Threat Watch
Join Cloudflare CTO John Graham-Cumming for a weekly look at the latest trends in online attacks, with insights derived from the billions of cyber threats Cloudflare blocks every day.
Original airdate: July 6, 2020
Transcript (Beta)
Welcome to this Monday, July 6th edition of Threat Watch, which is my little show where we talk about threats to the Internet.
Sometimes it's DDoS, sometimes it's recent hacking attempts.
And actually over a few weeks, we've talked occasionally about large Internet outages, be they mistakes or deliberate ones.
And I decided this Monday to talk exclusively about the situation that's happening in Ethiopia and the larger context of government-backed and other Internet outages around the world.
And for that, I've got a special guest, Behran Teja from AccessNow, who knows a lot more about the Internet being shut down than I do, even though I see it from the Cloudflare side of things.
So welcome, Behran, nice to have you.
Thank you for having me. You're obviously in space. I'm in Lisbon, but you're obviously in space somewhere, which is a good place to have observed the Internet from far away.
But let's just talk about some recent outages. So we had an interesting thing, which was that back in 2017, in Togo, in September 2017, there was an Internet shutdown, and a group of organizations took the government of Togo to court.
Now, they took them to court in, there's a regional grouping, ECOWAS, which is Economic Community of West African States.
And they have a court, which looks at things like human rights and other pan -regional issues.
And a group of people took the Togo government to court saying that the Internet shutdown was unlawful, because it has an effect on people's lives, daily lives.
And on the 25th, the court actually rendered a judgment saying it was legal, and asked the government of Togo not to do it again, basically.
Is that right? Yep, that's correct. And that was pretty, pretty surprising, right?
I mean, you sort of, suddenly, we see an actual court decision saying, no, no, you shouldn't shut down the Internet.
Amnesty and a number of other organizations got involved in that.
Now, if we flip over from West Africa, to East Africa, to Ethiopia, we've got an Internet shutdown going on right now.
So it just, in terms of Ethiopia, Ethiopia is the second most populous country on the African continent, 110 million people, something like that.
So very large country without Internet access.
You know, when I think about Ethiopia, I think about that, I think about as sort of the birthplace of humanity in many ways, and there's lots of evidence that that's where humanity really got going, and then moved through the Middle East.
Also, I mean, in 2019, the current Prime Minister, Abiy Ahmed Ali, won the Nobel Peace Prize in part for ending the 20-year conflict with Eritrea, which has sort of gone on and on and on.
And of course, the other person I think about is Tedros Adhanom Ghebreyesus, I'm going to make sure I got that right, who is the head of the World Health Organization.
So incredibly relevant right now. And he was the first person from the African continent and the first non -doctor, he's a microbiologist.
So he's running WHO during the COVID thing.
We've got a Prime Minister in place who's won the Nobel Peace Prize.
But we've got a very serious Internet shutdown. And just to look at it from Cloudflare's perspective, this is what it looks like.
So this graph is May until today.
You can see that, you know, roughly every day you get a, Cloudflare sees about the same amount of traffic from Ethiopia to all sorts of sites and services that Cloudflare operates.
And then right at the end of June, beginning of July, the Internet goes not quite zero, it's running at about 1% of what it was.
Perhaps, you know, I've read that obviously in the news, but perhaps you can give the listeners who might not know the news, the context for why the Internet is currently off in Ethiopia.
Sure. Yeah. Thanks, John. So a very prominent, you know, Oromo musician activist was shot and killed last week.
So he was, you know, between 2015 and 2018, Ethiopia was rocked with so many protests.
So he was basically the soundtrack of that protest. So he was very prominent, you know, and really had unified a lot of people around the cause of freedom and justice for all of the people that have been killed and imprisoned.
So when he was killed last week, Monday evening, on Tuesday, of course, people gathered around the city in different part of the country and started protesting.
And, you know, and definitely within that protest, there were definitely some violence, both from, you know, organized vigilante groups and also, of course, from government forces.
And then, you know, between then and now, around 166 people have died.
