The Iranian government has blocked the use of most “virtual private networks”, a tool that many Iranians use to get around an extensive government Internet filter, Iranian media quoted an official as saying on Sunday.

A widespread government Internet filter prevents Iranians from accessing many sites on the official grounds they are offensive or criminal.

Many Iranians evade the filter through use of VPN software, which provides encrypted links directly to private networks based abroad, and can allow a computer to behave as if it is based in another country.

But authorities have now blocked “illegal” VPN access, an Iranian legislator told the Mehr news agency on Sunday. Iranian web users confirmed that VPNs were blocked.

For the full article, see here.

The post Iranian government blocks use of tool to get around Internet filter appeared first on The Citizen Lab.

This report, titled “After the Green Movement: Internet Controls in Iran, 2009-2012“, details Iran’s increasing Internet controls since 2009, when protests against the victory of Iranian President Mahmoud Ahmedinejad rocked the country.

The election protest campaign–dubbed the “Green Movement”–was marked for the high use of social media and other information and communication technologies (ICT) to organize protests and disseminate information. Since the protests, however, the regime has tightened its controls on the use of ICTs while also seeking to use that technology to promote its own national narrative in cyberspace.

While the filtering of web content has continued unabated, Iran has increasingly moved toward political centralization of its control regime, involving members of the country’s religious, administrative, and defence organizations as stakeholders in what the government sees as an ideological threat against the country’s values and national security.

Key findings from the report include:

• Since the “Green Movement” protests in 2009, the Iranian regime has adopted increasingly complex surveillance and monitoring techniques, complementing Internet filtering with legal frameworks and information manipulation.
• These techniques of control overlap: Internet filtering is reinforced by a more constricted legal environment and efforts to “nationalize” Iranian cyberspace.
• ONI testing over the past several years has revealed consistent filtering of websites pertaining to social media, international news channels, non-Shi’ite religions, social and religious taboos, and anything remotely opposed to official government policies.
• The creation of the Supreme Council on Cyberspace indicates the Iranian government’s interest in centralizing their approach towards the Internet as well as their view of cyberspace as a larger security concern.
• Internet censorship in Iran—culminating in the National Information Network—is framed as a way to protect the nation’s unique culture and identity and defend against the onslaught of Westernization.
• The Iranian regime considers cyberspace a geopolitical as much as a domestic policy realm. Surveillance and censorship are simultaneously tools of suppression and a means of national defence.

Read the full report [PDF] (Updated 11 March 2013)

The post After the Green Movement: Internet Controls in Iran, 2009-2012 appeared first on The Citizen Lab.

Other guests on the show included Eva Galperin of the Electronic Frontier Foundation, Sunjeev Bery of Amnesty International and Toby Craig Jones, Assistant Professor of History at Rutgers University.

View the interview.

The post Citizen Lab Senior Researcher Sarah McKune in Huffington Post interview appeared first on The Citizen Lab.

Against an increasingly security-aware online community, the traditional tools of blocking, filtering, and wiretapping have become less effective. Nervous regimes turn to the largely unregulated $5 billion a year industry in Internet surveillance tools. Once the realm of the black market and intelligence agencies, the latest computer spyware is now sold at trade shows for dictator pocket change. The talk detailed the cat and mouse game between authoritarian regimes and dissidents, as well as ongoing efforts to map out the relationship between surveillance software companies and governments.

Marquis-Boire also co-facilitated a workshop that reviewed the different tactics government and non-government actors have employed to stop authoritarian regimes from making use of surveillance technology built in the United States and Europe to spy on their citizens.

During the workshop, Marquis-Boire discussed corporate responsibility, export controls, as well as the role of security research and user education campaigns.

For more information on the camp, see here.

The post Technical Advisor Morgan Marquis-Boire at State Surveillance and Human Rights Camp appeared first on The Citizen Lab.

Many Iranian Internet users are worried that after the NIN is created, the authorities will cut off access to the global Internet, including popular services such as Gmail and Google. Officials, however, have assured the public that they do not plan to shut down Internet access. They claim that the NIN and the Internet will instead be two separate networks [Farsi], where the former provides access to local content and services and the latter allows global connectivity.

The NIN project consists of [Farsi] three major phases. The first phase is the construction of two networks to separate local and international online traffic. By March 2013, which is the planned end of this phase, the NIN will be ready as an independent high-speed network [Farsi] that connects all government organizations and covers all provinces [Farsi] of Iran.

In the second phase [Farsi], to be completed by March 2014, all Iranian websites will be hosted on local servers and registered on .ir domains. Until recently, many government websites were hosted on servers outside of Iran. For example, the website of the Iranian parliament was hosted on servers in the United States. However, the government has since moved many of its websites [Farsi] to Iranian servers and is planning to move the remaining sites within this phase of the project.

In the third and final stage, to be completed in March 2016, the government will provide domestically developed applications and services, including the Ghasedak [Farsi] Operating System (OS), Chaapaar [Farsi] email service, and Fajr [Farsi] search engine. Ghasedak OS and Chaapaar email are already available, with the latter claiming to have more than 200,000 users. The government has allocated one billion US dollars for implementation of the NIN.

The main goals for establishing the NIN are as follows:

• A “pure” network that does not need to be censored
  According to officials, the main reason [Farsi] for establishing the NIN is to create a “safe” and “pure” network for Iranian Internet users that is “free from immoral, corrupt, and violent content on the Internet”. The NIN will also be a medium [Farsi] through which the government will propagate the revolutionary Islamic discourse to young people. Given the government’s full control over the NIN’s content, censorship and filtering will no longer be necessary.

• A defence mechanism against cyber-attacks
  According to the government, the NIN will not be vulnerable [Farsi] to cyber-attacks since it will be separate and independent from the global Internet. The degree of separation between NIN and the Internet determines the vulnerability of the NIN to cyber-attacks that are launched through the Internet. However, it is still not clear to what extent the NIN relies on the existing Internet network infrastructure and whether these two networks are completely separated or cross paths at some points. In addition, not all attacks are launched through the Internet. The Stuxnet malware attack against computer systems that run Iran’s main nuclear enrichment facilities, for example, reached its target using removable storage devices.

