TL;DR
A Syria Telecom engineer using the pseudonym "Mahmoud" describes being detained by ISIS after a bus search revealed travel to China and photos of telecom equipment. Separately, network analysts documented major Syrian internet outages in 2011–2012; the causes of some outages remain disputed, including an unverified anecdote that U.S. intelligence operations may have contributed.
What happened
Mahmoud, identified by the author as a senior Syria Telecom engineer who now lives safely outside Syria, recounted a 2013 incident in which a bus carrying him from Aleppo to Idlib was stopped by Islamic State fighters. After fighters inspected IDs they discovered a Chinese visa in Mahmoud's passport and a selfie he had taken next to a Huawei computing cluster during a work trip; they then searched his laptop, removed him from the bus, blindfolded and handcuffed him. The account illustrates how telecom personnel and equipment-related ties could draw lethal scrutiny during the conflict. Separately, Doug Madory describes Renesys’s measurements of Syrian internet disruptions: an early June 2011 government-directed shutdown that withdrew routes for roughly two-thirds of networks, and a later nationwide outage in 2012 whose technical data showed withdrawn routes but did not conclusively identify whether the cause was intentional or accidental. Media and state actors offered competing explanations, and later reporting included an unconfirmed anecdote about an NSA operation possibly affecting Syrian routing.
Why it matters
- Telecom engineers and visible ties to foreign equipment suppliers became potential targets in conflict zones.
- Internet shutdowns can be weaponized or may hide activity during wars, with technical data sometimes unable to attribute cause.
- External intelligence operations can have unintended effects on civilian infrastructure, complicating attribution and accountability.
- Coverage and analysis of outages require careful technical measurement to avoid premature claims in fast-moving news cycles.
Key facts
- The narrative centers on a Syria Telecom engineer using the pseudonym "Mahmoud" who worked in Aleppo and spoke to the author about his experiences.
- In summer 2013, ISIS fighters boarded Mahmoud's bus, inspected his passport and laptop, and detained him after finding a Chinese visa and photos of Huawei equipment.
- Doug Madory, the author, is a veteran network analyst and Director of Internet Analysis at Kentik, formerly with Renesys and Dyn Research.
- An early June 2011 shutdown cut roughly two-thirds of Syrian networks from the global Internet; Renesys observed routes to 40 of 59 networks withdrawn starting at 03:35 UTC.
- A later nationwide outage (noted in the piece as occurring during the civil war) showed withdrawn routes in BGP data, but Renesys said the data alone could not prove intent.
- Media coverage of the 2012 outage sometimes asserted intentional state action because multiple egress points appeared unavailable, while the Syrian government blamed a cut cable.
- A second-hand anecdote reported in Wired and relayed in James Bamford’s piece described a possible NSA TAO operation that may have disrupted Syrian routing; that account is presented as unverified.
- Mahmoud is described as having provided internal details to outside analysts at personal risk; he has lived outside Syria for several years.
What to watch next
- Future technical analyses of historic Syrian outages that may clarify attribution and causal chains.
- Risks to telecom personnel and the security of engineers who travel for equipment training or maintenance.
- Whether further corroboration emerges about the anecdote linking an NSA TAO operation to a Syrian outage — not confirmed in the source.
Quick glossary
- BGP (Border Gateway Protocol): The protocol used by Internet networks to exchange route information and determine paths for traffic between autonomous systems.
- TAO (Tailored Access Operations): A U.S. National Security Agency unit commonly described in reporting as the agency’s offensive cyber operations or hacking division.
- Router: A network device that forwards data packets between computer networks and helps direct internet traffic.
- Internet outage: A loss or significant disruption of connectivity that prevents networks or users from reaching the global Internet.
- Egress point: A physical or logical connection where a country or network exits to the broader global Internet via undersea cables, satellite links, or cross-border links.
Reader FAQ
Who is "Mahmoud"?
"Mahmoud" is a pseudonym for a senior Syria Telecom engineer who shared first-hand accounts with the author and has lived outside Syria for several years.
Did the NSA cause the Syrian internet outage?
The source recounts a second-hand anecdote published in Wired suggesting a TAO operation might have affected Syrian routing, but that claim is not conclusively confirmed in the source.
Were Syrian internet shutdowns government-directed?
Renesys documented a government-directed shutdown in early June 2011 that withdrew routes for about two-thirds of networks; for a later nationwide outage, the technical data did not decisively identify intent.
What happened when ISIS searched the bus?
ISIS fighters inspected documents and devices, identified Mahmoud’s Chinese visa and photos of telecom equipment, searched his laptop, then removed, blindfolded and handcuffed him for further investigation.
Stories Features Syria Writes Kurdî About العربية Featured articlesFeaturesTestimonies Keeping Syria connected during war Surviving ISIS and Intelligence A Syria Telecom engineer's account told his story during the war; what…
Sources
- Keeping Syria connected during war: Surviving ISIS and Intelligence
- Keeping Syria connected during war
- Disentangling from Syria's civil war: the case for U.S. …
- Containing a Resilient ISIS in Central and North-eastern …
Related posts
- Global Clean Energy Hits Milestones in 2025 as Renewables Outpace Coal
- Author says Google refused DMCA de-indexing and challenged his copyright claim
- A Year of Clean Energy Milestones: Wind, Solar and EVs Reshape 2025