And that's just the number the government has admitted. So amidst all of that, the Internet completely went off at 9am on Tuesday morning.
So it's going to be tomorrow, it's going to be a week. So when the Internet went off, there were definitely, we've seen content online on Facebook and other platforms that were inciting violence.
Some of the violence was ethnic targeted.
And of course, some of the violence was also perpetrated by government forces.
So the government is claiming that they shut down the Internet because there was content online that was inciting violence.
But in reality, if you ask, you know, what is happening on the ground and what the Internet shutdown has affected, and you know, what its implication is now is that, you know, Amnesty International, Human Rights Watch, and many other different, you know, human rights organizations, defenders, activists are unable to identify and verify incidents.
You know, I had a really hard time getting in touch with my parents. I live in Nairobi, and my parents are in Addis.
Phone lines were not working. You know, I haven't talked to my mom face to face, like with WhatsApp or whatever for like a week now.
You know, but those are really good problems to have, right? Like nothing happened to my folks.
But it's a really hard time for a lot of people. Human rights organizations are unable to verify incidents.
You know, victims of the violence are also unable to speak out, you know, to call for justice.
So there's a lot happening.
Of course, you know, the economy, like businesses have been completely affected.
But now today, it seems critical infrastructure. So few selected government agencies have been connected to the Internet.
And within that agency, it's only key staff that are connected.
So it's not your random civil servant that that has Internet access.
Yeah, so that's where we are today. Right. And that's what you described there right at the end.
I think we've seen in other instances where the Internet gets cut off by a government order, which is in fact, it doesn't get cut off completely.
There's like a sort of, you know, select group of people who still get access to the Internet.
And you can kind of see that in this graph I've got here, which is the little tick up at the end is today.
And we're still not through a complete day today.
And there's actually been a little increase in usage, which is probably those networks that you're talking about.
Has this also affected things like just ordinary phone calls?
Can you not phone in just using international telephone calls?
So the first last week on Tuesday around, when they shut down the Internet, it was almost impossible to get through even with international phone calls.
So you'd call, you would hear ringing on your side, but they wouldn't receive anything.
So landlines were working. So the way I was able to get in touch with my folks, for instance, was using the landline.
And well, it took took such a long time to remember even what that number was, that they had a landline, because everybody uses mobile.
But I was like, I'm so happy they keep paying for that bill.
That's, you know, it's, it's handful now. But now you can get in touch with people using mobile phones.
But you know, in some areas, it keeps dropping every two minutes.
And then of course, international SMS is cut off.
So I, when I send a message, they will receive it. But when they reply, it doesn't come through.
Right, right. So they can, you know, you can send them a message saying, I'm going to call you in five minutes, but that's, you won't get it get a response from them.
Yeah. And so yeah, we're coming up on a week, this is a pretty long time, because Ethiopia has had other instances of shutdowns.
I know that I think it was in March, there was a shutdown in particular regions, right.
And I know that Access Now was talking about asking it to be turned on again, because of the COVID crisis, sort of ironic, given that the head of the WHO is Ethiopian, but just talk with me a little bit about what you've seen in terms of Internet shutdowns, and you know, the relationship with the COVID crisis we're going through.
Yeah, you know, we, you know, in an ideal world, we'd assume because of COVID and the pandemic, and the importance of access to information, and you know, critical information that can potentially save your lives, you know, governments would be turning on the Internet in context where they've shut down the Internet.
Unfortunately, that's not the case. So Ethiopia had shut down the Internet, starting from June 3, no, July, no, January 3, this year until March.
And this was in one specific part of the country where there was, you know, armed conflict between armed groups and the state forces.
So that Internet shutdown lasted for three months, you know, you're calling on the government to turn on the Internet, even one of the government official came out and said, because you were saying, you know, because of COVID, you have to turn on the Internet, because one way people can access that information is through social media.
And one of the government official at that point said, you know, there are no tourists going to that to that region, so they won't have any COVID.
So there's no point on the Internet.
Unfortunately, that wasn't the case. You know, there were, of course, cases that were confirmed in that area.
They finally, after so much pressure, turned the Internet on.
