Iran has gone pretty much entirely offline in the wake of nationwide protests. This is the best article detailing what's going on; this is also good.
AccessNow has a global campaign to stop Internet shutdowns.
TITLE EDITED TO REDUCE CONFUSION.
Posted on November 20, 2019 at 6:52 AM • 18 Comments
danny • November 20, 2019 8:50 AM
Poor choice of words on that title Mr. Schneier. At first I thought the entire internet was out due to some Iranian hacker(s). Then I realized is theirs.
On the other hand, as slow as politicians are to catch with technologies, they do understand that internet is a resource. What amazes me is that governments around the world has not done it sooner and allowed us to have it so far. Splinternet will become the norm in near future and current internet, as broken as it is with ads and invasion of privacy will become an utopia for those future times.
Clive Robinson • November 20, 2019 8:58 AM
@ Bruce,
What ever the --political-- reason is, I've been expecting this for a while now.
Russia plans to shut it's self behind what will become another "Great China Firewall" supposadly as a test in the very near future. No doubt if it works it will become permanent if the test gors well.
And there is a growing que of other nations that want to do the same or similar.
The simple fact is the early days of the Internet are now long gone digital surveillance is not optional it's a requirment not for just for the national jurisdictional network entities, but extra jurisdictional entities in other nations as well.
Up untill a decade ago the basic network topology followed that of the older telephone network but the even older the telex network before it.
Since then there have been ever increasing signs that national governments want rather more autonomy than they have been given. Things came to a head at the 2014 Doha meeting of the UN ITU World Radio Conference. Which the US only just managrd to scrap a maybe status quo on.
Now half a decade later at the current WRC that is due to end this week it's become clear the status quo can not be maintained.
Amongst other things driving the split is the US behaviour over 5G which they may paint as an "Evil China" issue publically but is actually a pissing contest over who controls the digital future.
Because few Western Governments have put the required resources into their communications industry, like so much before it from colout TV's and Transistor Radios in the 1960's the inovation in the market has moved to where it is better resourced, which has been to the likes of the Far East, and more recently the BRIC countries.
Now the game is effectively lost and there is no clear incentive from the First World Western Nations for keen minds to stay, they are following the provided resources.
It's not as though there have not been abundently clear warnings this was going to happen from the early 1990's but despite the warnings being made clear as would be the consequences large Corporate managment have been seduced over to the Far East by cheap labour, only to find they are now effrctively stuck there, and now many "locals" know their yrade secrets have set themselves up in competition.
So the dark clouds of what could well be a "Perfect Storm" have crossed well over the horizon. Do we in the West maintain the same course to even more troubled seas or do we change course and put the effort into avoiding the storm?
Bridgefy • November 20, 2019 9:04 AM
In a few months, apps like FireChat or Bridgefy will spread through
bluetooth transmissions towards iranian manifestants.
https://www.siliconrepublic.com/comms/hong-kong-mesh-network-bridgefy
It is only a matter of time.
Way0k • November 20, 2019 10:29 AM
Please forgive my ignorance. I am aware that certain local mesh networks can be maintained throughout catastrophic events- but is there a method designed yet to reliably maintain secure connectivity beyond borders - as necessitated by actions such as this report? Something that is affordable? Wouldn't a few distributed satellite links work (Or are com satellites far too locked down now)?
Thank you in advance for any links/insights.W0K
DraganM • November 20, 2019 11:00 AM
Shutting internet down may have minimal effect internally. Without blocking other means of communication internally, blocking internet can not do too much.
Major effect is in blocking outside interference within or spread of news outside of the country, with latter being not realistically too effective. People always find a way, and will continue to do so.
Knowing what you know about politics, mass surveillance, CIA, Five Eyes and related activities, is shutting external traffic not expected, logical and desired solution for countries under assault?
Petre Peter • November 20, 2019 12:17 PM
In the 21st century cutting off access to the Internet is a clear human rights violations. Amnesty International should be all over this, if they are allowed in the country that is. Also, human rights violations should lead to economic sanctions in an effort to make those in power listen.
Impossibly Stupid • November 20, 2019 12:34 PM
@Clive Robinson
Russia plans to shut it's self behind what will become another "Great China Firewall" supposadly as a test in the very near future.
Good. All I ever see coming from them (and about 50 other countries, including Iran) on my servers is wave after wave of attack. My life would get easier if they completely cut themselves off. Western countries should respect their wishes to disconnect from the Internet. Would any Americans even notice if a reciprocal firewall was put in place for these nations?
