Don’t get your sources in Syria killed – by Eva Galperin
Because foreign journalists have been virtually banned from Syria during the uprising against Bashar al-Assad’s regime, news coverage has relied heavily on citizen journalists and international reporters working with sources inside the country. Syrians who communicate with foreign news media run the risk of being threatened, detained, tortured, or even killed.
This month, a Syrian court sentenced citizen journalist Mohammed Abdel Mawla al-Hariri to death for the crime of « high treason and contacts with foreign parties. » He was arrested in April immediately after giving an interview with Al-Jazeera about conditions in his hometown of Daraa, in the southern part of the country. According to a report by the Skeyes Center for Media and Cultural Freedom, al-Hariri was tortured after his arrest. In the wake of the verdict and sentencing, he was transferred to Saidnaya military prison north of Damascus.
Al-Hariri is not alone. Press freedom groups such as CPJ and Reporters Without Borders have documented the detention of dozens of journalists; Syrian reporters, bloggers, and activists are regularly followed, arrested, and tortured.
Ordinary citizens who come into contact with international journalists are also targeted. Last fall, British journalist and filmmaker Sean McAllister met with a 25-year-old dissident and computer expert in Damascus who goes by the pseudonym « Kardokh. » Columbia Journalism Review reports that Kardokh had agreed to be interviewed on camera, with the understanding that McAllister would blur his face before publishing the footage. But in October 2011, Syrian security agents arrested McAllister, seizing his laptop, cell phone, camera, and the footage for his documentary–including images and contact information that could be used to identify the activists he interviewed. When Kardokh heard that McAllister had been arrested, he immediately packed his bags and fled to Lebanon. Kardokh reports that several of the activists he had put in touch with McAllister had been arrested and at least one had disappeared. Channel 4, McAllister’s news outlet, told CJRthat the journalist had taken steps to protect his material but Syria proved unusually difficult.
The al-Assad regime’s surveillance of telecommunications–cell phones, text messages, email, and Internet traffic–is remarkably extensive. Using equipment built in the West by companies such as BlueCoat, the Syrian government censors the Internet, blocks websites, and snoops on traffic using Deep Packet Inspection (DPI). As if that was not enough, the Syrian government has sought to expand its surveillance capabilities. Late last year, Bloomberg News reported that the Italian company Area SpA was seeking to pull out of a contract to build an Internet surveillance system in Syria that would give the government the power to « intercept, scan, and catalog virtually every email that flows through the country. » The report went on to say that all work on the system had been suspended, but the scope of the project gives a glimpse into the regime’s Orwellian vision.
In addition to its surveillance apparatus, the Syrian government may also benefit from intelligence gathered by pro-Syrian government hackers, who package malware that can capture webcam activity, disable the notification setting for certain antivirus programs, record key strokes, and steal passwords. The malware is specifically targeted at Syrian activists, including journalists and their sources, and spread through websites offering fake software downloads, fake PDFs purporting to relate to the formation of a new government after the revolution, links sent through email, Skype, and Facebook messages, and links left in the comment section of Facebook pages and YouTube videos that support the uprising.
In light of this exceptionally tricky landscape, here are some suggested best practices for international journalists communicating with sources and journalists inside of Syria.
Check for malware on your computer and have your sources check for malware on theirs. All of the security precautions in the world are useless if the Syrian government has keylogger files full of your passwords and full access to your most sensitive communications. This blog post describes how to detect and remove DarkComet RAT, the most common Trojan installed by pro-Syrian government malware, which is not detectable by most antivirus scans.
Beware of fake websites, strange downloads, and suspicious links. Pro-Syrian government hackers have used fake Facebook and YouTube websites to covertly install malware and gather login credentials. Always check the URL bar at the top of your browser when you are entering your login credentials to make sure you are not visiting a fake website. Be cautious about downloading documents or software over the Internet, even if it is purportedly coming from a friend.
Beware of phones. Do not communicate over landlines or cell phones. Do not send text messages. If your source is concerned about giving away their location, they should refrain from using satellite phones as well.
Always use encryption. Do not use Skype. Skype purports to provide encrypted video chat, but a number of security weaknesses make it inadvisable for use when lives are at stake. If you are using a Web-based mail client, make sure that you are connecting using https–it helps to install the HTTPS Everywhere browser extension. Use PGP encryption for email. Use Adium and OTR (Off the Record) for encrypted messaging.
Syrian sources may be tempted to engage in insufficient security practices if they do not fully understand the regime’s surveillance capabilities. It’s incumbent on journalists to insist on secure communications when dealing with this exceptionally high-risk population. It’s important to get the story out, but it’s even more important to keep your sources safe.