But unfortunately, that's not the story in Myanmar.
That's not the story in Bangladesh. That's not the story in the Jammu and Kashmir regions of India.
So we're seeing a shutdown now happening in Rakhine and Chin states in Myanmar, even during COVID.
So basically, what that means is that people are in certain contexts, you know, when COVID started in the first two months, people didn't know what COVID-19 was, because there was no information coming through.
So in Pakistan, that's the same thing right now, where people don't have access to information.
And I think the one that's, to be honest, most devastating is in the Bangladesh, the refugee camps, where you have over 900,000 refugees packed in a very, very small space.
There's no sanitary equipment, they don't have water.
The only way potentially they can, you know, fight for their life is using credible and resourceful information about how to protect themselves, how to disinfect and everything else.
But they don't have Internet, and they're not allowed to have SIM cards.
So that's what we're seeing across these regions right now.
Yeah, I wanted to bring this up, which is that, you know, obviously, I spoke about Togo, Ethiopia.
In the past, we've seen outages in Gabon, for example, Democratic Republic of Congo, which might make it seem like this is somehow a sort of Central African, sort of middle of Africa problem.
But this is really worldwide. So you've mentioned Myanmar, Bangladesh, parts of India, you know, and I know that even while working at Cloudflare, we've seen Syria go offline.
I mean, this is sort of a sort of global habit in a way to shut down Internet.
What are the reasons you see given for Internet shutdowns?
Yeah, so what we've seen at least for 2019 and 2018 is that, you know, elections are one trigger for Internet shutdown.
So we were expecting a shutdown in Togo for elections, which they did.
In Burundi, they also shut down the Internet. So elections are like, especially in contexts where there most likely won't be a free and fair election where, you know, a shutdown seems to happen.
So governments want to censor content, you know, no one wants to, no government wants, you know, citizens to live stream by violence being fitted with election, you know, cards and all of those things.
So, you know, we understand why that's basic censorship. So the other one is, of course, one justification that we hear a lot is fake news and misinformation as being a trigger point for a shutdown.
This is, of course, not to say that, you know, fake news, misinformation, disinformation is not a threat.
It is definitely a threat both for democratic and undemocratic governments, but shutting down the Internet doesn't really solve the actual foundational issues that you might have on the ground.
So that's one we've seen. So national security is the most common one that we get.
So when they say national security, it can mean a range of many things.
So it can be one that, you know, when like the same thing that we're seeing in Ethiopia, protests are also an important trigger for shutdown.
So we saw a shutdown in Mali a few weeks back when there was a protest and they totaled, you know, social media platforms.
And then of course, there are some that are not, you know, that are not political.
So, okay. So previously we've heard, you know, the sharks ate the fiber optics.
I doubt if the sharks ate the fiber optics, but that's how, you know, we get some ridiculous justifications like that.
We've seen in other contexts like in Malawi and other places where third party actors or non-state actors, you know, interfere with Internet connection.
And, you know, there are some genuine technical problems and of course, accidental cable cuts.
So it's a wide range of issues that are hinted here. Yeah. Yeah. And I know that in some countries I've seen there be Internet shutdowns during examinations where there are national exams that are very important.
Cause I've seen to remember when I, when we were in Tunisia for Rights Con, there was a question about the government wanting to shut the Internet off during a massive Internet conference because there were national exams.
So that's also quite common, right? Yes.
So, you know, now we've have in a way forgotten about school exams because, you know, student they're most in most part of the world, students are not going to school.
Actually this time of the year for most part of the world is when most people sit, most students sit for exams.
So we'd have expected a shutdown in Algeria and Syria and Yemen and Ethiopia and many places.
So the justification government give us that, you know, students use the Internet to cheat.
So we wouldn't want, we wouldn't want them to cheat.
Of course, you know, cheating did not come with the Internet.
There are many other countries that are super connected to the Internet that don't have this problem.
So finding a solution rather than, you know, shutting down the whole Internet is, it should be the way for instance in Ethiopia during national exams, actually, you know, business folks, you know, people that are working online would actually plan and travel during that time so that they wouldn't be like, you know, they would have to be offline for a week, two weeks, which you can't afford.
