Azerbaijan: Government Escalates Hacking Campaign Against Dissent
Several of Azerbaijan’s primary independent news websites have been inaccessible for several days, apparent victims of the government’s escalating cyberwar against dissent.
On March 27, Meydan TV, Azadliq Qezeti, and the local service of Radio Free Europe/Radio Liberty all became inaccessible inside the country, local media reported. As of March 30, they were still inaccessible.
While the blocking of media that provides critical coverage of the Azerbaijani government is not new, a mass outing of every major critical site is. The prevailing speculation is the blackout is an attempt to block out critical Azerbaijani-language coverage of First Lady Mehriban Aliyeva’s appointment as vice president.
The media blackout is the first time the state has sought to create artificial congestion or launch denial-of-service (DDoS) attacks since a technical report from Internet freedom organization VirtualRoad.org definitively tied such attacks to the government itself.
The researchers, who have been monitoring and fending off attacks on Azerbaijani media sites for months, were able to track the origin of the attacks back to several IP addresses used by government ministries. They ultimately concluded that the source was the newly-formed Ministry of Transport, Communications and High Technologies.
Rather than launch DDoS attacks that would shut a website down entirely, VirtualRoad found that the ministry often resorts to creating a local bottleneck they had described in an earlier report as “what looked like artificially engineered bandwidth throttling and network congestion,” which effectively makes the site inaccessible, either for reasons of deniability or to confuse website administrators about the nature of the attack. Questioned by Radio Azadliq for comment on the outages more than 24 hours into the attack, the ministry’s press service seemed to adopt the former tactic, claiming that “information about the blocking of the sites had not been confirmed.”
VirtualRoad also was able to track another series of attacks to a server run by an Azerbaijani hosting company whose owner, surprisingly, readily admitted to facilitating the attack, but declined to name his client.
A parallel investigation by Amnesty International found that Azerbaijani-produced malware used against prominent activists, journalists, and lawyers was also logging keystrokes and sending screenshots back to the same IP addresses identified by VirtualRoad for at least the last thirteen months. Although Amnesty International observed the malware “is not sophisticated, and is in some manner extremely crude,” it is noteworthy that the Azerbaijani state’s online surveillance and intelligence capabilities have improved significantly since mid-2015, when leaked correspondence from the Italian company Hacking Team showed that Azerbaijan had acquired, but struggled to effectively use, the company’s malware. It is an open question whether the government managed this by more actively involving the country’s IT community or by liaising with foreign intelligence services.
The Azerbaijani embassy in London denied Amnesty International’s findings. “We deem this report as yet another attempt to bring disrepute to the Government without establishing facts of the case and any strong evidence in support of alleged involvement,” the embassy said. It did not, however, make clear why or how hackers not working at the state’s behest would be attacking its critics using servers located inside government facilities.
The research also sheds light on a series of campaigns of harassment of several prominent Azerbaijani women on Facebook over the last year. Two journalists and one human rights lawyer reported that photographs that they had never uploaded to the Internet began appearing on newly created Facebook accounts. Those behind the accounts then either began threatening the victim and hinting at more disclosures or, in the case of journalist and human rights activist Khadija Ismayilova, advertising sexual services and telling those interested to call her personal phone number.
Taken together, the attacks on independent websites and harassment on Facebook seem to represent a thorough campaign to block the last few outlets for free speech in the country. Azerbaijan’s last independent newspaper stopped printing in September 2016 after lengthy official pressure, and as Azerbaijanis almost exclusively use Facebook as their social network of choice, making activists uncomfortable with the platform effectively limits their ability to organize or reach a large audience. The government also strengthened penalties for “online defamation” of the president late last year, although no cases have yet been brought under the new statutes.
Facebook is also the primary method of circumventing blocked websites, as independent media can still reach a wide audience by cross-posting much of their content to the platform, which the government – unlike those in Turkey or Tajikistan – has been unwilling to block entirely. It has, however, been willing to lash out at those who become too popular.
Earlier this month, the country’s most popular political blogger, Mehman Huseynov, was sentenced to two years in prison on defamation charges. The charges were brought by a Baku police chief upset that Huseynov had publicly accused his officers of torture, after those officers abducted and tortured Huseynov in January.