Iranian Internet Disruptions May Be Sign of Iran's Own "Clean Internet" to Come
BY Raphael Majma | Wednesday, February 15 2012
What appear to be Iranian government efforts to interdict or inspect Internet traffic have come with increasing frequency in recent months.
Most recently, Iranian activists and journalists were the target of an anonymous Feb. 13 email “warning” that threatened them with punishment for working for the goals of foreigners.
“The email included a list of people’s names that the government received and they were accused of helping foreigners to achieve their goals,” said Fred Petrossian, a reporter for Global Voices. Within the email, the recipient is notified that they are not only on a list, but if their illegal activities continue they will be punished.
This is just the latest in what looks to be a series of measures by the Iranian government to control or curtail Internet use inside that country. The government denies responsibility or knowledge of interdiction of Internet traffic in Iran, but, on the other hand, members of Iranian Parliament have spoken out against the service disruption in terms that imply it's the work of the state.
“Such an irritating ban will be costly for the government,” Ahmad Tavakoli, an Iranian MP and head of Parliament’s Centre for Research, is quoted as saying.
Starting as early as Feb. 7, Iran Media Research reports, the Iranian government began blocking encrypted Internet traffic attempting to reach banned sites or get around the state-run firewall, an interdiction that by Monday had been greatly reduced. The New York Times' Jen Preston has also been following this story.
Iranian Internet users quickly found that access to popular social media sites and frequent tools of protestors, including Facebook and Twitter, were being blocked. Mehr, the semi-official Iranian news agency, reported that over 30 million users had been unable to access their Hotmail or Gmail email services. Users who attempted to access the blocked sites were met with error connections or were routed to Peyvandha, a list of links to content on the Internet that is acceptable by Iranian government standards.
Reports on what sites were blocked were mixed, with some users within the country reporting an inability to access services like Google Translate and others stating that there were no issues. Tor, a project to help anonymize Internet traffic, reported that the Iranian government took a three pronged approach to this recent blackout, including “deep packet inspection (dpi) of SSL traffic, selective blocking of IP Address and TCP port combinations, and some keyword filtering.”
“Before, censorship was whack a mole and we’d move the IP address around,” said Andrew Lewman, executive director at Tor, referring to IP addresses that could be used to access the Internet via the Tor network. “You’d count on government bureaucracy being slow. Iran seemed to say forget that game.”
Lewman explained that the Iranian government's method had become more advanced and were capable of being more subtle than they had been in the past. The Iranian government possesses a deep packet inspection system that allows them to block communications and gather information from Internet traffic within the country. The regime has normally not blocked encrypted traffic because many sites use Secure Sockets Layer, or SSL, protocols, which allows traffic to privately travel the Internet by encrypting certain bits of data within each data packet. The government’s new method of attack involved a shutdown of much of the SSL traffic and a differentiation of the various types of encrypted traffic. They were able to differentiate the traffic types with alarming accuracy and did so without having to break in to the encrypted traffic, thereby disrupting Tor and other Internet users.
Tor released a new obfuscating packet bundle, a workaround for the new method of disrupting Tor users, but its impact was lessened because it came out shortly before the disruptions seemed to stop.
Last April, Ali Aghamobammadi, the Iranian head of economic affairs, stated that Iran would launch an Internet that would follow Islamic principals and “improve communication and trade links with the world.” This is the backdrop for the ongoing conjecture for why the Iranian government may have decided to implement the Internet disruptions now.
“The only correct answer is the one the government knows,“ said Lewman. In our discussion, Lewman speculated that the regime was possibly enumerating the number of users who relied on service providers like Google for email or other needs. This would allow the government to understand the contours of a prospective national Internet.
Other observers speculate that the disruptions could be associated with the proximity of the 33rd anniversary of the Islamic Revolution, an attempt to disrupt the first Green Movement protest in a year, or an attempt to get ahead of protests associated with the upcoming March 2nd parliamentary elections.
“One angle is the Iranian government wants to disrupt the activists' processes,” said Mahmood Enayat, Director of Iran Media Program at the University of Pennsylvania. “The other angle is that at the same time, some elements within the regime need the Internet to operate for business but, more importantly, for political reasons.”
Enayat explained that a growing number of Iranian officials are not only aware of the political cost and discontent sowed by the disruptions, but also rely on the internet to get their message out and promote themselves to voters.
The ongoing disruptions surrounding the Internet in Iran have ramped up the technical arms race between Iranian Internet users and the government, leaving the users and their supporters with little knowledge of when the government will strike next, or why, or how.