Slashdot Mirror
Paraguay Telco Hijacks DNS Before Elections
MrJones writes "In Paraguay we are at T-9 days to national elections. The ruling party has been in power for nearly 61 years (including more than 30 years of dictatorship). Now the state-run ADSL company is hijacking the DNS nationwide of a site that denounces the corruption in the party."
...another reason to hijack the olympic torch...
Do you have oil? If you do, then this corruption is a worldwide tragedy which must be stopped, we'll send troops^Wobservers right away.
I want to delete my account but Slashdot doesn't allow it.
I.E. Google pages
And put the site in many places so it isn't as easy to silence.
While hijacking DNS of a small domain may go unnoticed
Hijacking say Google's or Yahoo's DNS could possibly be highly noticed by the citizens.
It's amazing how easily entire countries of people can be manipulated. China is in the spotlight now but it is nothing compared to countries like North Korea who will get thrown in jail if they have a cell phone for fear that people will actually figure out that nothing they are told is true.
fp
Get the word out about tor. Vidalia is an easy to use controller. This is the exact sort of time when a network and protocol like onion routing is extremely valuable.
I got a catholic block.
What's the ruling party called?
The "Ironic Party"?
The Statue of Liberty is America's lawn jockey.
There are other languages available at those links (hay otros idiomas disponibles en los enlaces).
--
make install -not war
In 1993, Internet pioneer John Gilmore said "the net interprets censorship as damage and routes around it", and we believed him. In 1996, cyberlibertarian John Perry Barlow issued his 'Declaration of the Independence of Cyberspace' at the World Economic Forum at Davos, Switzerland, and online. He told governments: "You have no moral right to rule us, nor do you possess any methods of enforcement that we have true reason to fear."
At the time, many shared Barlow's sentiments. The Internet empowered people. It gave them access to information and couldn't be stopped, blocked or filtered. Give someone access to the Internet, and they have access to everything. Governments that relied on censorship to control their citizens were doomed.
Today, things are very different. Internet censorship is flourishing.
Read more at: Internet Censorship.
... I put up site that supports the corruption of the party in control?
now we need to go OSS in diesel cars
Wonder if Google Pages was tried by anyone behind the Great Firewall of China?
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
a. What is known about this in Paraguay? Are people aware that this is going on?
b. What can those of us outside Paraguay do to help? Mirror sites, etc?
JG
-- "...I'm a bad guy because I, well, I sing some rock-and-roll songs." M. Manson
If I were Paraguayan right now I would be spamming every forum I knew of with the argument of corruption, regardless of what the forum was about, so anyone using the net in Paraguay/the world is likely to see part of the message at least once.. If they couldn't post the whole idea at once, I would do it in parts, on a stay tuned kind of basis, and just keep the coverage of your spamming campaign as diverse as possible so no single entity can silence it...Think anonymous.
Seriously, Paraguayans should be spamming this news story..right now.
http://img292.imageshack.us/img292/5845/extenso2rk7.png
might also catch googles attention, who happens to have a market cap 400% greater the gdp of paraguay...
IIRC, the Google.cn site de-lists sites not approved by the great firewall. From that point, it wouldn't be difficult to add the non-Google.cn versions of Google to the firewall's block list, no?
If you believe everything you read, you'd better not read. - Japanese proverb
You should tell everyone in Paraguay about OpenDNS.
We are such helpful nerds!
Hi I am a foreigner living in Paraguay.
The issue is a little more mixed
It seems they rerouted www.partidocolorado.gov.
They claimed it was illegal use of their name/trademark.
same as one would try to register CocaCola.gov
In my point of view they should not have done this by using their powers in the national tel com and reroute the page, but they should have used the legal way "trademark/name infringement".
Another point is that people get a government they vote for. It is not so bad here that people are motivated to vote anything else.
Maybe this time there will be a change
About corruption,
Paraguay is one of the top positions, but nobody seems to care (sadly enough)
There are no stupid questions, Just a lot of inquisitive idiots. (from a good friend)
yeah trade one broken DNS for another except opendns shows adverts, resolves everything (breaking apps) and tracks every DNS request just like spyware except the t&c does mention this if you read it
to be honest you have to be ignorant and stupid if you think opendns is a solution to anything (except the owners pocket books)
They are hosting some of them at googlepages now.
Anyhow, they are not small domains the ones that were hijacked. One of them is the official page of the party.
This is not something that could ever go unnoticed.
I'm from Brasil and lived some months in Foz do Iguassu on the border with Paraguay.
Many people in BR go to PY to buy eletronics and others "made in china", or cigars, or guns, or....
Well, some years ago, vice president of PY was caught driving a stolen Jeep Cherokee in São Paulo - Brasil (a car like this in Brasil costs ~ US 97.000)
I said you can buy any movie or software there for ~ U$ 0.50 ?
Another legal history is that Bruce Wayne has drawn driver's licence there by telephone. This was done by a newspaper to show the ease in achieving false documents.
