Researchers Find Gaps In Iranian Filtering

I Don't Believe in Imaginary Property writes "With all the turmoil and internet censorship in Iran making it difficult to get an accurate picture of what's going, security researchers have found a way to locate gaps in Iran's filtering by analyzing traffic exiting Iran. The short version is that SSH, torrents and Flash are high priorities for blocking, while game protocols like WoW and Xbox traffic are being ignored, even though they also allow communication. Hopefully, this data will help people think of new ways to bypass filtering and speak freely, even though average Iranians have worse things to worry about than internet censorship, now that the reformists have been declared anti-Islamic by the Supreme Leader. Given the circumstances, that declaration has been called 'basically a death sentence' for those who continue protesting." Reader CaroKann sends in a related story at the Washington Post about an analysis of the vote totals in the Iranian election (similar to, but different from the one we discussed earlier) in which the authors say the election results have a one in two-hundred chance of being legitimate.

Internet filtering

[bcmm]

The Internet is The Internet.

Information will get from anywhere to anywhere unless Iran completely disconnects itself from the rest of the 'net. There are as many ways to hide "communications" as there are protocols and servers out there, and no one can do a bloody thing about it. Even a "whitelist" style system would have holes in.

Re:Internet filtering

[BeardedChimp]

The importance is in the subtelty, "Information will get from anywhere to anywhere" should really be "Information can get from anywhere to anywhere". The internet's sophistication is such that any geek will be able to find a hole, but would some Iranian whose friend has just been shot and wants to tell the world?

The widescale filtering may do little to deter the geeks but it has had a profound effect on the average Iranian. By blocking simple messaging protocols they have achieved their goal for the majority of the population and so by finding other simplistic ways (such as through the xbox) for people to communicate the damage can be undone.

Re:Internet filtering

Now that the SL has declared the protestors anti-islamic, the police probably have the duty to KILL ON SIGHT anyone found protesting.

I don't believe it is the police doing the killing. The killing is being done by the Basij. They're the ones who shot Neda, a young girl, supposedly only 16.. Google "Neda" if you aven't already.

I'm seeing people on twitter suggesting that protesters carry a Koran.

Re:Internet filtering

[hairyfeet]

I know I shouldn't feed the troll...but I'm bored. I'm a progressive and I know that fundie ANY religion is frankly batshit. I just don't think it is the job of the US Citizen to play "World Police" to try to force every nation out there not to have batshit religions. Look at how much cash we have blown on "nation building" while our infrastructure falls down around our ears and many Americans can't find a job. Or the huge checks we send to Israel every year to prop them up. I don't see anybody sending cash to us poor Americans, do you?

It isn't our job to be the world police. Inside every gook is NOT an American waiting to get out, okay? If the Iranians want a democracy they are gonna have to get rid of their leaders and take it, from the rigging of the elections that much is obvious. While I have no problem with a private citizen deciding to share his connection to help an Iranian, I DO have a problem with using this as an excuse for "IraqII" which is what the hawks would just love. let other countries take care of themselves and let us mind our own damned business, something we haven't actually done since the end of WW2.

... and publicly announcing this

... and publicly announcing this will help these gaps to stay unfiltered?

Re:... and publicly announcing this

[bbernard]

"and publicly announcing this will help these gaps to stay unfiltered?"

It is in Iran's best interest to filter as little as possible. If you're a devout WoW player, they'd rather let you spend time on that, being oblivious and happy, than risk you being pissed off that you can't play. The most important thing for Iran's government to do is to try and make sure that no more people join the protests, and that those who have get discouraged by the hardship and return to their "comfortable" lives. They want people to return to "normal" even if it is just a sham because they can control the people that way. That requires people not paying attention to what the government is really doing, which requires giving people somewhere to "bury" their heads. The Internet is GREAT for that. I never found so many ways to waste my own time until I first opened that Mosaic browser one day...

What Iran's government has been doing with regard to filtering has been disturbingly effective. Yes, the protesters are getting together and communicating with each other, but there's no reliable sources of verifiable news. No reliable death count. No clear picture of what is happening. Citizen journalism is great, but it pales in comparison with what real news-gathering resources can do. So foreign governments are limited in their response, and that response is even more limited in the audience within Iran that can see it.

Don't discount the ability to keep information away from the militia men as well. The Iranian government is more dependent than ever on the blind faith of their security forces. They must be fed the party line, and be made to swallow it. You don't get that kind of obedience when those forces are allowed to think for themselves. So you deny them the ability to gather data to make up their own minds.

So yes, Iran is not blocking all possible methods of communication, but they're effective enough that they still may pull this off.

