US-made monitoring devices detected on Iran and Sudan networks

American-made devices used for internet monitoring have been detected on government and commercial computer networks in Iran and Sudan, in apparent violation of US sanctions that ban the sale of goods, services or technology to the autocratic states.

Several of the devices, manufactured by California-based Blue Coat Systems, were also discovered in Syria. Although Blue Coat tools have been identified in Syria in the past, the new research indicates that the government of President Bashar al-Assad has more of the devices than previously known.

Experts say that in Syria, Blue Coat’s tools have been used to censor websites and monitor the communications of dissidents, activists and journalists. In Iran and Sudan, it remains unclear exactly how the technologies are being used, but experts say the tools could empower repressive governments to spy on opponents.

“These devices are turning up in places they’re not supposed to be,” said Morgan Marquis-Boire, a project leader at the University of Toronto’s Citizen Lab, which detailed the findings in a new report provided to The Washington Post. “The human rights implications of finding these surveillance technologies in these countries are extremely worrying.”

Blue Coat promotes itself as a leading provider of web security and management. Its products, including high-end computer systems, are used for myriad purposes, including filtering for computer viruses and child pornography.

Some technology experts, however, have argued that because Blue Coat’s tools have various uses, they fall into regulatory gaps and are thus not subject to certain export restrictions.

“The only thing stopping the export of human-rights-abusing equipment to a country like Sudan is the blanket restriction on exports under the sanctions programme,” said Collin Anderson, an independent consultant on the Blue Coat report.

David Murphy, Blue Coat’s chief operating officer and president, said the company takes reports about its products in countries under US trade embargoes very seriously. The firm, he noted, is cooperating with a US investigation into how a reseller managed to get devices into Syria on occasions in 2010 and 2011.

The report marks the third time Blue Coat’s technology has been found in countries with governments linked to human rights abuses. In its investigation, the Citizen Lab focused on two Blue Coat devices: ProxySG and PacketShaper. The tools can be used for web filtering and traffic analysis and can help users view certain types of encrypted traffic, capabilities that are useful both to network security technicians and spy agencies.

Researchers uncovered the tools by analysing a massive database of 1.3 billion internet protocol addresses compiled anonymously by someone who apparently used a network of hacked computers to generate the data – in itself a controversial technique. The Citizen Lab, which said it was satisfied that using the internet database for research was not illegal or unethical, said it verified the results independently.

The Citizen Lab, based at the Munk School of Global Affairs, found six devices in Iran, three in Sudan and four in Syria, including on networks operated by the state-owned Syrian Telecommunications Establishment. Each device, Marquis-Boire said, probably can monitor the traffic of thousands of individual users.

Iran, which uses sophisticated tools to censor the Internet and crack down on dissidents, is also facing tough economic sanctions imposed by Western countries seeking to curb its nuclear advances. The Citizen Lab said it detected the presence of Blue Coat’s devices on several networks, including one belonging to the Information Technology Co, which is partially owned by Iran’s Revolutionary Guard Corps. The elite unit is believed to be heavily involved in Iran’s censorship of the Internet.