The spy who came in from the code: How a filmmaker accidentally gave up his sources to Syrian spooks
May 8, 2012
Last fall, “Kardokh,” a 25-year-old dissident and computer expert in the Syrian capital of Damascus, met with British journalist and filmmaker Sean McAllister. (Kardokh is his online pseudonym, used at his request.) McAllister, who’s made award-winning films in conflict zones like Yemen and Iraq, explained that he was shooting a documentary for Britain’s Channel 4 about underground activists in Syria, and asked if Kardokh would help him.
At the time, the situation in Syria was deteriorating rapidly, as protests against President Bashar al-Assad’s repressive regime turned violent following a vicious crackdown by security forces. The Syrian government had drastically curtailed visits by foreign journalists, but McAllister had managed to get in undercover. Kardokh was grateful for a chance to tell his story. “Any journalist who was making the effort to show the world what was happening, that was a very important thing for us,” he told me in February.
At the time, Kardokh was providing computer expertise and secure communications to the resistance. He agreed to be interviewed about his work on camera by McAllister, who filmed his face, telling Kardokh that he would blur it out before publishing the footage. McAllister also asked Kardokh to put him in touch with other activists.
But some of McAllister’s practices made him uneasy, Kardokh said. He worried that the filmmaker didn’t realize how aggressive and pervasive the regime’s surveillance was. Kardokh and his fellow activists took elaborate measures with their digital security, encrypting their communications and using special software to hide their identities online. “I started to feel that Sean was careless,” Kardokh told me. He said he had urged McAllister to take more precautions in his communications and to encrypt his footage. “He was using his mobile and SMS, without any protections.”
Then, in October, McAllister was arrested by Syrian security agents. He wasn’t harmed, but was held for five days and said that he could hear the cries of prisoners being tortured in nearby rooms. Eventually, he was released and returned to the UK. “I didn’t realize exactly what they were risking until I went into that experience,” McAllister said in an interview on Channel 4 after his release.
The Syrians had interrogated McAllister about his activities, and seized his laptop, mobile phone, camera, and footage. All of McAllister’s research was now at the disposal of Syrian intelligence. When Kardokh heard that McAllister had been arrested, he didn’t hesitate—he turned off his mobile phone, packed his bag, and fled Damascus, staying with relatives in a nearby town before escaping to Lebanon. He said that other activists who had been in touch with McAllister fled the country as well, and several of those who didn’t were arrested. “I was happy that I hadn’t put him in contact with more people,” Kardokh said.
Rami Jarah, a Syrian activist based in Cairo, said that he tried to help another activist, known as Omar al-Baroudi, get out of the country after McAllister’s arrest. “He was terrified,” Jarrah said. “His face was in those videos. He said that his number was on Sean’s phone.” The next day, Baroudi disappeared, and Jarah said that he has not been heard from since.
Officials at Channel 4 say they took action to help McAllister’s sources after his arrest. “We have been in contact with everyone who felt at risk because they spoke to Sean,” said Amy Lawson, the channel’s head of communications. “He is an experienced filmmaker and took steps to protect his material. Syria is an extremely difficult environment to work in, so we continue to look for ways to minimize that risk whilst ensuring we tell this important story.”
It’s easy to argue that McAllister should have taken stronger precautions, but what, exactly? How many reporters are familiar enough with the technical aspects of digital security that they could protect their computers and phones from the Syrian intelligence service? The fact that McAllister, an experienced and committed journalist, jeopardized his sources with inadequate digital precautions is indicative of a broader problem in journalism today: We haven’t kept pace with technological advancements that have revolutionized both information-gathering and surveillance.
After researching the subject of digital security, I realized that there have been occasions in my own work as a freelancer covering the conflicts in Libya and Afghanistan when I’ve exposed myself and my sources by carrying unencrypted data or e-mailing sensitive information over insecure channels. It’s unclear what, if anything, major news organizations are doing about it. When CJR’s Alysia Santo recently tried asking outlets like The New York Times, she got a firm “no comment.” Curious, I e-mailed an informal survey to journalist friends and colleagues, and several who’ve worked as senior correspondents in Afghanistan for major US news outlets said they’d had little-to-no formal training or assistance from their organizations in digital security.
“I think that the journalism community in the US, and to some degree elsewhere, is just beginning to grasp the fact that they need to protect their information and, by extension, their sources,” said Frank Smyth, who is the senior adviser for journalist security at the Committee to Protect Journalists and also runs a private company, Global Journalist Security. “It’s just too easy to get in and lift their information or monitor their communications without them ever knowing they were compromised.”
For correspondents who report from conflict zones or on underground activism in repressive regimes, the risks are extremely high. Recently, two excellent investigative series—by The Wall Street Journal and Bloomberg News—and the release of a large trove of surveillance industry documents by Wikileaks dubbed “The Spy files,” provided a glimpse of just how sophisticated off-the-shelf monitoring technologies have become. Western companies have sold mass Web and e-mail surveillance technology to Libya and Syria, for instance, and in Egypt, activists found specialized software that allowed the government to listen in to Skype conversations. In Bahrain, meanwhile, technology sold by Nokia Siemens allowed the government to monitor cell-phone conversations and text messages…