• A faster and more reliable connection
  According to officials, the NIN will have a larger bandwidth compared to the existing Internet network and, access to the NIN will be much faster [Farsi]. In addition, the officials claim that the NIN is more reliable [Farsi] compared to the Internet, which can be disrupted due to various reasons, including physical damage to the cables that connect Iran to the global network. Finally, the officials argue that the transfer of local traffic from the Internet network to the NIN will free up bandwidth and increases Internet speed [Farsi].

Iranian officials have been assuring the public that the establishment of the NIN will not cut them off from the Internet. The NIN, according to the government, will provide a “faster, safer, and more reliable” network for domestic purposes, in addition to the global Internet for daily usage.

What the officials have been less vocal about is that the NIN will make it easier for them to monitor user activities and carry out surveillance. Moreover, the establishment of the NIN as an independent network from the Internet will provide officials with the option of cutting off access without affecting the country’s administration. Shutting down the Internet in the aftermath of the contested 2009 elections, for example, was problematic since it interrupted banking and government operations. With the establishment of the NIN, a similar outage will not interrupt internal network traffic.

Conceptually, the Iranian government’s tactic is somewhat similar to China’s approach to Internet censorship. In China, many popular Internet platforms and services, such as Google, YouTube, Twitter, and Facebook, are blocked. But Chinese versions of these services, such as the Baidu search engine, the video sharing site YOUKU, and the micro-blogging platform Sina Weibo, are available and widely used. The local nature of these products makes it easier for Chinese authorities to censor content and monitor user activities.

Establishing a new countrywide network and providing national online services will prove to be a time consuming process. Officials are already facing problems in developing and promoting a secure email service to be widely used by Iranians, especially after a number of IT experts and scholars warned [Farsi] the government against promoting an “unreliable” email service that “will not only increase risks for users’ personal information being stolen, but will also make it difficult for users to trust national products in general.” Given the scale of the project, it will likely take a long time for Iranian officials to successfully establish the National Information Network as an independent and popular mean of communication.

The post Iran’s National Information Network appeared first on The Citizen Lab.

Introduction

Ethiopia remains a highly restrictive environment in which to express political dissent online. The government of Ethiopia has long filtered critical and oppositional political content. Anti-terrorism legislation is frequently used to target online speech, including in the recent conviction of a dozen individuals, many of whom were tried based on their online writings. OpenNet Initiative (ONI) testing conducted in Ethiopia in September 2012 found that online political and news content continues to be blocked, including the blogs and websites of a number of recently convicted individuals. This blog post summarizes recent developments in Ethiopia and reports on the results of ONI testing in the country.

Recent developments in Ethiopia

Recent developments in Ethiopia underscore the dangerous environment in the country for critical political voices. Broad application of the country’s 2009 anti-terrorism proclamation has served as the basis for a number of recent convictions.¹ In recent months, bloggers and journalists have been convicted on terrorism charges based on their online and offline writings. Most notably, in July 2012 blogger Eskinder Nega was jailed for 18 years on charges of attempting to incite violence through his blog posts.² This incident was the seventh arrest of Nega for his critical writings.³ Nega was accused of conspiring with Ginbot 7, an oppositional political group labeled a terrorist organization by the Ethiopian government.⁴ Also convicted in absentia were Abebe Gellaw of the online news platform Addis Voice, as well as Mesfin Negash and Abiye Teklemariam, editors of the news website Addis Neger Online.⁵ A number of other journalists and opposition political figures were also simultaneously convicted of similar offenses.⁶ In January 2012, Elias Kifle, editor of Ethiopian Review, was convicted in absentia under the same anti-terrorism laws.⁷

The government of Ethiopia has also sought to make legislative changes that would affect the use of online communication tools. Legislation has been introduced that would restrict the use of Voice-over-Internet Protocol (VoIP) applications such as Skype. While government representatives portrayed the proposed law as a means of protecting domestic telecommunications providers,⁸ some critics described the new draft legislation as an attempt to criminalize the use of VoIP services to punish dissent.⁹ Additional restrictions exist on private actors delivering telecommunications services to third parties more generally.¹⁰ Moreover, a number of unconfirmed reports suggest that users of Internet cafes in Addis Ababa have been confronted or arrested by security officials after using the cafes to visit sensitive political websites.¹¹

Other reports from the country describe attempts by Internet Service Providers (ISPs) to restrict the use of tools to anonymize web browsing and circumvent Internet filtering. In May 2012, developers of the Internet anonymizer software project Tor reported that the Ethiopian Telecommunications Corporation (ETC) had begun using Deep Packet Inspection (DPI) to block access to the Tor service.¹² This finding followed reports from July 2011 of an ETC-issued tender for the procurement of DPI technology.¹³ In December 2010 the ETC, renamed as Ethio Telecom, signed a 30 million Euro contract with France Telecom, outsourcing management of Ethio Telecom for two years.¹⁴

Past ONI testing in Ethiopia

The ONI conducts technical testing of Internet filtering through the use of specially designed software distributed to researchers located in the country of interest.¹⁵ ONI has previously conducted two phases of technical testing in Ethiopia, in 2006/2007 and in 2008/2009. Both phases of testing found extensive filtering of political content.

• Testing conducted in 2006 and 2007 on the ISP ETC found that a broad variety of political and news-related websites were blocked, including opposition political sites, critical political blogs, independent Ethiopian media, human rights sites, and sites with content related to ethnic minorities.¹⁶ The entire domain of several blogging platforms, including the international Blogspot and the Ethiopia-focused Nazret, were found to be blocked. However, international news sites such as CNN and Voice of America, as well as prominent critical blogs Addis Voice and Ethiopian Review, were found to be accessible.

