Five technologies Iran is using to censor the Web

Five technologies Iran is using to censor the Web

Government uses both blunt and surgical tools to stifle dissidents, hacker says

By Brad Reed , Network World , 07/20/2009

One month after a disputed presidential election sparked widespread unrest in Iran, the country's government has initiated a cyber-crackdown that is challenging hackers across the globe to find new ways to help keep Iranian dissidents connected to the Web.

While the government's initial efforts to censor the Internet were blunt and often ineffective, it has started employing more sophisticated tools to thwart dissidents' attempts to communicate with each other and the outside world. Iranian dissidents are not alone in their struggle, however, as several sympathetic hacker groups have been working to keep them online.

One such group is NedaNet, whose mission is to "help the Iranian people by setting up networks of proxy severs, anonymizers, and any other appropriate technologies that can enable them to communicate and organize." NedaNet project coordinator Morgan Sennhauser, who has just written a paper detailing the Iranian government's latest efforts to thwart hackers, says that the government's actions have been surprisingly robust and have challenged hackers in ways that the Chinese government's efforts at censorship have not.

10 ways the Chinese Internet is different from yours

"China has several gigabytes per second of traffic to deal with and has a lot more international businesses," he says. "They can't be as heavy-handed with their filtration. The Iranians aren't as concerned about that… so they get to use all these fancy toys that, if the Chinese used them, could cripple their economy."

With that in mind, this article will look at five of the most commonly-used technologies the Iranian government has been using to stifle dissent, as outlined in Sennhauser's paper.

IP Blocking

IP Blocking is one of the most basic methods that governments such as Iran use for censorship, as it simply prevents all packets going to or from targeted IP addresses. Sennhauser says that this was how the government banned access to the BBC's Persian news services and how it took down websites critical of the election.

But while these sorts of operations are relatively simple to execute, they don't tackle the problem of individual communications between users, especially if the users have set up multi-hop circuits that use multiple servers to create a proxy ring.

Traffic Classification (QoS)

This is a much more sophisticated method of blocking traffic than IP blocking, as governments can halt any file sent through a certain type of protocol, such as FTP. Because the government knows that FTP transfers are most often sent through TCP port 21, they can simply limit the bandwidth available on that port and throttle transfers. Sennhauser says that this type of traffic shaping practice is the most common one used by governments today, as "it is not too resource intensive and is fairly easy to set up."

Shallow Packet Inspection

Shallow packet inspection is basically a blunter, broader version of the deep packet inspection (DPI) technique that is used to block packets based on their content. But unlike DPI, which intercepts packets and inspects their fingerprints, headers and payloads, shallow packet inspection makes broad generalities about traffic based solely on checking out the packet header. Although shallow packet inspection can't provide the Iranian government with the same detailed traffic assessments as DPI, Sennhauser says that it is much better at handling volume than DPI.

"It's a less refined tool, but it can also deal with a lot more traffic than true DPI can," he explains. "Shallow packet inspection is more judging a book by its cover. If a packet says that it's SSL (Secure Sockets Layer) in the header, then a shallow packet inspector takes it at face value."

Sennhauser notes, however, that this is a double-edged sword. If a user disguises their SSL packets as FTP packets in the header, the shallow packet inspector won't be able to tell the difference.

Packet Fingerprinting

This is a slightly more refined method of throttling packets than shallow packet inspection, as it looks not only at the packet header but at its length, frequency of transmission and other characteristics to make a rough determination of its content. Sennhauser says the government can use this technique to better classify packets and not throttle traffic sent out by key businesses.

"A lot of things don't explicitly say what they are. For example, a lot of VPN traffic is indistinguishable from SSH traffic, which means that it would be throttled if SSH was," he says. "But what if businesses relied on VPN connections? You'd move the system to fingerprinting, where the two are easily distinguishable."

Deep Packet Inspection / Packet Content Filtering

DPI is the most refined method that the government has for blocking Internet traffic. As mentioned above, deep packet inspectors examine not only a packet's header but also its payload. This gives governments the ability to filter packets at a more surgical level than any of the other techniques discussed so far.

