Match Made in Heaven: Authoritarian States and Digital Surveillance; A Case Study From Azerbaijan

This post, authored by former Information Controls Fellowship Program (ICFP) Fellow Arzu Geybullayeva, is a summary of the research conducted from January 2018 through June 2018 on the state of…
Mon, 2018-10-08 16:57

The report is a sobering overview of how Azerbaijan has gone from simply relying on a middle path between access and censorship to a system where information controls have become the norm. The full research paper can be accessed here.

Internet Freedom

In an article [1] “The Authoritarian Surge in Cyberspace”, author Deon Jackson writes that in the early days of the Internet it was hard to imagine how authoritarian regimes could cope with such a “powerful source of information.” Fast forward to today we are seeing a growing decline in internet freedoms across the world, especially in countries that are known for authoritarian leniency. Similarly, Ronald Deibert, in “Authoritarianism Goes Global: Cyberspace Under Siege”, describes [2] at length how authoritarian regimes have become savvy at restricting access to its users relying on technology, legal and extralegal techniques. These techniques, writes Deibert, can be divided into three generations:

  1. “Defensive” techniques, such as widespread filtering and direct censorship;
  2. Legal measures techniques that often involve the use of legislation on defamation, slander to deter netizens from posting critical of the government content;
  3. Offensive techniques, such as cyber attacks on civil society;

In the absence of effective accountability and a system of checks and balances, which is often the case in authoritarian regimes, the above mentioned techniques have become popular means in the hands of the regimes to suppress independent voices and extend their influence and fear in online spaces.

In Azerbaijan, up until the last three, four years, we have mostly observed the government relying heavily on the second and third generation techniques.

This has changed especially observing the digital crackdown and revelation of sophisticated surveillance technology which can now confirm that the government in Azerbaijan is relying on all three techniques.

Katy E. Pearce, an assistant professor in the Department of Communication at the University of Washington who has studied Azerbaijan for two decades, argues [3] that in Azerbaijan, the use of technology is discouraged in three ways: media framing, monitoring and arrests.

All of which argues Pearce have created “psychological barriers that impact the use of technology in Azerbaijan”, which makes Azerbaijan differ from countries like China and North Korea, because it is to its benefit to keep the Internet open, especially when it comes to monitoring social media platforms, thus keeping tabs on activists and their plans.

Political Freedoms

Azerbaijan is ruled by incumbent Ilham Aliyev who came to power in 2003 in what international observers described as sham elections [4] taking over the leadership from his father, Heydar Aliyev who has ruled the country since 1993. Under the rule of Ilham Aliyev, the space for independent civil society, media and the opposition shrank while Aliyev consolidated further power by systemically violating citizens’ political, economic and social rights. [5]

Today, Azerbaijan ranks poorly on all global freedom and democracy rankings while the leadership continues to boast of the country’s growth despite the evidence suggesting otherwise. [6] The authorities enjoy comparing themselves to less developed nations noting the progress despite the economic downturn, poor economic diversification, and mismanagement of the resources. [7] According to the most recent reports on political prisoners published by a local, independent working group, there are currently between 130 to 160 political prisoners in Azerbaijan. [8]

Internet remains predominantly the only space for dissent and an alternative for mobilising, activism, and an increasingly viable source of information. [9] But as the internet penetration rate grew, so did the number of netizen arrests and intimidation tactics. Azerbaijan however, isn’t China or North Korea. Not yet anyway. So far, access to the Internet remains open, however, a series of alternative measures to curb the rights of individual freedoms is firmly in place.


One of the most recent spear phishing attempts took place on July 18, 2018. The attackers created a fake email address pretending to be Azadliq Radio, Azerbaijan Service for the Radio Free Europe Radio Liberty. The sender, [email protected] claimed to have an intimate video of a school teacher and his 10th grader. The email was addressed to representatives of media platforms and provided a link to the said video. The forensics team at Virtual Road identified the virus as Trojan that contained a “dropper” known as “Kazy”. The Kazy dropper is known as the first stage of an infection. Once the software is installed, the code is responsible to load-and-drop a second stage that might contain anything: ransomware, spyware, and etc. concluded the report.

While for years users in Azerbaijan faced limitations in accessing opposition and independent news sites; and anti-government sentiments expressed on social media platforms became a cause for temporary detentions, questioning or further intimidation, authorities also resort to a range of controls including but not limited to website blocking, spear phishing, DDoS attacks against independent media sites, hacking of social media accounts of civil society activists, content takedown requests from YouTube, mass deployment of civil servants and youth volunteers as trolls, and the use of Deep Packet Inspection tools.