• Testing conducted in 2008 and 2009 on ETC found a similar variety of content to be blocked.¹⁷ A number of independent Ethiopian news sites, including Ethiopia Exchange (http://ethiox.com), were found to be blocked, while international news sites such as CNN and Voice of America remained accessible. While the use of VoIP services among the general public was restricted, the website of Skype (www.skype.com) remained accessible.

2012 ONI testing results

ONI conducted testing of filtering in Ethiopia on the ISP Ethio Telecom (formerly ETC) from September 17 to 19, 2012. In total, 1375 unique URLs were tested, with 73 of those URLs found to be blocked. (Lists of URLs tested, as well as URLs found blocked, can be found in the ‘Data’ section at the end of this report.) Blocked content was found to be blocked through the use of forged TCP RST (reset) packets, a method that is not transparent to users. RST packets are typically sent by clients or servers when there are network problems, as a response to a half-open connection, or some other network anomaly.¹⁸ When a RST flag is received most networking implementations in an operating system will shut down the socket used. The result of a forged TCP RST packets from a user’s perspective, is that any attempts to access blocked content would display a typical browser error message indicating the site was unreachable rather than an explicit block page. However, analysis of packet captures conducted during testing demonstrates that attempts to access this content are disrupted through the use of forged TCP RST packets directly in response to an HTTP GET request, as shown in Figure 1 (click image to enlarge):

Figure 1: Sample packet capture of an attempt to access http://www.addisvoice.com.

With some exceptions, the majority of URLs found to be blocked contained content directly related to Ethiopia. Most URLs found blocked belonged to ONI’s ‘political’ category,¹⁹ including independent media and critical political blogs. The blocked content includes online portals such as Nazret (http://nazret.com) and Cyber Ethiopia (http://cyberethiopia.com), diaspora media such as Toronto-based TZTA Ethiopia Newspaper (http://www.tzta.ca), and other critical political organizations, including the website of the Solidarity Committee for Ethiopian Political Prisoners (http://www.socepp.de/). The website of Oromo independence organization Oromo Liberation Front (http://www.oromoliberationfront.org) was found to be blocked. Also found blocked were the websites of a number of anonymization and circumvention tools, such as the Tor Project (https://www.torproject.org), Ultrasurf (http://ultrasurf.us), and Psiphon (http://psiphon.ca). Only two international news sites were found to be blocked, Al Jazeera (http://www.aljazeera.net) and Al Arabiya (http://www.alarabiya.net).

A number of sites associated with recently imprisoned bloggers were also found to be blocked. EthioMedia (http://ethiomedia.com), a news site contributed to by imprisoned blogger Eskinder Nega, was found blocked. Addis Voice (http://www.addisvoice.com), founded by recently sentenced Abebe Gellaw, was blocked, as was Ethiopian Review (http://www.ethiopianreview.net), whose editor Elias Kifle was convicted in absentia for violating the country’s anti-terrorism laws.²⁰ Addis Neger Online (http://addisnegeronline.com/),²¹ the site at which editors Mesfin Negash and Abiye Teklemariam posted content that lead to their imprisonment, was found to be blocked. Also found to be blocked was the website of Ginbot 7 (http://www.ginbot7.org). Although the website of prominent independent weekly newspaper The Reporter (http://www.ethiopianreporter.com) was reported blocked in April 2012,²² ONI testing found this website to be accessible.

Conclusion

Through a combination of legal action taken against individuals for their online writings, technical filtering of Internet content, and low Internet penetration rates²³, Ethiopia remains a highly challenging space in which to express political dissent online. Technical testing conducted by ONI confirms that critical political content is filtered through non-transparent means. ONI will continue to monitor information controls and threats to freedom of expression in Ethiopia.

Acknowledgements

The OpenNet Initiative would like to thank an anonymous individual for generous assistance in collecting technical data from Ethiopia.

Data

The complete list of blocked URLs, as well as the lists of URLs tested, can be found in the following:

Complete list of blocked sites on Ethio Telecom

• [CSV] [Google Doc]
• Testing conducted from September 17 to 19, 2012
• Category codes can be found in Google Doc version

List of URLs tested on Ethio Telecom

• Local List [CSV] [Google Doc]
• Global List [CSV] [Google Doc]
• Lists used in testing conducted from September 17 to 19, 2012
• Category codes can be found in Google Doc version

Important note about testing data: The absence of a particular URL from the list of blocked URLs is not necessarily an indication that the content is accessible in Ethiopia. In some circumstances, issues encountered during data collection prevent confirmation of the status of a given URL.