So that's the reality there as well. Yes. That's an interesting point, right?
So we talked a little bit about the human cost. I think you said about 166 lives that we know have been lost in the current situation in Ethiopia.
But I also remember talking to some folks when I was in Tunis who were from Addis and knew that the Internet was going to go off for the exams and had actually realized it was better business for them to fly to Kenya and be in a hotel that had Internet access, run their business from Kenya for a week and then fly back again, which is, you know, hard to understand in, you know, here in Portugal, but a reality.
And in fact, they took it in their stride and just like, yes, that's part of doing business is I'll now need to go to this country in order to work.
You know, it's so actually right. But right when we traveled back from Tunis, I was passing by home and I was taking a few days off to be with my parents.
The Internet went off because there was a quote and also exams. And I have to cut my vacation short and come back because there was a bunch of work that I needed to do and I would have completely been offline.
So for instance, Internet Society's vice president for Africa is based in Addis, for instance.
So he really understood.
So he's the vice director of all of these things. And he has to either sometimes travel or go to the African Union.
So the African Union and the U.N.
have their own satellite connections. So they don't necessarily depend on that infrastructure.
So there are a few pictures that were going around that time where the whole conference room of the U.N.
was filled with people that have come to know that the Internet's refugees to work within those compounds, for instance.
So it's really difficult. It really disrupts your life. It's also one thing that we really talk about is the anxiety that people get when the Internet goes off, not because they want to sit down and binge watch Netflix.
There's nothing wrong with that.
We should all do that. It's therapeutic. But when you're hearing gunshots outside, when we don't know what is happening in your country, it's very difficult.
I know for instance, my parents were calling me and asking me, we heard this rumor that this minister had resigned.
Can you please check? Or like one of my brothers was like, oh, I'm expecting a really important email.
Can you check my email for me?
And I was in that context where one of my siblings had my personal email address and had a 2FA adjusted so that she can also check my email for me.
Because you know you've applied for something, you're expecting a response.
So it really messes up your life. So it's hard to imagine, but it's real.
Yeah. And especially, you know, one of the reasons I mentioned that Ethiopia is so populous is that you're talking about a country of 110 million people.
This is not a small number of people and a large economy which is running, which is now having difficulty, the bit that relies on Internet access.
Yeah. And you know, so the reality is that an Internet connection rate in Ethiopia is really low compared to the majority of Kenya or South Africa or Nigeria.
There's only one service provider.
There are efforts now to liberalize the telecom sector. 12 companies from around the world have shown interest.
So this is also going to discourage businesses, right?
Like, so if you're going to shut down the Internet, you know, mobile data is actually, you know, it's more profitable than maybe even calls, right?
Like voice calls and to stay in aid. Right. So if you just connect the Internet for two weeks without any notice, like which companies would want to come and invest, you know, and the government is calling for a lot of, you know, foreign direct investment for a lot of tech companies to invest in.
They talk about the digital economy that the 2030 digital plan is like as a whole big book, like, you know, report of how they want to transform the economy and everything else.
But how do you do that without the Internet or, you know, all of that can't happen.
The reason why we don't have any data centers, for instance, in Ethiopia is because they turn off the Internet when they want to.
So the business is highly affected.
You know, a lot of students that I know, people had interviews last week, like my friends had job interviews last week that were supposed to be done online.
So, you know, like people had to sit for exams.
People were studying. So it completely disrupts your life.
Economy is completely disrupted and you can't run an economy and, you know, want, you know, foreigners and investors to come into your country.
But you can't provide the Internet. It's ridiculous. And we're in the middle of a pandemic where so many people have been told, use the Internet for everything you possibly can.
Right. Look at me. I've been at home now for three or four months without the Internet.
I don't know what I would do. I would also probably move to another country in order to get access to be able to just do normal things I do.
No, to be honest, one of the reason why I'm like, you know, I'm even based here is that that's the case.
You know, when the pandemic came, I was like, should I go home, be with my parents?
