, according to government documents and the people.
In soliciting bids for new technology in 2018, the government said it needed help with “countering violations” associated with internet activity. But the real potency of the technology it obtained didn’t become clear until about two weeks ago, when large parts of the internet inside Belarus went dark during one of the most consequential elections in nearly 30 years.
As voters went to the polls on Aug. 9 to pass judgment on the country’s authoritarian leader, President Alexander Lukashenko, social media websites like Twitter and Facebook suddenly became inaccessible, and news sources from outside the country were blocked. Protesters soon found ways around the blockage, using their own anti-censorship technology.
Belarusian authorities said the disruption was caused by a massive cyber-attack, but cybersecurity experts and data rights groups say that a technical analysis of internet activity in the country points to the government. Sandvine’s equipment was integral to the recent internet censorship, according to the two people.
Among its capabilities is blocking traffic to specific websites, which the government started doing on the morning of the election, according to the cybersecurity experts and rights groups. Large swaths of the internet were inaccessible inside Belarus for at least three days. People inside the country lost access to thousands of websites, including Google, YouTube, Twitter, Facebook, and American and British news websites such as CNN.com and BBC.co.uk, according to Alp Toker, chief executive officer of the civil society group NetBlocks, which monitors the internet. Cellphone app stores, as well as popular messaging apps, including WhatsApp, Telegram, and Viber, were also affected, he said.
Belarus’s Interior Ministry and the National Traffic Exchange Center both declined to comment.
Sandvine declined to comment on whether its equipment was sold to Jet Infosystems or used to censor the internet in Belarus. A spokesman directed a Bloomberg reporter to the corporate ethics page on the company’s website, which details how a Business Ethics Committee reviews the use of Sandvine technology to determine the risk of it being used in a “manner detrimental to human rights.”
The committee uses the World Bank index to measure such things as freedom of expression, political stability, rule of law and control of corruption. Sales of Sandvine’s products or services related to regulatory compliance to a country with a low score on the World Bank indices must be approved by the committee, and a certificate of compliance must be signed by the reseller and/or the end user acknowledging that the technology won't be used to violate human rights, according to the website.
“Sandvine takes the use of our technology seriously,” said Lyndon Cantor, Sandvine’s president and chief executive officer, on the company website. “I am committed to ensuring that Sandvine maintains the highest level of ethics and integrity in our activities in the marketplace.”
Jet Infosystems didn’t respond to messages seeking comment.
In 2006, the U.S. government placed sanctions on the Belarusian government and prohibited U.S. companies from providing funds, goods or services "for the benefit" of Lukashenko or others engaged in "actions or policies that undermine democratic processes or institutions," according to Erich Ferrari, a Washington, D.C.-based U.S. sanctions expert.
Nnedinma Ifudu Nweke, an attorney who specializes in U.S. economic sanctions and trade embargoes at Akin Gump Strauss Hauer & Feld LLP, said that a U.S. company selling technology that enables the Belarusian government to censor the internet could be viewed as a violation, even if the technology is provided indirectly through a third party.
"If you know that the technology you are providing to a non-sanctioned person will be used for a sanctioned person's benefit, then that transaction is prohibited," Nweke said. Sandvine declined to comment about potential sanctions violations.
Deep packet inspection systems, which are available from multiple vendors besides Sandvine, are used by governments and companies worldwide to monitor and manage internet traffic, including for spam or other malicious activity. But they can also be used for more controversial tactics. Citizen Lab, a Toronto-based research group that tracks illegal hacking and surveillance, determined in 2018 that deep packet inspection devices from Sandvine was being against users in Turkey, Syria and Egypt to redirect them from legitimate sites to malicious ones, some containing spyware commonly used by governments. In Egypt and Turkey, the devices were also used to block political, human rights and news content, Citizen Lab found.
Sandvine described Citizen Lab’s findings as “false, misleading and technically inaccurate.” Citizen Lab responded by saying it was confident in its research findings.
Researchers have also documented the use of such equipment — without always naming specific vendors -- to censor websites and block access to widely popular social media platforms in China, Russia, Iran and elsewhere, according to digital rights groups, who say deep packet inspection technology is becoming a key part of the counter-information arsenal of many authoritarian governments.
Before Jet Infosystems was awarded the contract from Belarus, it offered to let the National Traffic Exchange Center test Sandvine’s equipment, according to the two people familiar with the matter, who spoke on the condition of anonymity to discuss a confidential contract.
In 2017, Sandvine was acquired by California-based private equity firm Francisco Partners in a deal worth $444 million. Francisco Partners then merged Sandvine with Procera Networks, a U.S. company whose commercial relationship with Russia and other countries in the former Soviet Union dates back at least a decade. In 2012, Procera announced that it had worked with Jet Infosystems to provide deep packet inspection equipment in more than 40 cities throughout Russia, which the company described as the first installation of its kind in the country, providing “real-time network visibility and analytics.”
Francisco Partners didn’t respond to messages seeking comment.
Belarus’s online disruption began as police and the military were setting up roadblocks on entry roads into Minsk on the morning of the election, according to Toker, of NetBlocks. “Internet providers went off one by one,” he said. NetBlocks carried out an analysis of Belarus’s internet and confirmed that the shutdown was implemented in part through deep-packet inspection technology, though it didn’t identify the vendor.
“We’ve always had strict regulation and repressive media laws here,” said Alexey Kozliuk, the co-founder of Human Constanta, a human rights organization based in Belarus. “But we’ve never before seen this kind of massive practice of disrupting the internet.”
Initially, those measures were effective in restricting the flow of information on the internet. Police were filmed violently attacking protesters and snatching people from the streets, but the footage couldn’t be immediately circulated on social media websites or livestreamed on YouTube because of the restrictions.
But within hours, activists began circulating instructions for how to set up the encrypted chat app Telegram using a proxy service. They created websites that bypassed the deep packet inspection filtering system, and used them to distribute Psiphon, which allows people to connect to the internet without censorship. Psiphon uses proxy servers and methods that disguise internet traffic so that it flies under the radar of deep packet inspection.
That allowed protesters to communicate with one another, access the internet and document brutal police violence in the wake of the election, igniting broad-based anger and intensifying calls for Lukashenko’s ouster.
By August 11, Toronto-based Psiphon Inc. had recorded more than 1.7 million unique users in Belarus, equal to nearly a fifth of the country’s total population. Days earlier, the number of Psiphon users in Belarus had been a few thousand, according to the company. The internet disruption in the country – and people’s sudden adoption of Psiphon to combat it – was comparable with previous incidents that have occurred in countries including Syria and Ethiopia, according to Michael Hull, president of Psiphon. (In those instances, it’s not clear which vendors provided the Syrian and Ethiopian governments with equipment for the alleged internet shutdowns.)
It was “quite a remarkable event,” said Hull, Psiphon’s president, adding that people “mobilized at an exponential rate,” hearing about it via word of mouth, paper fliers or by sharing thumb drives. “Our daily active users and corresponding massive traffic requirements continue to grow, after settling down from the initial spike in traffic.”
Access was enabled to many blocked sites after about three days. But dozens are still unreachable, including some news and opposition sites and the encrypted email service Protonmail, Toker said.
“That’s an unintended consequence of the shutdown – suddenly a lot of people here in Belarus now understand digital rights and why access to the internet is so essential,” said Kozliuk, of Human Constanta. “More people know how to get past the blocking. And we have lots of good arguments for Belarusian people to support internet freedoms.”
©2020 Bloomberg L.P.