Footnotes

¹ Human Rights Watch, “Ethiopia: Terrorism law used to crush free speech,” June 27, 2012, http://www.hrw.org/news/2012/06/27/ethiopia-terrorism-law-used-crush-free-speech
² Maasho, Aaron, “Ethiopia jails blogger, reporters, opposition figures,” July 13, 2012, http://www.reuters.com/article/2012/07/13/us-ethiopia-media-trial-idUSBRE86C0OA20120713
³ PEN American Center, “Top PEN prize to honor Eskinder Nega, jailed Ethiopian journalist and blogger,” April 12, 2012, http://www.pen.org/viewmedia.php/prmMID/6494/prmID/172
⁴ Hunter-Gault, Charlayne, “The dangerous case of Eskinder Nega,” July 17, 2012, The New Yorker, http://www.newyorker.com/online/blogs/newsdesk/2012/07/the-dangerous-case-of-eskinder-nega.html
⁵ Committee to Protect Journalists, “Ethiopia sentences Eskinder, 5 others on terror charges,” July 13, 2012, http://cpj.org/2012/07/ethiopia-sentences-eskinder-six-others-on-terror-c.php
⁶ Emily Alpert, “Famed Ethiopian journalist, dissidents convicted of terrorism,” June 27, 2012, Los Angeles Times, http://latimesblogs.latimes.com/world_now/2012/06/ethiopian-journalist-dissidents-convicted-of-terrorism.html
⁷ Human Rights Watch, “Ethiopia: Terrorism verdict quashes free speech,” January 19, 2012, http://www.hrw.org/news/2012/01/19/ethiopia-terrorism-verdict-quashes-free-speech
⁸ Sudan Tribune, “Ethiopia: Govt denies banning Skype and other Internet communication services,” June 24, 2012, http://allafrica.com/stories/201206250202.html
⁹ Al Jazeera, “Ethiopia: Skype me maybe,” June 14, 2012, http://stream.aljazeera.com/story/ethiopia-skype-me-maybe-0022243
¹⁰ Freedom House, “Ethiopia,” 2012, http://www.freedomhouse.org/report/freedom-net/2012/ethiopia
¹¹ Addis Neger Online, “Crackdown in Addis Ababa Internet cafes, two arrested on Tuesday,” August 2011, http://addisnegeronline.com/2011/08/crackdown-in-addis-ababa-internet-cafes-two-arrested-on-tuesday/
¹² Tor, “Ethiopia introduces deep packet inspection,” May 31, 2012, https://blog.torproject.org/blog/ethiopia-introduces-deep-packet-inspection
¹³ Broadband Traffic Management, “Ethio Telecom issued a tender for DPI,” July 7, 2011, http://broabandtrafficmanagement.blogspot.ca/2011/07/ethio-telecom-issued-tender-for-dpi.html
¹⁴ Aaron Maasho, “Ethiopia outsources telecom management to France Telecom,” December 3, 2010, http://af.reuters.com/article/investingNews/idAFJOE6B207720101203
¹⁵ For more information on ONI’s testing methodology, see http://opennet.net/oni-faq
¹⁶ OpenNet Initiative, “Internet filtering in Ethiopia in 2006-2007,” http://opennet.net/studies/Ethiopia2007
¹⁷ OpenNet Initiative, “Ethiopia,” September 30, 2009, http://opennet.net/research/profiles/ethiopia
¹⁸ Information Sciences Institute, “Transmission Control Protocol” http://www.ietf.org/rfc/rfc793.txt
¹⁹ Content categorized as “political” focuses primarily on websites that present views in opposition to those of the current government. Content more broadly related to human rights, freedom of expression, minority rights, and religious movements is also included in this category.
²⁰ Human Rights Watch, “Ethiopia: Terrorism verdict quashes free speech,” January 19, 2012, http://www.hrw.org/news/2012/01/19/ethiopia-terrorism-verdict-quashes-free-speech
²¹ At the time of publication, this website was flagged by Google Safe Search as distributing malware.
²² Reporters Without Borders, “Leading weekly’s website blocked for past six days,” April 26, 2012, http://en.rsf.org/ethiopia-leading-weekly-s-website-blocked-26-04-2012,42375.html
²³ OpenNet Initiative, “Ethiopia,” September 30, 2009, http://opennet.net/research/profiles/ethiopia

The post Update on Information Controls in Ethiopia appeared first on The Citizen Lab.

As part of this project, Andrei Soldatov and Irina Borogan of Agentura.Ru published a piece in Wired magazine on November 1, 2012, titled The Kremlin’s New Internet Surveillance Plan Goes Live Today. The text of this article follows.

On the surface, it’s all about protecting Russian kids from internet pedophiles. In reality, the Kremlin’s new “Single Register” of banned websites, which goes into effect today, will wind up blocking all kinds of online political speech. And, thanks to the spread of new internet-monitoring technologies, the Register could well become a tool for spying on millions of Russians.

Signed into law by Vladimir Putin on July 28, the internet-filtering measure contains a single, innocuous-sounding paragraph that allows those compiling the Register to draw on court decisions relating to the banning of websites. The problem is, the courts have ruled to block more than child pornographers’ sites. The judges have also agreed to online bans on political extremists and opponents of the Putin regime.

The new system allows ISPs not only to filter traffic, but to monitor it on a nationwide scale.

The principle of internet censorship is not a new one to the Russian authorities. For five years, regional prosecutors have been busy implementing regional court decisions requiring providers to block access to banned sites. To date this has not been done systematically: Sites blocked in one region remained accessible in others. The Register removes this problem.

The new system is modeled on the one that is used to block extremist and terrorist bank accounts. The Roskomnadzor (the Agency for the Supervision of Information Technology, Communications and Mass Media) gathers not only court decisions to outlaw sites or pages, but also data submitted by three government agencies: the Interior Ministry, the Federal Antidrug Agency and the Federal Service for the Supervision of Consumer Rights and Public Welfare. The Agency is in charge of compiling and updating the Register, and also of instructing the host providers to remove the URLs. If no action by the provider follows, the internet service providers (ISPs) should block access to the site in 24 hours. The host providers must also ensure they are not in breach of current law by checking their content against the database of outlawed sites and URLs published in a special password-protected online version of the Register open only to webhosters and ISPs.

Most importantly, however, the new Roskomnadzor system introduces DPI (deep packet inspection) on a nationwide scale. Although DPI is not mentioned in the law, the Ministry of Communications — along with the biggest internet corporations active in Russia — concluded in August that the only way to implement the law was through deep packet inspection.

“At the end of August, under the chairmanship of Communications minister Nikolai Nikiforov, a working group was held, drawing representatives of Google, SUP Media (the owner of the Livejournal social network), and of all the other big hitters. They discussed how to ensure that the [filtering] mechanism — they used the concrete example of YouTube — how to block a specific video, without blocking YouTube as a whole. And they reached the conclusion that pleased them all,” Ilya Ponomarev, a member of the State Duma and an ardent supporter of the law, told us.

Are we are talking about DPI technology? we asked.

“Yes, precisely.”

Most digital inspection tools only look at the “headers” on a packet of data –- where it’s going, and where it came from. DPI allows network providers to peer into the digital packets composing a message or transmission over a network. “You open the envelope, not just read the address on a letter,” said an engineer dealing with DPI. It allows ISPs not only to monitor the traffic, but to filter it, suppressing particular services or content. DPI has also elicited concern from leading privacy groups over how this highly intrusive technology will be used by governments.

