Attack Of The Cloned Websites...This Time In Uzbekistan

The mirror site of RFE/RL's Uzbek Service

A website has been set up to mirror the site of RFE/RL's Uzbek Service, in what could be a phishing scheme to harvest user information.
The site, ozod.orca.uz, is a crude knock-off of Ozodlik, with RFE/RL's logo and branding. Since RFE/RL's Uzbek Service reported about the site on February 14, the mirror has been blocked.
Creating mirror sites can help websites under attack from distributed denial of service (DDoS) attacks or to circumvent websites that have been blocked. But it has also been used as a tool by repressive regimes to misinform.
To enter the ozod.orca.uz site and access Ozodlik articles, users had to provide a name, e-mail address, and password.
The frontpage of the mirror site also listed proxies advertised by Ozodlik, which has been blocked in Uzbekistan since the brutal suppression of unrest in Andijan in 2005. It also listed two Ozodlik emails and a third, yangilik@bk.ru, which does not relate to RFE/RL.
In recent weeks, an unknown person approached RFE/RL's Uzbek Service by email and Skype asking if it was safe to set up a mirror site. RFE/RL declined to cooperate.
According to a Berlin-based computer specialist, who wishes to remain anonymous, the same person approached him and reportedly tried to recruit him to work for Uzbekistan's National Security Service (SNB).
In Uzbekistan, the operators responsible for the .uz domain are closely linked to the state. To register a .uz domain, users would need to provide passport information to the hosting company. Most independent websites are hosted outside Uzbekistan. According to the OpenNet Initiative (ONI), which monitors web censorship worldwide, Internet Service Providers risk having their licenses removed if they post "inappropriate" information.
A representative from the company that hosted the mirror site, Orca.uz, told RFE/RL's Uzbek Service that anyone can register on their domain. "We are not aiming to persecute or pursue anyone. However, if there is a website that goes against Uzbek law or a porn site, we will remove that," the representative said.
The site could have been a genuine attempt to set up a mirror of Ozodlik, rather than a phishing scheme, where fake sites are set up to gain user information by malicious means.
However, Galima Bukharbaeva, the editor of uznews.net, a leading independent website, says that mirroring sites is not a good way in Uzbekistan to avoid censorship.
"If we launch a mirror site, we will be somehow promoting it but after a while that site will also be blocked and even if we had a new IP that would then be blocked," Bukharbaeva said.
If the website was connected to Uzbekistan's security services, it could yield important password and log-in information from opposition-minded individuals. The authorities could also potentially track down users by IP addresses. Sources in Uzbekistan, who wish to remain anonymous because of fears about their safety, told RFE/RL's Uzbek Service that they had been approached by security personnel to set up mirror sites of leading independent and opposition websites.
According to the ONI, Uzbekistan has the "most pervasive regime of filtering and censorship" in the CIS. In addition to filtering, "the security forces in Uzbekistan manually check Internet access at 'edge locations' (such as Internet cafes) and monitor users’ activities."
The Uzbek authorities have also tried to lure users away from social-networking sites, which have become a forum for dissent outside state control. In August 2011, the Uzbek authorities launched Muloqot, which translates as "dialogue," a slick Facebook alternative, tied to the state telecom monopoly and requiring users to sign in with an Uzbek telephone number.
Other repressive governments have experimented with cloning websites popular with the democratic opposition.
In the late 1990s, websites were set up to mirror the sites of exiled Kazakh opposition figures. The most well-known case was the website of Akezhan Kazhegeldin, a former Kazakh prime minister, who left Kazakhstan in the late 1990s saying he feared persecution. While the original websites were often political and critical of the Kazakh government, the mirrors presented nonpolitical or entertained-related content.
During postelection protests in Belarus in December 2010, independent and news websites (including RFE/RL's Belarus Service) were mirrored, although it is unclear by who.
The sites would present sanitized versions of the content on opposition and independent websites and misinformation about the time and location of opposition rallies. The YouTube page of RFE/RL's Belarus Service was also cloned and also offered sanitized content.