But the idea was like, I wouldn't be able to like when something like this happens, you won't be able to work.
So the reason why I even stayed by myself here and not go home was because I know the Internet will be disrupted at some point.
It's not like even the connection is the best, you know, forget about that.
But yeah, so it's all of these things, right? Like, so, of course, you know, the reality is that in Ethiopia, majority of the people don't depend on the Internet for their everyday life.
But there are, you know, critical infrastructure, government agencies, there are significant part of the economy might depend on it, you know, so when, when you have now, like, one thing that we're fearing is that, you know, when the Internet does come back, which hopefully will be this week.
So it's all would only be fixed lines that would be turned on. So mobile data most likely won't come back.
What that means is that, you know, you'd have to go to hotels, you have to go to offices, you have to go to your friend's house, you know, all sorts of things.
So that means people will be forced to move in and out of places, you know, share common spaces.
So then you're again, exposing exposing people to COVID.
Right, right. Yes, I remember seeing exactly that kind of situation in Cuba, where the way to get Internet access was you bought Internet access with a little scratch card thing.
And then what you'd see is in a in a like a town square around the post office, a group of people with laptops just in the square, and they're actually working doing whatever they need to do on the Internet.
So you create those concentrations of people like that. And one of the things I we've also seen, so I remember one shutdown in the Democratic Republic of Congo, where it wasn't a total Internet shutdown.
What's interesting about the Ethiopian one here is essentially, it's just been switched off for everybody, but chosen few.
But we quite often see specific services like shut off Twitter and WhatsApp and YouTube, you know, sort of a group of social media things.
Is there any thinking that maybe Ethiopia comes back online without social media?
Yes. So already, the people, the folks that are connected to the Internet using government services, or essentially considered to be essential services don't have access to Twitter or Facebook already.
So the government is already prepared.
And so some of the conversation that I was having with those people was like, okay, you know, the VPNs go for the virtual proxy networks, these are the good ones, these are, and we as Access Now, you know, sometimes provide that support as well.
So yeah, so when the Internet definitely comes back, it's going to be Twitter, Facebook, Instagram, Telegram, WhatsApp, and other social media platforms will be blocked.
Of course, the, you know, people in Ethiopia, it's not the first time that Ethiopia shut down the Internet.
This is 2016. This is the 13th time that they've shut down.
Yeah, one, three, right. So, and social media has been blocked so many times, so people know how to navigate that.
But then of course, the problem then becomes, you know, Internet connection, and the speed is also really slow.
So now when you add a VPN connection to an extremely slow Internet, then it becomes almost impossible to send pictures, like it just makes your life very difficult.
So yeah, so that's what we're expecting. If I remember well, back in March, April time, there was a regional shutdown in Ethiopia, right?
That was sort of an area where it was considered to be well, the Internet is not going to work.
So and that's a similar sort of thing, as you were mentioning in Myanmar, in Kashmir, as well, right now, this sort of, yeah, it's not necessarily a whole country, it's not necessarily every Internet access, right?
So governments have different tools they use to, to affect Internet access.
Yeah, so what we've seen, you know, of course, it's always better not to shut down the whole country, it's, you know, the localized it is, you know, that the more proportional it can be, but that's never really the case.
So we've seen regional shutdown. So Ethiopia has done that before, you know, the majority of the country had, you know, mobile data, but specific parts of the country didn't.
Myanmar does that, Bangladesh does that, India does that, Liberia, and like, you know, even in Mali, we saw the throttling was happening just around the capital city in Bamako, and with the rest of the country was okay.
So we see this kind of measure. So the flip side of that is, you know, when it's only a specific part of the country that's affected, it becomes really difficult to document.
So for instance, when it's only a regional one that's affected, you guys also won't be able to see from your traffic, a significant, you know, effect, right?
Like, so when it's regional, when it's so specific, it becomes very difficult to monitor, and it's more likely that we'll miss it.
So that's also one of the worry that we have with these sort of shutdowns.
Right, right. Yeah, something like the Ethiopian situation, the graph we have on screen here is very easy to see.