“No Western democracy has yet implemented a dragnet black-box DPI surveillance system due to the crushing effect it would have on free speech and privacy,” said Eric King, head of research at Privacy International. “DPI allows the state to peer into everyone’s internet traffic and read, copy or even modify e-mails and webpages: We now know that such techniques were deployed in pre-revolutionary Tunisia. It can also compromise critical circumvention tools, tools that help citizens evade authoritarian internet controls in countries like Iran and China.”

“There are basically two functions in DPI — filtering and SORM,” added IBM East Europe Business Development Director Boris Poddubny, referring to the Russian government surveillance system for monitoring both internet traffic and phone calls. “There may be devices to copy traffic. DPI helps analyze it. And there will be a detailed log: what is downloaded by whom, and who looked for what on the internet.”

Off-guard

September of 2012 saw several prosecutors request that access to the “Innocence of Muslims” video be blocked in various different Russian regions. On Sept. 27, the three largest mobile and internet service providers — MTS, VimpelCom and Megafon — restricted access to the inflammatory movie trailer. VimpelCom blocked access to websites that posted the video, which made YouTube as a whole inaccessible in Chechnya, Dagestan, Kabardino-Balkaria, Ingushetia, Karachay-Cherkessia, North Ossetia and the Stavropol Region. But MTS and Megafon succeeded in blocking access just to the video itself thanks to DPI.

It seems the Russian authorities have been busy testing the ground in applying the most advanced internet-censorship technologies, an idea that has obsessed the Kremlin for the last two years.

After the Arab Spring, the Kremlin gave serious thought to developing facilities for averting “enemy activity” on the Russian internet. The problem had, at various levels, been a hot topic since summer 2011. The Collective Security Treaty Organization (the Moscow-led regional defence alliance consisted of Russia, Belarus, Armenia, Kazakhstan, Kyrgyzstan and Tajikistan), member states’ heads of state, prosecutors general and the security services all addressed it. The growth of political activism in their countries and the role of social networking sites in mobilizing protesters only increased the paranoia.

Russia’s security services started developing a strategy for the blogosphere and social networking sites, but had not managed to develop anything concrete before the December 2011 protests that were prompted by Vladimir Putin’s campaign to return to the presidency. The services were used to dealing with threats of a more traditional nature, and were confused when faced with a protest organization with no center — but that instead worked through social networking sites.

‘This allows the state to peer into everyone’s internet traffic and read, copy or even modify e-mails and webpages.’
According to our sources in the secret services, on a technical level they were powerless to deal with social networks, especially any that were based outside of the country, such as Facebook and Twitter (“What can we do if [the pro-Chechen] Kavkazcenter opens a page on Facebook?” was their most desperate question).

Not surprisingly, the best the St. Petersburg Federal Security Service (FSB) department could do on the eve of the major protest rally in Bolotnaya Square on Dec. 10 was to send a fax to Pavel Durov, the creator of the St. Petersburg-based VKontakte social network, requiring him to close down protest groups. Durov refused. The next day, he was summoned to the St. Petersburg prosecutor’s office to explain himself. Durov did not attend, the story came out, and that was the end of the matter.

On March 27, 2012, this failure was indirectly recognized by the First Deputy Director of the FSB, Sergei Smirnov. At a meeting of the Regional Anti-Terrorist Structure within the Shanghai Cooperation Organization — an international group founded in 2001 by China, Russia and Central Asian states — Smirnov said: “New technologies are used by Western secret services to create and maintain a level of continual tension in society with serious intentions extending even to regime change…. Our elections, especially the presidential election and the situation in the preceding period, revealed the potential of the blogosphere.” Smirnov stated that it was essential to develop ways of reacting adequately to the use of such technologies and confessed openly that “this has not yet happened.”

The solution appears to have been found in the summer, when the State Duma approved the amendments, effectively raising the internet-filtering system to a nationwide level, thanks to DPI technologies.

Maybe because government officials had, for so many years, claimed that Russia could not adopt the Chinese and Central Asian approach to internet censorship, the solution took the national media, the expert community and the opposition completely by surprise.

In fact, the ground had been carefully prepared over a period of years, since DPI technology had first entered Russia in the mid-2000s for purely commercial reasons.

Suppression

“We got our first client in 2004, it was Transtelecom. But it was its security department, so DPI was intended for its internal network,” said Roman Ferster, CEO of RGRCom company, the main distributor of Allot DPI technologies in Russia.

Ferster — short, stocky and energetic, with a slight Israeli accent — founded RGRcom in 2003 to sell telecom technologies made by Israeli corporations in Russia. Allot, which focuses exclusively on manufacturing DPI solutions, suited his business perfectly. His small team of just over 20 people is Allot’s exclusive partner in Russia. They helped install Allot devices in the Tatarstan region, in the Far East, in VimpelCom’s ISP network in Moscow, in the Ural regional operator’s network, and so on.

Ferster’s company also offers Russia technology that can solve the technical problem of blocking a single video clip instead of YouTube as a whole.

Allot initially targeted corporate networks and small regional ISPs, not the big long-distance providers and mobile operators. DPI did not really arrive in Russia until the end of the 2000s, and now many of the biggest DPI technology vendors have a presence in Russia: Canada’s Sandvine, Israel’s Allot, America’s Cisco and Procera, and China’s Huawei. By the summer of 2012, all three national mobile operators in Russia already had DPI at their disposal: Procera was installed in VimpelCom, while Huawei’s DPI solutions are in use in Megafon, and MTS bought CISCO DPI technology.

“The first bell rang in Russia when we got torrents. Because the torrents occupy all available bandwidth,” Ferster’s chief engineer Vasya Naumenko recalled. “When it began, operators came to think how to solve it. And it turned out that there is no other option except DPI. No switch, no router, not even Cisco, can solve the problem. This is the level of applications, and in any case it’s necessary to open the packets and see what’s inside.”

“Mobile operators faced with that when they presented the mobile internet. As soon as they began to distribute USB-modems, it became a problem,” confirmed IBM’s Poddubny.

