spotted: sandvine back at it, this time, in Azerbaijan

In August, when people in Belarus took the streets across the country in protest of election results where incumbent President Lukashenka secured yet another victory in a contested presidential election, authorities deliberately cut the internet. Quickly, experts concluded DPI technology may be in use. By the end of August, it was reported that this DPI technology was produced by the Canadian company Sandvine and supplied to Belarus as part of a $2.5million contract with the Russian technology supplies Jet Infosystems.

DPI (Deep Packet Inspection) is known as digital eavesdropping that allows information extraction. More broadly as explained here, DPI “is a method of monitoring and filtering internet traffic through inspecting the contents of each packet that is transmitted through an inspection point, allowing for filtering out malware and unwanted traffic, but also real-time monitoring of communications, as well as the implementation of targeted blockings and shutdowns.” 

Canadian company Sandvine is owned by American private equity firm Francisco Partners.

 

Sandvine technology has been detected in many countries across the world, including in Ethiopia, Iran, as well as Turkey, and Syria as previously reported. One other country where Sandvine technology was reportedly deployed is Azerbaijan

In Azerbaijan, the DPI deployments have been used since March 2017. This was reported in January 2019, when VirtualRoad, the secure hosting project of the Qurium – Media Foundation published a report documenting fresh attacks against Azerbaijan’s oldest opposition newspaper Azadliq’s website (azadliq.info). The report concluded: “After ten months trying to keep azadliq.info online inside Azerbaijan using our Bifrost service and bypassing multi-million dollar DPI deployments, this is one more sign of to what extent a government is committed to information control”.  

Another report released in April 2018 showed evidence of the government of Azerbaijan using Deep Packet Inspection (DPI) since March 2017. The report also found out that this specialized security equipment was purchased at a price tag of 3 million USD from an Israeli security company Allot Communications.

Now, according to this story reported by Bloomberg, Sandvine worked with Delta Telecom – Azerbaijan’s main internet provider and owned by the government to install a system to block live stream videos from YouTube, Facebook, and Instagram. “The social media blackout came last week after deadly clashes with Armenia. As a result, people in Azerbaijan couldn’t reach websites including Facebook, WhatsApp, YouTube, Instagram, TikTok, LinkedIn, Twitter, Zoom, and Skype, according to internet monitoring organization Netblocks,” wrote Bloomberg. 

Azerbaijan Internet Watch has been monitoring the situation on the ground since September 27, the day when clashes began. Together with OONI, Azerbaijan Internet Watch reported that access to several social media applications and websites was blocked. 

Access to the Internet remains throttled in Azerbaijan as of writing this post. Many of the social media applications remain accessible only through a VPN provider. As a result, authorities have resorted to other means in order to prevent users from using VPN services. From banks to ISPs encouraging users not to use VPN services, this account on Facebook made a list of VPNs alleging they were of Armenian origin in order to discourage users.

Azerbaijan may end up blocking more online content

Four months ago, the Plenum of the Supreme Court in Azerbaijan annulled previous court decisions issued by the Courts of Appeal and Cassation regarding five news websites that were blocked in 2017. On June 5, the Plenum sent the cases back to the Baku Court of Appeal for reconsideration.

The five media platforms include Meydan TV, Azadliq Radio [Azerbaijan Service for Radio Free Europe], Turan TV, Azerbaijansaadi, and Azadliq newspaper [not related to Azadliq Radio]. In March 2017, the Ministry of Communication [which later became the Ministry of Transportation, Communication, and High Technologies] restricted access to these online resources on the grounds these websites’ content was threatening national security and promoted “violence, hatred, or extremism” and “violated privacy or constituted slander.” The forensics carried out by an independent organization Virtual Road showed evidence of Deep Packet Inspection (DPI) technology used to interfere with access even before there was a court ruling in place. By May 2017, the Ministry had a court ruling to block access. In December 2017, the Court of Appeal in Baku upheld the court ruling from May.

The blocking of these news resources came shortly after the National Parliament of Azerbaijan adopted changes to the law on Information, Informatisation, and access to Information. With the new changes, authorities were allowed to block access to any website on the grounds it contained prohibited information, was posing danger to the state or society, and in the case, the website owner failed to remove content within eight hours of receiving the notification.