Information is power, and the information required to make your own decisions is the ultimate expression of that power.

I keep asking myself why we care about Iran?

[erroneus]

We pretty much know what Iran is all about. It is rather overt and obvious to most everyone. Any illusion about a democratically elected government can pretty much be put to rest. And now that they are invoking religious law (not that they haven't been all along) it is clear exactly where the source of power is. (Save the comments about the U.S. putting the Ayatolla into power, I already know.)

But I keep asking myself, why should we care at all? Will we care and demonstrate as much as the Iranians when the next freedom eroding thing happens in the US? Will we take to the streets in protest of ACTA? Will we collectively burn our required government healthcare cards? I seriously doubt it. The government controllers in the U.S. long ago learned the secret that other governments have yet to figure out. Keep the slaves comfortable, busy and distracted, and they won't put up a fight.

Re:I keep asking myself why we care about Iran?

[batrick]

... because this is an example of how censorship (of the Internet) can have dramatic effects on rebellion, revolution, and government? Nerds everywhere should be closely watching.

Re:I keep asking myself why we care about Iran?

[WDot]

As much as I respect the Iranians who protest, what's going on in Iran is a big example of why the US may be hesitant to protest: protesting is SCARY. One of the most watched videos on Reddit recently is a gruesome video of an Iranian girl being shot to death for protesting. I think a lot of people in the US just want to be left alone by the government. Is protesting the government worth risking your neck or your job? What about your spouse and children? It's sad, but that seems to be the case.

Re:I keep asking myself why we care about Iran?

[guyminuslife]

I don't know, maybe because some of us care about other people, and their rights, no matter where they are in the world. Maybe not everyone's a cynic all the time.

Re:I keep asking myself why we care about Iran?

[GabriellaKat]

As much as I respect the Iranians who protest, what's going on in Iran is a big example of why the US may be hesitant to protest: protesting is SCARY. One of the most watched videos on Reddit recently is a gruesome video of an Iranian girl being shot to death for protesting. I think a lot of people in the US just want to be left alone by the government. Is protesting the government worth risking your neck or your job? What about your spouse and children? It's sad, but that seems to be the case.

I guess too many people have forgotten KENT STATE, or don't know our history, or just don't care anymore? Those who forget history are doomed to repeat it. Those who remember now seem doomed to apathy.

Re:I keep asking myself why we care about Iran?

[deviceb]

yes, until you are left alone.
Neda was shot in the heart in front of her father for protesting.

Re:I keep asking myself why we care about Iran?

[thesandbender]

I'm guessing you've never lived in D.C. or New York were protests are common things. Among the dozens or hundreds a year, there's at least one protest against the NYPD for a shooting, rape, etc. That puts the protesters directly up against the people they're protesting against. And a lot of these are a few dozen people but some are large, loud and pissed. There was a police shooting in NYC a few years ago and Jesse Jackson lead a march on City Hall. The crowd was loud enough I could hear them through a closed office door on the twentieth floor.

Actually just look back at the 2000 presidential election, there was a lot of protesting against the results in Florida... across the country. The tea parties earlier this year were protests.

So yes... US citizens can and do protest. Thankfully we live in a country where that usually doesn't lead to bloodshed... but even that has happened on very rare occasion. Complete with pictures of people being shot and dying.

Re:Good job

[Jurily]

Yes, I'm sure they read slashdot. After all, they have nothing else to do.

Why care about Iran?

[Colin+Smith]

Petrodollars. Iran is threatening to sell oil in Euros. If people didn't have to buy dollars in order to pay for oil, the US government couldn't create as many as it wanted, which means that the military spending would have to stop.

 

Re:Good job

[juenger1701]

maybe not Slashdot but security sites dedicated to finding flaws and gaps in their filtering most likely get looked at

nomoreiranplease?

[wigaloo]

It is hard to fathom how the story of the year (also the tech story of the year) could be tagged "nomoreiranplease". Tech has played a critical role in this event. Who ever thought that twitter could actually be useful? The diaspora of communications technologies has proved very hard to shut down, and it will be interesting to see what new communications tech adds to this in the future.

One issue this brings up is the differences between the fark free-for-all comment system (including images!) versus slashdot's moderation. The contribution of fark to reporting what has been going on in Iran has been really impressive, and fark is essentially a news aggregator just like slashdot. Does the moderation system of slashdot prevent a similar thing from happening here? I had hoped to see a much more vigorous discussion from the slashdot community, but the real action is elsewhere. Part of this is due to the moderation system, I think, which effectively forces an end to conversations when the mods run out.

I'm not trying to be trollish, but think this is an interesting thing to think about. Slashdot used to feel like the center of the tech universe, but has been badly outdone on this topic by fark and others.