Poddubny shared his thoughts in a Starbucks at the center of the most fashionable part of Moscow City, at the foot of the tower “City of Capitals” on the Moscow river bank, next to the IBM headquarters. It’s a striking contrast to RGRcom’s offices: a few rooms on the seventh floor in a modest business center in the outskirts of Moscow. “We saw that customers started being interested in DPI two-three years ago. This interest arose for one simple reason: peer-to-peer protocols. There are a lot of people who download audio and video files in large quantities. According to some studies, this accounts for over 80% of traffic.”

‘There will be a detailed log: what is downloaded by whom, and who looked for what on the internet.’
It appears that the only decision the mobile operators found was traffic shaping. This euphemism means that, thanks to DPI technology, mobile operators acquired a tool they could use to suppress particular services — in most cases torrents, peer-to-peer protocols and Skype, which poses a threat to the VoIP solutions made by the mobile operators themselves.

The ISPs turned out to be more hesitant in adopting DPI technologies. All the engineers we have interviewed, who deal with DPI in Russia, told us that most ISPs do not understand why they need to install this technology.

“The key difference in approaches is the tariff system. Mobile operators have lots of tariffs while ISPs enjoy a very strange position: it’s not clear how they intend to make money because they have turned themselves into the pipeline,” said Alexander Shkalikov, a Systems Engineer at Inline Telecom Solutions, the company that started to sell Sandvine in Russia in 2007 and is its main partner in the country. Inline Telecom has just installed DPI devices on the network of the national long distance operator Rostelecom in the Far East Region. “As a result, every region from Kamchatka to Yakutia got the Sandvine DPI,” said Shkalikov.

The introduction of the law requiring DPI to be in place has done nothing to change the internet service providers’ attitude, Shkalikov said. “Right now the ISPs want to shift the problem of the traffic control to someone else’s doorstep. They don’t want to buy DPI themselves, because it costs over $100,000 and small operators simply cannot afford it.”

That said, small ISPs seem to have already found a cheap solution, Shkalikov explained. “There is a big market of used CISCO DPI solutions, you can buy them for truly laughable sums. Something like $2,000 (in the US — in Russia the real figure is $7,000, bearing in mind that a new device costs over $100,000). And software can be stolen. CISCO is less functional than Sandvine, but it might at least satisfy the state regulator.”

The governments in many countries with questionable democracy and human rights records are fully aware of how to turn commercial advantages of DPI into the tool of suppressing dissent activity online. The secret services in Uzbekistan, for example, compel local providers to use DPI to change the URLs of discussion groups in social networks.

But there is another side of DPI technology that might benefit a repressive regime enormously. “There are basically two functions in DPI — filtering and SORM [the Russian government's legal interception system]. There are might be the devices to copy traffic and DPI helps to analyze it, and there will be the detailed log: what is downloaded by whom, and who looked for what on the internet,” said Boris Poddubny of IBM.

Technically, it poses no problem, Alexander Shkalikov of Inline Telecom confirmed. DPI allows for identification of those trying to access a site or page even if it’s blocked. “It’s possible to identify not only the IP, but logins, and that’s easier for the internet service provider. We advise our clients to configure DPI to work with logins. As a result they can have statistics about who is who. For example, some ISPs are interested in identifying who the spammers in their network are.”

In September 2012 it became clear, that DPI’s identification capabilities could be combined neatly with the Russian nationwide system of legal interception, the foundations of which were laid in Soviet times.

Crossed lines

In the mid 1980s a KGB research institute developed the technical foundations of what was later to be known as SORM — a nationwide of automated and remote legal interception on all kinds of communications.

Full implementation of the project only happened in 1992, when the Ministry of Communications signed-off on the first SORM-related document, forcing telecom operators to allow the secret services to intercept phone conversations and mail. The public first became aware of SORM in 1998 when the FSB, Ministry of Communications, and supervisory agencies developed new regulations for installing interception devices on servers run by ISPs. In the first decade of the millennium, SORM equipment was installed by all ISPs and operators of mobile and landline networks.

If you know an opposition leader is a customer of a known operator, you can copy all of his traffic.’
Meanwhile, there is a principal difference between SORM and today’s DPI push. The SORM devices are manned by the agents of the secret services, while DPI technology is at the disposal of the ISPs and mobile operators. However, the line might be crossed very soon — which would suit the companies and the Ministry of Communications just fine.

On September 27, Russia’s largest information security conference featured a panel on “SORM in the Environment of Convergence.” The talk was intended for professionals, and the room in the international exhibition center Krokus Expo in the north of Moscow was filled with the chiefs of SORM departments at mobile operators and the Moscow city phone network, as well as representatives from surveillance equipment manufacturers. The most honored guest was Alexander Pershov, deputy director of the Department of State Policy at the Ministry of Communications.

DPI quickly emerged as one of the hottest topics of the discussion. Many in the room seemed certain that the only way to guarantee legal interception in the new era of cloud computing and communications is DPI technology. It was a conclusion that the representative of Huawei in Russia was only happy to support.

The idea of connecting SORM with operators’ DPI seemed not to bother anybody in the room. Alexander Pershov, long-serving official with the Ministry of Communications, outlined the Ministry’s general way of thinking: “The requirements for building networks need to be coordinated with the FSB to ensure that everything is done properly in terms of SORM.”

Technically it poses no problem, we were told by engineers dealing with DPI.

“Allot is perfectly compatible with SORM, and we know it,” Roman Ferster confirmed. “There is a very simple solution,” Alexander Shkalikov said. “We did it. [With] DPI, [we] can simply mirror traffic, not redirect it. This is very convenient because DPI [helps] you copy not all traffic but only a certain protocol or traffic of certain customers. For example, if you know that [Alexei] Navalny, one of the most famous opposition leaders, is a customer of a known operator, you may get all Navalny traffic to be copied through the DPI to the external system. It’s real. And it even shows you which sites he has been to.”

The surveillance technology that works for tracking Navalny can work for millions of Russians. And the switch gets flipped on today.