Since then there have been ever increasing signs that national governments want rather more autonomy than they have been given.
They don't want that autonomy for good reasons, though. The common MO here (and usually throughout history) is that people want to split off because they want to do bad things that are harmful to the social well being. It would be shocking to see the resurgence of a healthy patriotism.
mouth • November 20, 2019 1:17 PM
Through services like twitter, instagram (very popular in Iran) etc the US is monitoring Iranians. As things stand this could be the reason for the shutdown.
Clive Robinson • November 20, 2019 1:18 PM
@ Impossibly Stupid,
Good. All I ever see coming from them (and about 50 other countries, including Iran) on my servers is wave after wave of attack.
Well... It might not be good.
If as many claim the criminal element that frequents the Internet outside of Russia but are from Russia, are sanctioned by the Russian Government. Then it is highly unlikely that the Russian Government will "bottle them up".
As the old saying has it, if you have to have them in the boat you would rather they p155ed out of the boat than p155 in...
cmeier • November 20, 2019 2:10 PM
Satellite TV from outside Iran is available in Iran. Some enterprising expat will figure out how to offer satellite internet. What is the quote? "The Internet perceives censorship as damage and routes around it."
Clive Robinson • November 20, 2019 2:15 PM
@ WayOk, ALL,
Something that is affordable? Wouldn't a few distributed satellite links work (Or are com satellites far too locked down now)?
This Government lock down may only work out to be "one way" at best...
Because there are "no fee to connect and recieve" satellites pumping education weather and some news information out.
Othernet used to be on L-Band but have since moved to Ku-Band where the antenna can be quite small, amd hidden quite easily.
https://en.wikipedia.org/wiki/Othernet
Whilst the do sell receivers for less than 60USD, they also have published designs by a number of people. Whilst others use their own designs to receive and process the information (most 10-12GHz LNB's output a signal that an RTL SDR dongle previously used for L-Band will work with),
https://m.youtube.com/watch?v=KCewB_PuvDk
However if you want "interactive Internet" the rapid deployment of high bandwidth entertainment systems on transportation such as planes and cruise ships means that access through other satellite providers like Inmarsat are dropping in price. Whilst not cheap you can get upload and download bandwidth suitable for sending "broadcast TV".
gordo • November 20, 2019 2:33 PM
Regarding the thread title, it is Iran's internet that Iran has shut off. I imagine it is merely an information operation in response to an information operation.
SpaceLifeForm • November 20, 2019 2:43 PM
@ Impossibly Stupid
"Good. All I ever see coming from them (and about 50 other countries, including Iran) on my servers is wave after wave of attack."
Remember, attribution is hard.
Are you certain that those packets really originated from where you think they did?
Impossibly Stupid • November 20, 2019 4:36 PM
@Clive Robinson
If as many claim the criminal element that frequents the Internet outside of Russia but are from Russia, are sanctioned by the Russian Government. Then it is highly unlikely that the Russian Government will "bottle them up".
And? Just because a defense isn't perfect doesn't mean it isn't worth doing, especially if it forces the attacker to be more exposed on the "outside". It's not like, for example, foreign meddling in the 2016 election got a free pass simply because it used Facebook as a puppet.
As the old saying has it, if you have to have them in the boat you would rather they [spit] out of the boat than [spit] in...
Minor edit, just in case the mods take offense. :-)
The problem is that the Internet is not a vast, empty ocean. It is crowded with boats, and you're surrounded by 100 baddies looking to spit in for every one you have looking to spit out. The right solution is not an arms race, but to stop all the spitting.
@SpaceLifeForm
Remember, attribution is hard.
No, it isn't. That's the same tired excuse war criminals and sociopathic cloud providers always trot out when they want to use innocents as human shields. "Hey, careful, you don't want to blame this on me and the company I keep, because we're just following orders!" If I'm attacked by 3.130.4.179 (and I just was as I'm making this reply), it is easy to attribute that to Amazon's 3.128.0.0/9, and act accordingly.
Are you certain that those packets really originated from where you think they did?
Yes, I am. It's not individual packets that trigger action, but traffic at layers after handshakes have connected both ends. If you're going to attempt to trot out some "behind 7 proxies" nonsense, understand that my job is to secure my servers, not track down any root geopolitical factions that pull the strings of vast global criminal organizations. Or, put another way, I leave it to Amazon to police their own network; if they have no interest in doing that, then they too should be bounced off the Internet.