It's like, well, the Internet, you know, has dropped enormously.
And in fact, I've talked in the past about other times the Internet drops very rapidly.
I mean, Ramadan in the Middle East, when it's iftar and it's time to break the fast, the Internet seems to drop.
It doesn't go completely off, but it's just because people move away from the Internet.
So some of those things are really, really obvious, but you're absolutely right.
If it's regional or a particular network, it's something that's probably lost in the, you know, the summary data that you see here.
All right, well, you know, this is fascinating.
Is it getting worse in terms of Internet shutdowns around the world?
Is this becoming more of a habit for governments? Is it getting better? I mean, I was kind of, the Togo thing really kind of surprised me.
There was this very clear statement by the court, don't do that.
You know, people need access to the Internet.
But, you know, you monitor this more than I do. Yeah. So it's not only just Togo.
There's also another really good case that, you know, that we had in Indonesia, where, you know, Indonesia had shut down the Internet in Papua.
You know, and the government, the court said, you know, what the government did is illegal, and they can't shut down the Internet the way they did.
And then right after that, we had the Togo case, which was clear.
And, you know, what makes the Togo case, I think, very, as an African, very strong for me, and, you know, a good one that I want to call back is because when an African court is telling us that, that makes, you know, that makes a lot of difference.
But now, so if you compare, you know, we have access now, and the Keep It On Coalition has a database where we document all shutdowns that we're able to verify and identify.
And so in 2018, we documented over 190 shutdowns in a few selected countries.
In 2019, we documented 213 shutdowns in 33 countries.
So in Africa, we've seen almost a 50% increase in the number of countries that are shutting down the Internet, and then also in the in the cases.
So once countries shut down the Internet, they continue to shut down, and then as new and more and more new countries are coming shut down the Internet.
So what we were hoping to see, you know, in 2020, was because of COVID, we were like, you know, maybe you might not, you might not see that many numbers of, you know, shutdowns, but that's not the case.
You know, so it's, it might not be the same number as 2019.
But just given the context that we're living through a pandemic right now, that is telling us not to, you know, get closer to each other, you know, to depend on the Internet, governments are not heeding to their own advice telling us to stay home, right.
So it's getting worse. It's quite unfortunate, and it's quite sad.
And then it's becoming a bit more sophisticated. It's becoming targeted to specific minority groups, it's becoming targeted at refugees, you know, like refugees are the most vulnerable communities we have in the world.
And then rolling out refugees are like, the vulnerable of the most vulnerable, right.
So a shutdown that start getting them at home and abroad is quite despicable, but that is actually what we're seeing now.
Yeah. All right. Well, on that cheerful note, I think we're getting close to being out of time.
I mean, I'm going to keep an eye on the traffic coming out of Ethiopia and hitting our network because hopefully this graph jumps up again.
A week is quite a long time, right?
I mean, some of these shutdowns tend to be a couple of days, right?
So yeah. Yeah. So that's the thing. So the things so what the government has said is that, you know, once things, you know, deescalate, then they will be able to turn on the Internet, but they've arrested a lot of journalists, activists, you know, political figures, both controversial and both, you know, real activists.
So it doesn't seem like it's going to calm down anytime soon. So we just have to wait and see.
Okay. Well, thank you so much for coming on my little show at the last minute and talking about this.
I hope that the Internet comes back on in Ethiopia and we can, you know, see people can communicate.
I mean, you made a good point about just communicating with your own family.
We're also used to be able to use WhatsApp just to chat with each other.
And it's even that is a big loss.
So thank you so much and hope I get to talk to you again. One day I might get to see you in person once this pandemic has died down and we get on.
Fingers crossed.
Yes. Fingers crossed. Exactly. All right. Yes. Thank you so much. Have a good one.
Thanks. Cheers. An example of a hybrid cloud deployment would be combining the GCP public cloud with the Microsoft Azure private cloud so that they essentially function as one combined infrastructure.
Similar to a hybrid car that combines electric and gas power, hybrid clouds combine the benefits of multiple types of technology for better efficiency, functionality, and price.