Media Coverage

• Wall Street Journal
• Spiegel Online
• The Washington Post
• The Christian Science Monitor
• The Economist

The post The Kremlin’s new Internet surveillance plan goes live today appeared first on The Citizen Lab.

Table of Contents

• Blogger and Netizen Arrests
• Internet and Social Media Use
• Censorship and Filtering
• Hacktivism
• Government Control
• Cyber Warfare

BLOGGER AND NETIZEN ARRESTS

IRAN: Journalists in jail – As of July 2012, 30 print and 24 online journalists are currently under arrest [Farsi] in Iran. The Committee to Protect Journalists’ (CPJ) 2011 census reported that Iran had the highest number of jailed journalists in the world, with 42 journalists in prison as of December 2011. According to CPJ Deputy Director Robert Mahoney, Iran imprisoned journalists to quash critical news coverage as reformist publications are often banned and their staff sent to prison.

OMAN: Court sentences six netizens to jail for lèse majesté crimes – An Omani court has given jail terms to netizens Mohammed Al-Badi, Mohammed Al-Habsi, Abdullah Al-Siyani, Talib Al-Abry, Abdullah Al-Araimi and Mona Hardan for publishing defamatory comments against ruling Sultan Qaboos bin Said al Said. As previously reported, the Cyber Crime Law has been used to justify the arrests of poets and writers accused of defaming the Sultan on social media.  Reporters Without Borders has described the “persecution of netizens and local journalists” in Oman as having reached “alarming proportions.”

SAUDI ARABIA: Human Rights Watch condemns arrest of website editor – On July 17, Human Rights Watch issued a press release demanding the release of Ra’if Badawi, editor of the Free Saudi Liberals [Arabic] website. Badawi was arrested in June and has been charged under the Anti-Cybercrime Law [pdf] for infringing on religious values by providing an online platform for people to debate religious issues. Badawi has long been a target of Saudi authorities. In 2008, he was accused of “setting up an electronic site that insults Islam”.

UNITED ARAB EMIRATES (UAE): Government cracks down on netizens – Last month, Ahmed Abdul Khaleq, one of the human rights activists arrested and tried last year, was given a choice of where to be deported — Bangladesh, India, Iran, Pakistan or Thailand. He chose Thailand, though he had no relations there. Khaleq, a member of the stateless bidoon people, had long run a popular blog advocating for bidoon rights in the United Arab Emirates (UAE) and has been associated with the Reform and Social Guidance Association (al-Islah), a collective described by Amnesty International (AI) as a “non-violent political group which has been engaged in peaceful political debate and discussion in the UAE for many years.” This deportation coincided with a three-day sweep of online journalists, bloggers, and other Emirati activists.

Back to top

INTERNET AND SOCIAL MEDIA USE

MIDDLE EAST and NORTH AFRICA: Social media use growing rapidly in the Arab world – The Arab Social Media Report, produced by the Dubai School of Government’s Governance and Innovation Program, revealed that as of June 2012, Facebook had reached 45.2 million active users, Twitter had over two million, and LinkedIn had four million. Yet the growth in social media use has not corresponded with an easing of censorship of online content by many governments in the region.

IRAN: Citizens use Facebook to say ‘No’ to compulsory hijab – Thousands of Iranians living in and outside of the country have joined a Facebook group, “Unveil Women’s Rights to Unveil,” calling for an end to mandatory hijab. The group was launched on July 11 and received more than 10,000 likes in a few days. Many women and even some men have posted pictures on the page with the movement’s slogan, declaring that women should have the right to choose.

IRAN: Social media not illegal, but users can still be punished – General Kamal Hadianfar, Chief of the Cyber and Information Exchange Police (FATA), announced [Farsi] that signing up for social networks is not legally prohibited in Iran. He warned, however, that police will be diligent in tracking and arresting those who “commit cyber crimes”. Hadianfar went on to say that “Iran’s enemies” are attempting to use cyberspace and social media websites [Farsi] “to change the religious beliefs of youth in the country”.

IRAN: Conflicting reports on Internet penetration – Recent reports from Statistics Iran and Donya-e-Eqtesad newspaper have shown that only 15 percent of the population have access to the Internet and they mostly use dial-up services to connect from their homes. Also, the report stated that 27 percent of families living in major urban centres are able to connect to the Internet, versus only five percent of families in rural areas. A conflicting report from the National Internet Development Agency of Islamic Republic of Iran, however, claimed that Internet penetration rates in the country recently reached 43 percent. These differing statistics are likely due to disagreements over how to define an Internet user.

Back to top

CENSORSHIP AND FILTERING

IRAN: Public requests for Internet filtering – Mehdi Sarami, CEO of the Association of Information Technology and Digital Media, stated that approximately 90 percent of censored websites have been filtered due to requests from the public. According to Sarami, there was a time that the Association received 2,000-3,000 complaints from people about improper and criminal website content.

JORDAN: Citizens demand pornography filtering - In February 2012, a group of Jordanian citizens launched [Arabic] the “Campaign to Block Pornography Websites from the Internet in Jordan”, which has lobbied the government to issue an official decree that pornography websites be permanently and effectively filtered. Atef al-Tal, the Minister of Information and Communications Technology, revealed on July 19 that the Ministry was in the process of amending the country’s telecoms law by adding provisions that guarantee “clean” internet services and working with an Australian company to develop an Internet filtering solution, while the Telecommunications Regulatory Commission has requested that key ISPs block pornography websites.

SAUDI ARABIA: Censorship continues as Twitter use soars – The government has proposed a new law that could impose harsh penalties on social media users who insult Islam, including the Prophet Mohammed, early Muslim figures, and clerics. This is a concern given that Saudi Arabia is Twitter’s fastest growing market month-on-month.

Back to top

HACKTIVISM

YEMEN: Anonymous exposes government-run censorship – The hacker group Anonymous recently released details of the government-run Internet filtering system. Content targeted for blocking includes websites and pages critical of the government, pornographic material, and VoIP services. OpenNet Initiative research in Yemen has found that although censorship is pervasive, many users are able to easily circumvent the controls.