"Viewing a packet's contents doesn't tell you much on its own, especially if it's encrypted," he says. "But combining it with the knowledge gained from fingerprinting and shallow packet inspection, it is usually more than enough to figure out what sort of traffic you're looking at."

There are downsides to using DPI, of course: it's much more complicated to run and is far more labor-intensive than other traffic-shaping technologies. But on the other hand, Sennhauser says there's no magic bullet for getting around DPI as users can usually only temporarily elude it by "finding flaws in their system." And even this won't help for long, as the government can simply correct their system's flaws once they're discovered.

"Once they fix the flaw, you've lost unless you can figure out some real way to circumvent it," Sennhauser notes.

10 cutting-edge gadgets spies can use to capture voice and data

Endgame still unclear

Sennhauser says that the government has employed these technologies smartly despite being caught flat-footed by the initial furor after the election. Indeed, he thinks the only reason that Iran hasn't yet completely shut down dissidents' communications is that they've had to fight with an army of hackers who tirelessly search for flaws in their system.

"It really is an arms race," he says. "They create a problem, we circumvent it, they create another, we get around that one. This continues on until the need to do so is removed. The circumstances which will end the competition aren't clear yet."

All contents copyright 1995-2009 Network World, Inc. http://www.networkworld.com

http://www.networkworld.com/news/2009/072009-iran-censorship-tools.html

House approves Iran bill 405-1

House approves Iran bill 405-1

By Ian Swanson

Posted: 06/19/09 11:51 AM [ET]

The House overwhelmingly approved a resolution Friday in support of Iranian dissidents as that country’s top cleric warned protesters to end demonstrations.

The resolution was approved in a 405-1 vote, with two members voting present. Rep. Ron Paul (R-Texas) was the only lawmaker opposed to the resolution. Reps. Keith Ellison (D-Minn.) and David Loebsack (D-Iowa) voted present.

“This resolution is not about American interests,” said Rep. Howard Berman (D-Calif.), chairman of the House Foreign Relations Committee. “It is about American values that I believe are universal.”
Berman sponsored the resolution with Rep. Mike Pence (R-Ind.).

Iran has been consumed by demonstrations protesting the election of Iran President Mahmoud Ahmadinejad since last weekend. Opposition candidates have insisted the election was rigged for Ahmadinejad.

But Ayatollah Ali Khamenei, Iran’s supreme leader, on Friday offered his strongest defense yet of the election, and warned of repercussions if demonstrations continued. He said opposition leaders will be “responsible for bloodshed and chaos” if they do not stop further rallies, according to a report in The New York Times.

The comments suggested Iran’s authorities are prepared to end the demonstrations with force if they persist.

“We are extremely disturbed at statements made by Ayatollah Khamenei which seem to give the green light to security forces to violently handle protesters exercising their right to demonstrate and express their views," said Hassiba Hadj Sahraoui, deputy director of Amnesty International’s Middle East and North Africa program.

In Washington, the debate has centered on whether President Obama should be more forceful in criticizing Iranian authorities, and in showing support for the demonstrators.

The issue has put Obama in a tough spot, with conservatives blasting him for not showing more support for demonstrators, and Iran criticizing the U.S. and Obama for meddling in its affairs.

Obama has sought to find a middle ground to prevent Iran from blaming the demonstrations on the U.S.

Some lawmakers during the debate on the resolution said Congress must be careful not to hurt the demonstrators.

“It’s important to not allow the Congress to be used in what is essentially an internal fight in Iran,” said Ellison, one of two Muslim members of Congress. He said Congress should “not allow ourselves to be used” against the people it is trying to protect.

Rep. Darrell Issa (R-Calif.) acknowledged the fight is an internal debate in Iran, but said that country is “run by theocrats” and urged support for the resolution.

http://thehill.com/index2.php?option=com_content&task=view&id=83488&pop=1&page=0&Itemid=70