In 2017, the Ministry asked for the following in its court appeal:

  1. court order to prevent access to five platforms’ websites;
  2.  block all other resources offering access to the content (this included YouTube, Facebook, and other online resources);

In its decision, the Sabail Court ruled in favor of the first request, leaving the second demand out. The Ministry was satisfied and blocking became effective immediately. 

Three years later, the Ministry of Communication, Transportation, and High Technologies went straight to the Plenum.  According to media law expert Khaled Aghaly, the reason is that the Ministry wants to expand blocking. Considering the experience with the previous court decisions and rulings in Azerbaijan, the chances of the court ruling coming out in favor of the blocked websites are dim. 

Although the Ministry has not explicitly mentioned any of the platforms or names of other resources that have shared content from these blocked news outlets, Aghaly explains that in the new complaint the Ministry claims that the blocked news resources continue to share their content online using other “resources” and that other media platforms also share the content from these blocked platforms. It is possible that the Ministry is looking for ways to not only prevent access to more online news sites but also, access to social media platforms of Azadliq Radio, Meydan TV, and others.

Can individual social media accounts and/or content be blocked? 

Technically it can. There are previous instances where Facebook did limit access to certain content. This was the case in Thailand in 2017 when Thai users of the social media platform no longer had access to a video that showed the country’s king at a mall in Germany, his tattoos exposed and accompanied by one of his mistresses. According to this Vice story, Facebook blocked the video based on Thailand’s government legislation that deems it insulting to the king and in violation of the country’s laws banning criticism of the monarchy. 

Another option to prevent access is on an ISP level. An example would be what happened in Kazakhstan in 2019 when the government there instructed local ISPs to force their users into installing a government-issued certificate on all their devices, and in every browser. With this certificate installed, the government had access to users’ HTTPS traffic that normally would keep it anonymous. In case, users refused to install the certificate, they were blocked from accessing the internet altogether. At the time, the Kazakh Ministry of Digital Development Innovation and Aerospace said the measure was “aimed at enhancing the protection of citizens, government bodies and private companies from hack attacks, internet fraudsters and other  types of cyber threats.”

Similarly, “mobile service providers instructed their customers to install encryption software on mobile phones that would allow security services to intercept data traffic and circumvent email and messaging applications’ encryption.”

It is worth noting that ISPs in Azerbaijan are bound to the government for the main internet backbone provider in Azerbaijan is government-owned Delta Telekom. In addition, the history of collaboration between mobile operators and the Ministry of the Interior is full of examples when private information of customers was handed over and as a result, led to further targeting. 

Impunity for all these user violations is rampant.

Activist’s YouTube channel down

On December 5, Shakir Zade, Azerbaijani activist living abroad, reported his YouTube channel was taken down by the platform following takedown requests made by Milli TV, Qanun TV and AnTV.

Following the incident, it was possible to identify that Milli TV and Qanun TV were working together, however, since the incident, it has been not possible to locate the admins of either of the YouTube channels or the Milli TV YouTube channel.

On December 10, it was still possible to see, two email addresses that were connected to each of the YouTube channels – chikogame40@gmail.com (Qanun TV) and efs9797@mail.ru (Milli TV). However, since Zade’s channel was restored, this information appears to be missing, as well as any traces of Milli TV on YouTube. The following message appears when using the previous link associated with Milli TV.

Zade also said, he was reached out by the admin of AnTV who informed Zade, his personal account was hacked during the reporting and that it was not the original owner of the channel who reported Zade’s YouTube channel.

This is not the first time, YouTube accounts, Facebook accounts, or Instagram accounts have been taken down by the companies following “takedown requests” by contentious users in Azerbaijan.

Update: December 19, 2019

Shakir Zade’s YouTube account was once again reportedly taken down by the YouTube platform after a series of “copyright violation” reports sent in by AnTV and Qafqaz News accounts.

The alleged victim who claims the videos were a copyright violation is registered at samxalceferli94@gmail.com and samxalofficial194@gmail.com. administers AnTV and Qafqaz News.

Update: January 3, 2020

YouTube once again has closed down Shakir Zade’s YouTube channel, on what seems like yet another false copyright violation report.

This time, Milli TV appeared to have a new email: alihasanov.gov.az@gmail.com. Ali Hasanov is a former aid to the president. He was known prior to his dismissal as the man behind media censorship in Azerbaijan. He was dismissed on November 30, 2019 as part of alleged reforms introduced by the president Ilham Aliyev.