SYRIA: Anonymous takes down website of the Syrian Electronic Army – Anonymous claimed to have taken down the website of the pro-government Syrian Electronic Army (SEA) with a distributed denial-of-service (DDoS) attack on July 17. The SEA had apparently taunted Anonymous a day earlier, accusing them of spreading lies and issuing empty threats. For the past year, Anonymous has displayed strong opposition to the Syrian regime and recently took credit for providing WikiLeaks with over two million confidential e-mails from “Syrian political figures, ministries, and associated companies.”

Back to top

GOVERNMENT CONTROL

IRAN: Internet cafe owners must check identity of users – Sattar Khosravi, Chief of Isfahan Province branch of FATA, has said [Farsi] that Internet cafes must check the national identity cards of users and have their information retained for use by authorities before providing them with access to computers. Khosravi warned that using VPNs and proxies are illegal and that cafe owners could face punishment if users are found violating regulations.

IRAN: Experts warn about the security of national Internet – As previously reported, the government has pushed Iranians to use “.ir” e-mail addresses and has obligated state organizations, universities, and research centres to use locally hosted domains for all websites and portals. In response, a number of IT experts and scholars published a statement outlining the security challenges of a national Internet. Noting several security holes in the proposed national email service, experts warned that forcing people to use insecure email and Internet services not only increases the risk of users’ private data being stolen, but also reduces user’s trust in other kinds of national technologies and products.

SYRIA: Internet cut off for 40 minutes – On July 19, Internet security firm Renesys reported that all networks routed through the Syrian Telecommunications Establishment (61 of the 66 networks) were withdrawn from the global routing table, effectively cutting off Internet connectivity throughout the country for 40 minutes. Five networks operated by Tata, an Indian multinational telecommunications firm, were unaffected. Until that point, Internet outages had been relatively uncommon during the period of civil strife in Syria. The last major disruptions occurred in June and October 2011, each affecting around 40 networks. The July 2012 outages came only one day after Syrian rebels bombed the National Security building in Damascus.

SYRIA: Satellite channels to be hijacked by Western powers – Syrian Arab News Agency (SANA), a state media outlet, reported on July 22 that Western intelligence agencies and “some Arab parties” were planning to hijack the frequencies of Syrian satellite television channels to broadcast misinformation, possibly about a coup d’etat, defections, the fall of cities, or other subjects that might be damaging to the regime. Syrian citizens were therefore encouraged to regard all suspect information as completely baseless fabrications. The Ministry of Information issued similar warnings through other national media channels such as Syria TV, al-Dunia TV, and Sham FM.

Back to top

CYBER WARFARE

IRAN: The “Mahdi” malware – Internet security experts have found that a malware named “Mahdi” is being used to attack computers in Middle Eastern countries. A report by Iran’s Computer Emergency Response Team Coordination Center [Farsi] revealed that Russia’s Kaspersky Lab first discovered the malware approximately eight months ago. More than 800 computers, the majority of which are located in Israel and Iran, have since been infected, although it did not gain significant media attention until only recently. Mahdi Behrouzi, Vice Chancellor of the Academic Protection and Awareness Professional Center, stated in an interview [Farsi] that the increased publicity is likely an attempt to make a connection between Iran and the malware developers, and that “Iran’s enemies”, such as Israel, are accusing the country of deliberately using this malware to steal data from Internet users.

IRAN: Government plans to resist cyber attacks - As Iran continues to stress the importance of setting up a defensive position vis-a-vis cyber attacks, the state-sponsored Mehr News Agency has reported that the Amirkabir University of Technology will soon initiate a new mega-project for this purpose. The project, called the Program of Supreme Council of Science, Information and Technology, is designed to be a cyber defence network and aims to protect Iran from the increasing number of cyber attacks.

IRAN: US has not revealed the IP addresses of hackers – Last month, a cyber attack was reported against Iran that allegedly led to the disconnection of the servers of the Ministry of Oil and four of its subsidiary companies. At the time, General Kamal Hadianfar, Chief of Cyber and Information Exchange Police (FATA), claimed that the attack had spread through an IP address located in the US. Hadianfar said that Iran has submitted an official legal request to the US to reveal the IP addresses of the suspected hackers, but US officials have not yet responded.

Back to top

Read previous editions of the Middle East and North Africa Cyber Watch.

Read previous editions of the Iran Cyber Watch (discontinued as of June 15, 2012).

Subscribe and receive the Middle East and North Africa CyberWatch in your inbox.

The post Middle East and North Africa CyberWatch: July 14 – July 27, 2012 appeared first on The Citizen Lab.

“This is a Canadian company. It’s supplying services to regimes that block access to information that in Canada would be considered a Charter rights violation. And it’s contradictory to Canada’s own stated foreign policy in this area, which is to support a free and open internet,” Professor Deibert said.

Most recently, Telstra, one of Australia’s largest telecoms, has admitted to secretly tracking websites visited by its mobile users and giving the information to Netsweeper.

To read the full piece, see here.

The post Citizen Lab Director Ron Deibert comments on Netsweeper in Toronto Star piece appeared first on The Citizen Lab.

In its Freedom on the Net 2011 report, Freedom House states: “The country reports and numerical scores in this study reveal that a growing number of governments are moving to regulate or restrict the free flow of information on the internet. In authoritarian states, such efforts are partly rooted in the existing legal frameworks, which already limit the freedom of the traditional media.

“These states are increasingly blocking and filtering websites associated with the political opposition, coercing website owners into taking down politically and socially controversial content, and arresting bloggers and ordinary users for posting information that is contrary to the government’s views. Even in more democratic countries — such as Brazil, India, Indonesia, South Korea, Turkey and the United Kingdom — internet freedom is increasingly undermined by legal harassment, opaque censorship procedures or expanding surveillance.”

While the British public await the details of the controversial Communications Capabilities Development Programme, here’s a rundown on some of the world’s most invasive web monitoring regimes.

For the full article, see here.

The post Technology web surveillance: Some of the world’s most invasive regimes appeared first on The Citizen Lab.