Re:nomoreiranplease?

[EQ]

We do need more coverage of Iran, especially from a technical standpoint. First of all, it will help us know how to best help those putting their lives on the line for liberty against a totalitarian force. Secondly, it will give those of use interested in the tech side ("news for Nerds", remember?) insight into how these can best be used to avoid censorship and repression, no matter what the source. Its a good enough rationale to provide extensive coverage here daily -- after all, how many times do you get to see a live, full scale example of censors versus leakers?

As for why the tag nomoreiran Its pretty simple. /. used to be very "techno-libertarian" in slant, way back when. It is not such a place anymore.

Rob ("Taco") and cronies (e.g. kdawson, whom I view as being irredeemably as slanted as Rush Limbaugh, just in opposite directions) have become more collectivist and pointedly anti-conservative at the expense of libertarianism (mainly by being unthinkingly knee-jerk anti-Bush, instead of well reasoned critics). Thus any political action that does not actively help their flavor of collectivism/statism or something that casts a negative light on their political favorites (i.e. Obama, liberals, socialists, etc) will receive less attention, editorially speaking. Its their own personal bias, as reflected in editorial choices of what to cover and what to try to ignore. I cannot blame them much -- the slashdot userbase has become filled with unreasoning collectivist (non-technical) poseurs, so Taco and company are just following their audience (and the money). Sadly, this means that the epithet SlashKosisn't all that far from the mark anymore.

Its not a troll or flamebait to say so (take a moment to read the actual definitions before you politically mod this post). Its just my observation. One needs a heavy set of "bogus-ness/BS" filters to get any real data out of most articles here anymore, and in general I tend to avoid most "YRO" category articles because they are simply editorials with no pretense of actually presenting any logic examination (and a proper debunking) of opposing views. I do value the book reviews and some of the limited Tech news that manages to make it past the slant here. And some of the humor here is still pretty good.

Still, it would be nice to see more information/articles on Slashdot about how tech is being used to fight what is probably one of the most evil regimes on the planet - and the religious and state mechanisms it uses to maintain its tyranny. Those "resistance" methods might come in hand in other places as well, like China, Britain and the USA, sooner than we think.

Re:nomoreiranplease?

[wigaloo]

Wow, you need to pay closer attention. Start with this Iran Update from Fark user Tatsuma, which has been gleaned (or so I understand) from reliable twitter sources on the ground in Iran. Very little of this information is coming out in the mainstream media. Other places like 4chan have been very active in setting up proxies to get the information out. This is a very important world and tech development.

Remember that this event is only a week old. The objective should not be to have a repeat of the bloody events of 1979, which is what you get when the situation evolves too rapidly.

Re:nomoreiranplease?

[Artifakt]

While we're at it, you could check out the Project for the Old American Century site, (http://www.oldamericancentury.org/)
Which is currently devoting itself covering to the Iran mess to the extent that they have renamed themselves the "Project for the Old Persian Century" on their masthead. Half the Reddit politics links they pass on seem to be devoted to Iran today.

      Normally, I do Slashdot instead of Fark or Reddit because the mod system here actually seems to reduce the turkey level - in particular, Reddit has a bunch of 'Atheists' (who may just be posturing as part of a mass trolling) who have vowed to make all the other sections 'officially Atheists Only', and 'ruthlessly suppress all religious speech' (that's their phrases, not mine). there are probably at least 50 accounts involved, something I've never seen anything close to here. In fact, finding something like that on Slashdot would probably mean a GNAA post and 10 "me too"s, all remorselessly modded up to +5 and kept there for days, by literally dozens of throw away accounts. If someone wants to try that hard here, they'll just be setting a new mark for pathetic losers everywhere. In that sense, Slashdot's mod system works well.

      But what I'm seeing there today is that on an important news issue, there are enough thousands of people responding that trolls like that are completely drowned out, or have enough sense to stay out of the way. The information level has gone high, there's a lot of thoughtful, reasoned posting, and it's obvious that some people will be taking what they are learning in the discussion into account when it comes time to vote or contribute to political causes. On this issue, both Fark and Reddit are having real impact. maybe some of that's happening here too, but it's less obvious.