Same thing happened in Venezuela last year during the last referendum (which Chavez lost, BTW). The newly nationalized CANTV (the main Telco) hijacked all of its customers DNS to block access to the two biggest anti-chavez websites (NoticieroDigital and Noticias24). Nothing new here but good, old fascist techniques....
The only people they have to prevent noticing it are a majority of the population of their country.
And they probably have control of the media there, so this probably will go unnoticied by most people, until some time long after the elections, if ever.
They might not care if a few dozen technically-inclined people in their country happen to notice, or if people in other countries notice.
Govt' can explain away the "hijacking" as a technical problem, and people may buy the government's technical explanations over anything "some Americans" or some DNS nerds have to say about it. The gov't can just throw in jail or use ad-hominem attacks to marginalize the folks that claim they did something bad.
After all, the government is known by most to be a more "trustworthy" and "valid" source for that type of information.
Billy Bob just accusing the gov't folks of wrongdonig because he's a protestor, extremist, seditionist, has a beef with the gov't, etc.
They will either convince their people to believe it or intimidate their people into believing it, and either approach works all the same.
Oh yeah, hijack a site saying you're corrupt. What a great way to prove that you're not.
There are quite a few dubious claims in that article, but the most unbelievable is the implication that Bush knows that a country called Paraguay exists.
They are using our OpenDNS servers as the control group. We've been noticing that a lot lately.
Plus, a lot of folks are using http://cache.opendns.com/ to start checking the records of their personal site from around the world.
# Hack the planet, it's important.
Now how in the fuck is the above post "off-topic"?
Is there anybody who doesn't think that our current President and Vice-President aren't making plans for their retirement, given that it's looking more and more like they're going to be charged with war crimes? Oh, they'll never face trial, but it's unlikely they're going to be having any European vacations after they leave office.
How humiliating for our great nation that such low men could have attained such high office, no matter that they did so in an illegitimate manner.
You are welcome on my lawn.
From looking at the sites, "Partido Colorado" (red party) is the ruling party, and the opposers registered "partidocolorado.org", and put some parody site there. The hijacked DNS redirects to a site that responds to "partidocolorado.org.py", which seems to be the official party site (you can tell because of the heaps of steaming bullshit they have in there). It's actually pretty confusing if you're not familiar with their politics (at first I thought this "red party" was the opposition, so I was confused about the other "red party" site).
.orgs and .pys).
Anyway, I assume they're claiming that "partidocolorado.org" is too similar to "partidocolorado.org.py" and it's taking advantage of their name (which is probably what they were trying to do, otherwise they would have gone with "red party sucks.com" or something.. most people get confused with the
Of course, I doubt the paraguayan government has any jurisdiction over the root DNS, and I'd be surprised if they had a law that proposes dns hijacking as a solution to a conflict like this.
--
Stay tuned for some shock and awe coming right up after this messages!
It's an alternate root, not a proxy server. I don't have the hate-on for OpenDNS that the GP does, but it does have several weaknesses as a service which caused me to stop using it.
The biggest problem, and one that the GP alluded to, is that OpenDNS resolves *everything* to a sort of 'parking' page. If you're using OpenDNS and you type in a bogus URL, rather than just not resolving, you'll get a redirect to an OpenDNS page. This is, IMO, misbehavior. However, there's no incentive for OpenDNS to stop, because it's on these pages that they place advertising and pay for themselves.
This behavior is particularly obnoxious when you combine it with an additional level of caching DNS. Let's say you have a DNS server on your LAN (like most home gateway/routers) and you point it to OpenDNS. If you're working with a site that may or may not exist -- say one that you're trying to configure -- OpenDNS will give you the parking page if it can't be found. But your local DNS server will cache the redirect, and it can take a while to purge. (I'm not sure what TTL they're set to, but it's evidently longer than it should be.) The upshot of this is that a site can look 'down' even though it ought to be up, because intermediate DNS servers cache the bogus OpenDNS result, rather than just failing to resolve.
I think it's great that there's an alternate root, and I really like that OpenDNS exists. It's a great concept. I just think their execution deviates from accepted practice and standards, and that's no way to run a DNS server. Too much rides on it.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
I'm not trying to pretend I know what Gilmore MEANT by his statement, but the way the first statement reads to me I certainly think is true. (I'm not saying there aren't bad things going on we should fight against - only that the statement is only false for a very idealist and broad interpretation.)
/., that's part of routing around, and so is when we blog about it. This includes us doing hard work to keep it that way.
First let's strip away youthful idealism - routing around it doesn't mean it NEVER works or magically disappears - it just means it's much less likely to work, easier to fix, etc.
Second, let's be clear that "the Internet" includes all of us. When someone involved with that site posts it to
Finally, while it's obviously possible to keep information _out_ (away from some people), it's very hard to keep information _in_ on the internet. If you're going to (for the purposes of this discussion) strictly interpret the word censorship until it was only one of these things, it would definitely be the attempt to keep information in.
Traditionally censorship is keeping you from printing a newspaper (or killing you if you do) - that's different than going around town and taking away all the newspapers you can find, which is what's really going on here. The second technique only completely silences the _author_ if the newspaper only circulates inside that town.
