Update on Blue Coat Devices in Syria

December 15, 2011

Earlier this year a “hacktivist” organization posted log data that appeared to be generated by Blue Coat ProxySG Web security appliances.  Blue Coat’s review of that data, including matching the serial numbers in the logs to company records, confirmed that such appliances could be in Syria and prompted Blue Coat to commence an internal review of the shipment of those appliances and others that may have been unlawfully diverted to Syria.  Among other things, Blue Coat sought shipment records from a channel distribution partner that had purchased certain of the devices.  Blue Coat’s review of the data received from the channel partner indicated that certain appliances were transferred illegally to Syria after being lawfully sold to that channel distribution partner for a seemingly appropriate designated end user.   Blue Coat provided that information to the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) for review.

Today the BIS announced that it will add one individual and one company in United Arab Emirates to the BIS Entity List. The two parties are being added based on evidence that they purchased Blue Coat devices and then transshipped the devices to Syria. The BIS noted that the devices which were transshipped  “have been the subject of recent press reporting related to their potential use by the Syrian government to block pro-democracy websites and identify pro-democracy activists as part of Syria's brutal crackdown against the Syrian people.”

Blue Coat is pleased that certain of the parties involved in the unlawful diversion of its appliances to an embargoed country and repressive regime have now been named- and believes this action will protect others from the possibility of such unlawful diversion by these parties.  Blue Coat intends to continue its cooperation with appropriate government agencies to develop evidence on the unlawful diversion of any Blue Coat products.


Blue Coat sells products to companies and organizations around the world to protect and accelerate networks. One of our products, the ProxySG appliance is a Secure Web Gateway solution. It protects users from malicious Web threats and prevents access to content and applications that are considered inappropriate for network users on the basis of excessive bandwidth usage, applicable laws, industry regulations, and other standards or considerations, based on policies determined by the network operator.   Our customers, which include 85 percent of Fortune Global 500 companies as well as schools, hospitals, non-profit organizations, create their own policies and decide how to use the product.

Blue Coat ProxySG appliances are not intended for surveillance purposes, and have limited utility for such purposes.   As with any proxy server, ProxySG appliances can maintain a log of source and destination IP addresses and associated activity; however, they do not inspect nor record the substantive contents of communications and they do not link IP addresses to specific users.

Blue Coat has become aware that certain Blue Coat ProxySG Web security appliances apparently were transferred illegally to Syria after being lawfully sold to a channel distribution partner for a seemingly appropriate designated end user.  Blue Coat does not sell to countries embargoed by the US, and does not allow its partners to sell to embargoed countries. Please see our written expectations for channel partners with regard to dealing with Blue Coat products (click here to view).

Our awareness of the presence of these ProxySG appliances in Syria came from reviewing online posts made by so-called “hacktivists” that contained logs of internet usage which appear to be generated by ProxySG appliances.   We believe that these logs were obtained by hacking into one or more unsecured third-party servers where the log files were exported and stored.   We have verified that the logs likely were generated by ProxySG appliances and that these appliances have IP addresses generally assigned to Syria.  We do not know who is using the appliances or exactly how they are being used. We currently are conducting an internal review and also are working directly with appropriate government agencies to provide information on this unlawful diversion.

These ProxySG appliances are not able to use Blue Coat’s cloud-based WebPulse service for real-time URL and malicious threat intelligence or run the Blue Coat WebFilter database.  We are not providing support, updates or other services to these appliances. In essence, these ProxySG appliances are operating independently. There is no so-called “kill switch” for Blue Coat ProxySG appliances and Blue Coat cannot connect and remotely shut down or access information of ProxySG appliances that have been deployed.

Blue Coat is mindful of the violence in Syria and is saddened by the human suffering and loss of human life that may be the result of actions by a repressive regime. We don’t want our products to be used by the government of Syria or any other country embargoed by the United States. If our review of the facts about this diversion presents solutions that enable us to better protect against future illegal and unwanted diversion of our products, we intend to take steps to implement them.