Jesse Thompson • November 20, 2019 4:50 PM
I think this is starting to sound a little bit like Greg Egan's novel Zendegi.
If that pattern holds, then doubtless folks will get their hands on a ton of really handy smartphones with phenomenal interference-resistant wireless-mesh hardware and time-delayed message re-broadcast software built in to keep the spice (social networking, digital gossip) flowing despite government interventions, which in turn will help to mobilize and organize cells of various resistance movements.
But wake me when we've got VR bouncy castles. Those sound fun. ;)
Jesse Thompson • November 20, 2019 5:08 PM
Also, a link to view the NY times story through it's paywall: http://archive.is/uBkRT
Clive Robinson • November 20, 2019 9:26 PM
@ Impossibly Stupid,
And? Just because a defense isn't perfect doesn't mean it isn't worth doing, especially if it forces the attacker to be more exposed on the "outside".
What "defence"?
If the Russian Government blocks packets originating in Russia getting out how do you see that as a defence?
Because it is not defending anything Russian inside it's blocking perimiter is it?
It is in effect either imprisoning Russian criminals inside the Russian jurisdictional networks which does not solve the criminal problem, only "bottles it up". Or it effectively blocks those non Russian criminals who are currently using Russian jurisdictional networks to hide their point of origin.
It would only become a defence in the second case. As @SpaceLifeForm has implied with,
That is, when the closed perimiter stops criminals outside of Russia using Russian jurisdiction networks as a relay to hide their actuall point of origin. The attackers would have to fake their origin in a different way.
One of the big mistakes "insider attackers" make is having the point of origin of their attack "inside" any perimiter security. It's a common basic OpSec error that leads to them being identified, something I've pointed out since the 1990's[1].
If you follow the logic of you calling it a "defence" through, you will see that you will not be "politically popular" in these days of stage managed cries of "It's Russia wot dunit". Because implicitly you are saying that Russia is not the origin of the attacks, mearly a staging post and thus they are dropping off of the Internet to defend not just those inside their jurisdictional networks from attack by outsiders, but also their international name...
And you might well be right in that respect. It's part of the reason I indicated it might not be good. That is if those who attack you are using Russian jurisdictional networks as staging posts, then that current convenience will be denied to them when Russia throws the switch. Thus the attackers will have to find another way to hide their origin, thus they might well make mistakes by which they may be identified.
Let's put it this way, if I were an attacker, I would already have a number of mitigation plans not just in place, but up and running and I would be slowly migrating my fake point of origin to some other jurisdictions networks.
So whilst you might see the number of attacks from Russia decline, you will potentially see them rise from some other "apparent" point of origin.
But the reason I indicated it might actually be worse for you is that if forced to make one set of changes, the attackers might well make several changes... That is in effect "upgrading their attacks" which would mean you would be facing a changed landscape requiring you to make changes to your defence strategies as well. As that is likely to be a "reactive not proactive" set of changes it implies that there will be a learning curve which might also give rise to a "window of opportunity" or advantage to the attackers.
It's not something that worries me on a "personal" basis. As I've indicated before my personal network is not connected to the Internet or any other external communications. That is to attack me they would have to have "hands on physical access", which implies a whole different level of attacker with resources to match, not a run of the mill cyber-criminal.
[1] I can still remember the realy supprised looks on peoples faces when I gave a talk in summer 2000 to students and their proffessors from all over Europe --which included Russian's as well-- when I pointed it out. You could "see the penny drop" in not just the students eyes. Something I still see today when I mention "Outsiders should look like insiders, and insiders should look like outsiders" as "Basic OpSec" which is why you have to be caitious with attribution getting on for a third of of a century now... The reason I remember that particular talk well was, because of an answer I gave to a question from one of the proffessors, it was about another security issue and I replied "When Bill Gates says, I have to put a five pin DIN socket in the back of my head, I know it's time for me to retire". A point that is getting perilously close nearly two decades later. It was one of those pivotal moments, where subconcious thoughts crystallized whole and shockingly clear in my mind, and as part of it it "hit me in the gut" hard.
Though these days I suspect it won't be anything as secure as five pin DIN socket we used to have last century for "user input". No it will be something more like an RFID or NFC embedded with realy flawed or backdoored security (by command) that just can not be patched...
Gerard van Vooren • November 21, 2019 2:08 PM
I have to say that the moderation is hard here.
All I did was saying that it's thank to Trump that Iran now has to stop the internet and my message got blocked.
(and probably is gonna be blocked again)
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Leave a comment