Again, I'm not saying this isn't bad... but in pre-Internet censorship we wouldn't even HEAR about this story. Wikileaks is a great example of the Internet being positive in this regard. The world knows about Tibet. The Great Firewall doesn't even really keep people from viewing outside content - you just need a little technical savvy - and a lot of bravery! - to view outside content.
Looking for freelance Actionscript (Flash/Flex) or ColdFusion work and/or freelance developers. Email me, put Slashdot
And George Bush bought 100000 acres in Paraguay,
http://www.guardian.co.uk/world/2006/oct/23/mainsection.tomphillips
Until a couple years ago, the city now know as Ciudad de Este was called "Puerto Stroessner", after the former dictator.
After being ousted that man lived in Brazil until his last days.
That sucker was a friend with the militars in Brazil and other right-wing dictatorships in South America during the 60s 70s 80s. And those dictatorships had direct support from the USA.
Funny how often bad things around the world had the US involved.
Just have the whole country switch to using OpenDNS servers, of course then they might start doing China like firewalling to block it...
look, if you're going to play in the big leagues, just give up on the notion that those in power will be ethical
As to the results of absolute power, you can clearly see how absolutely corrupt these evil people are.
Actually, I doubt that the people there trust the Colorado Party. My father grew up in Paraguay under Stroessner's rule, and the main effect that had on him was imparting a deep distrust of all government. Now, he has a very firm belief that no one can have any effect on a government save for those already working inside of it, and that all government workers are corrupt as all hell. He said that growing up, he had no idea that the stuff that Stroessner did wasn't happening everywhere else in the world.
If Paraguayans are anything like us Brazilians, nobody will give a shit about corruption while there's beer, soccer and scantily clothed women on TV.
Actually they don't have control over the media
Most news papers are in the hands of rich people.
They are more in favor of the blue party here.
This incident was on television here last night.
There are no stupid questions, Just a lot of inquisitive idiots. (from a good friend)
O he does,
he has a huge property here
Think huge like several hundred of acres
Right on top a big water reserve
There are no stupid questions, Just a lot of inquisitive idiots. (from a good friend)
So the government is highjacking DNS. Can't users fix that simply by editing their hosts file? Granted, nontechnical users would need a little help with that, but it's not difficult.
Why bother -- just make sure the IP address is widely publicized. Some years back, Al Jazeera's DNS was crapped on, by some unknown government, I have to presume.
After the attack died down, I went to the site as soon as I could, then saved a link to the site by IP address.
No reason multiple sites, all googlable by "[sitename] -- current IP", couldn't host whatever the current address was in an easy to find way. No doubt the PTB would soon try to poison this well, but it's worth a try.
que pena para el pais.. ahi se dan cuenta que jamas pero jamas vamos a salir adelante.. para los que estan ahi .. fuerza y animo... saludos
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
What we can do is expose their deeds. I suggest emailing the US Embassy in Paraguay:
ParaguayConsular@state.gov
I wouldn´t suggest threatening them, rather let them know that the world is watching their behavior - that we value freedom of speech and discourage censorship of any kind. I don´t think the US has any business dictating Paraguay´s affairs but this is just neighborly advice.
- -Joe Baker
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://getfiregpg.org
iD8DBQFIAed77J1dPd3sAmARAtkBAKCec4LQnbLvVNVx+8/R/qBqUONWHgCeLPbl
IdWGD05962/w1ddRFFOnQ3U=
=sf+o
-----END PGP SIGNATURE-----
Just run your own caching server.
Garry Williams
And in a country like that, they can do what about it?
---- Booth was a patriot ----
Just tried it here in Chengdu. No dice. Google works but Google Pages does not.
The IP I see for www.partidocolorado.org is 64.233.179.121 from my home account, which has a reverse dns of ghs.l.google.com. From my server account in California, it resolves to 64.233.179.121, reverse DNS of hs-in-f121.google.com.
In case of simple automated filters obscuring that IP, those numbers again are 64dot233dot179dot121 and 64dot233dot179dot121.
Political issues aside, if somebody with control over your ISP wants to keep you from seeing something, you're pretty much hosed unless you can get an encrypted connection out that has some plausible legitimate explanation. Hijacking a large domain would still work well if you just proxy everything else but the site in question, as would a plethora of other traffic monitoring and filtering systems. You can try putting the material in lots of different places, but your readers then have to keep up with you as fast as the entity that is filtering you.
DNS hijacking = trivial and cheap for ISP in 3rd world country
Filtering one directory off a large domain = More sophisticated filtering, not so cheap or trivial, requires more work and expense
http://www.seologs.com/ip-domains.html shows these domains on 201.217.51.114:
1) anr.org.py
2) partidocolorado.org.py
Oh look - other domains of the same party. 100 quataloos says they moved partidocolorado.org from here to Google hosting but they forgot to tell the former hoster (who happens to be the state telco) about the move. Result: users of the state telco's DNS continue to get the old IP address because the state telco's DNS is still configured as authoritative for that domain.
I've seen this situation before - an email to the NOC of the former hoster got the obsolete authoritative entries on their DNS pulled within an hour.