Please take off tag NOMOREIRANPLEASE

[GabriellaKat]

I dont know about anyone else, but reading the tag of "NOMOREIRANPLEASE" Even if you have mixed feelings about Iran and their relationship with the US / World, there is no reason to flag a topic with such a tag line.

setup tor bridges

[deviceb]

search #iranelection or #neda on twitterfall.com

Re:The 1 in 200 bit is garbage

[Jonas+Buyl]

This is ridiculous. You can't just conjure up some irrelevant examples and use them as an argument when they have absolutely nothing to do with it. E.g. with the coin flip test, the correct analogy would be to check what the chances are for less than 40 heads/more than 60 tails after 100 coin flips. The chances for this happening are indeed very low. That is why it is so impressive that they had 5% of the times 5 as last digit and 17% a 7. The 1/200 is not the chance to have the 5% and 17% (that would be a lot lower) but the chance of having suspicious results vs. the chance of them being false.
Besides: n/o but I'd rather believe a study made by two PhD students instead of some slashdotter.

Start running proxies on the WoW ports...

[Thrakkerzog]

and when they shut down WoW, we will have a true revolution.

Iran Filtering not that weak you think!

[arash_hemmat]

Hi, I'm an Iranian and i've been tortured by the internet filtering here for a few years but the filtering after election is really terrible, we can't use the old ssh tunneling methods any more, in fact it seems that all encrypted packages are being dropped so we can't connect to our servers out side of Iran any more so we can't use another method for passing through the filtering, however today i've used a browser based ssh client to connect to my VPS in Germany and installed a proxy using squid but the interesting thing is that we i try to connect to facebook (or any other filtered website) the firewall changes my request to the famous "This site is blocked" page! These things was just examples of methods we tried to pass the filtering, anyway we are using other method to pass the filtering (which i will not mention here for safety!) but we have serious problems connecting to our servers over ssh, i'm going to test the ssh over http method but i know that this will be a temporary method!!!

Re:Iran Filtering not that weak you think!

Make sure your DNS accesses are tunneled as well.

Re:The 1 in 200 bit is garbage

[Dachannien]

I don't think the manipulations at hand here are subtleties like "shifting votes". Seems more like "pulling numbers out of their collective ass" is what happened.

Re:Isn't this unauthorised access?

[Dachannien]

Here, let me set that straw man on fire for you:

No and no. Both of those situations involve someone gaining access to computer systems, where the owners of those systems don't want that someone to have access.

With the Iran situation, there are people trying to gain access to computer systems, where a third party doesn't want them to have access. To the contrary, the owners of Twitter, YouTube, and other services have been extremely supportive of the efforts of Iranians to spread the word of how the government has imported plainclothes thugs from other countries to come in and brutalize innocent people in the streets.

Petition disclosure of filtering software sold!!

[Coutal]

According to this: http://opennet.net/research/profiles/iran
Nokia/siemens sold filtering software to iran, quite the nefarious thing to do, perhaps even bypassing some boycott agreements and US export regulations, if containing any US code. now's the time to make them disclose what sofware they sold, and everything they know about the filtering system. a lot of lives are at stake, now's the time.
if any nokia/siemens employees are reading this, pass this on!

It doesn't matter

[zogger]

Oil is sold on the open market, and currently, mostly in dollars, meaning that the source isn't as important as the ability to pay for it. Any major disruption in total world supply will have an effect on the ability to pay for it, because the market will bump the price up fast, including the oil from those nations you currently import the most from. They are not going to arbitrarily keep supplying at a much lower price "just because".

If/when (and I think inevitably) oil becomes priced in a lot more currencies than dollars, it will just cost more for US consumers. All these other nations aren't *that* stupid, they realize as the FRN gets inflated daily, it becomes worth less and less. Eventually they just won't think or accept that the dollar is worth what some blowhards in DC and wallstreet claim it is worth. The FRN is a debt instrument that currently is backed by more debt instruments, and not much else. Back when the petrodollar phenomenon took hold, it worked for the US because where we bought oil from turned around and used those petrodollars to buy US manufactured stuff. Plus, the US domestically produced most of the oil it needed anyway, something not true today.

Now let us contemplate the status of world trade and manufacturing from 50 years ago to today...hmm..

Starting to see the longer term ramifications of this? When those foreign nations could get real stuff for the swap, it was acceptable, now they are being told they need to just swap their real stuff-oil or various other commodities- for debt instruments backed by "the full faith and credit" of the biggest liars and conmen out there, who are already in hock to them to the tune of trillions.

They talk about peak oil, I think the larger picture is we have hit "peak trust" with the tangible producing world versus the US economic system, which apparently the main top official focus seems to be just creating paper and electronic "products" and that those, "trickled down" through keeping everyone in the US in perpetual debt via the credit "industry" combined with national government debt, will be enough to sustain everyone, that all these other folks will just keep swapping their real stuff for fancy IOUs in various flavors.

I think that isn't going to work for much longer. YMMV. My bet is on the tangibles and the tangibles producers winning the "what is worth more" global economic wars.