Information Controls

In 2014, a groundbreaking Citizen Lab report [10] revealed that Azerbaijan is one of 21 countries using Remote Control System (RCS). [11] The report concludes that this technology was likely used during the presidential election in 2013 (in which President Ilham Aliyev, secured a third term with an overwhelming majority of votes). Two years later in 2016, VirtualRoad – a secure hosting project of Qurium – reported artificial internet network congestion, preventing access to a number of news websites in Azerbaijan. [12] In its following report published in 2017, VirtualRoad showed evidence of DDoS and other attacks traced to government associated IP address against independent media outlets. [13] The April 2017 report released by VirtualRoad concluded the following: [14]

  • Inside of Delta [15] Infrastructure there is a dedicated appliance that is monitoring all incoming and outgoing traffic.
  • The device keeps track of each of the TCP [16] sessions independently of the port number.
  • The device tracks both HTTP and HTTPS sessions associated with, [17] [18] and [19] web services.

In 2017, the authorities admitted to officially blocking access to online news platforms and social media applications – such as Skype, Viber and WhatsApp – during the 4th Islamic Solidarity Games held in 2017. [20]

Another report released in April 2018 showed evidence of the government of Azerbaijan using Deep Packet Inspection (DPI) in place since March 2017. The report also found out that this specialised security equipment was purchased at a price tag of 3 million USD from an Israeli security company Allot Communications. [21]

In partnership with NetBlocks it was also possible to illustrate that there were two major Internet disruptions in Azerbaijan in April. The first one was on April 17, while the second one on April 20. Each disruption lasted for less than two hours but the scale was unprecedented said NetBlocks because each time it affected the country’s internet.

A number of factors could have prompted the blackout. Testing the new equipment such as DPI that was purchased from Allot Communications; technical issues with accessing global network for internet traffic [22]; a velvet revolution in Armenia which authorities in Baku feared would spark similar unrest [23] back home [24] as President Ilham Aliyev’s victory was approved by the constitutional court on April 17 and so on.

Whether any of these or other factors might have had a role in the Internet blackout, is early to tell, and remain speculative given absence of official information.


Just like in many other authoritarian regimes around the world, in Azerbaijan an authoritarian style of leadership has become further entrenched in the last few years. The authorities have resorted to an arsenal of controls that is more subtle and effective than mere shutdowns. This makes Azerbaijan differ from countries like China or North Korea as pointed out by Katy E. Pearce earlier in the paper, because there is a greater benefit at leaving the Internet open. This allows the authorities to claim that the Internet is free and open in Azerbaijan while keeping tabs on the online discussions and thus an easy way to track the regime critics and activists.

As a result, Azerbaijani authorities have been “actively shaping the cyberspace, to their own advantage”. [25] Looking back at the three generations of techniques used by authoritarian regimes, and defined by Ronald Deibert, it is possible to conclude, based on the results of this research that the government of Azerbaijan is using an arsenal of “technical measures, laws, policies, and regulations […] targeted malware attacks”. [26]

Looking forward, there are no signs, of the ruling power softening its grip over information controls, if not, only resorting to more measures and techniques to suppress the free flow of information and access to it. The blocking of new websites in the months of July and August only further attest to this reality, while independent pundits expect, authorities take on the social media platforms as a next step.

Internet might be free and open in Azerbaijan, but so is the ruling power to control, intimidate and eventually, shut down the Internet if such need ever arise.










[9] The Struggle for Internet Freedom in Azerbaijan, Global Information Society Watch, 2011,


[11] RCS allows for data collection on an infected device both online and offline. The data is obtained through records by keystroke loggers and the system also allows to turn on the camera and microphone on the device without the user even knowing it




[15] Delta Telecom is Azerbaijan Internet backbone and one of the two government providers licensed by the Azerbaijan government to connect international traffic

[16] TCP (Transmission Control Protocol) is a set of networking protocols that governs the delivery of data over the Internet or other network that uses the Internet Protocol (IP) and sets up a connection between the sending and receiving computers, which allows two or more computers to communicate. TCP/IP is widely adopted as a networking standard. By keeping track of TCP sessions it is possible to block individual patterns vs. keeping track of patterns in time to make future actions. A good example would be to compare stopping cars that are yellow (taxi) vs. stopping all yellow cars following a bus. In the second scenario more advanced equipment is needed to keep traffic of previous vehicles.








[24] The National Assembly was quick to start discussions on introducing a new bill that would impose new penalties for breaking the rules on rallies and street marches.




The Open Technology Fund (OTF)’s Information Controls Fellowship Program (ICFP) supports examination into how governments in countries, regions, or areas of OTF’s core focus are restricting the free flow of information, impeding access to the open internet, and implementing censorship mechanisms, thereby threatening the ability of global citizens to exercise basic human rights and democracy. The program supports fellows to work within host organizations that are established centers of expertise by offering competitively paid fellowships for three, six, nine, or twelve months in duration.

To learn more about the ICFP, click here.