June 17, 2009, 8:56 AM — Iran's government in recent days has tried to cut off Internet access for most of its election protestors by shutting down routers at the nation's perimeters, ripping satellite dishes off roofs, cutting cables and turning off telephone switching networks.
Iran, in effect, has declared cyberwar on itself. And it doesn't appear to be winning the fight because of the resilience of a communications grid originally designed to be both resilient and pervasive. In fact, its actions may also be crippling banking systems and hindering commerce in what is a technologically advanced nation. Cutting off Internet access affects more than Web sites or Twitter and Facebook. Credit card and ATM systems could be affected, as could critical infrastructures.
One cybersecurity expert, Stephen Spoonamore, a partner at Global Strategic Partners LLC in Washington, pointed out that at about the same time Iran was trying shut down phone and switching systems this weekend -- a response to the huge crowds of citizens upset by what they see as a stolen presidential election -- electric power was lost in Tehran.
Was the power loss a intentional -- or a side effect? Spoonamore think it's the latter.
He believes that once the Iranians began turning off switches to the nation's phone networks, IP-enabled pieces of its electric grid didn't get commands they expected. When you lose switching, "you end up with systems going down that you didn't expect to go down," he said.
What Iran is trying to do is a lot harder than running a cyberwar. In a war like Russia's attack on Georgia last year, the attacker can be indiscriminate and see any unanticipated results as a boon. But Iran is trying to "selectively eliminate connectivity," said Spoonamore -- something the Internet itself was designed and built to thwart.
Twitter users and bloggers, combined with infrequent media reports, have all detailed efforts by Iran to hinder communications in the apparent hopes of quashing protests. And while Iran can censor or block access to the domains it doesn't like, the Internet provides a way around selective blocking.
The most popular method for bypassing censorship is through the use of proxy servers, servers that sit between the point of origin and ultimate destination, which is often enough a service that has been blocked the government. The user connects to the proxy service and is rerouted and disguised.
Some users, particularly those worried about government repercussions, seek more sophisticated methods of protection. If you are an activist in Iran "you care very much that no one can figure out where your IP address is," said Andrew Lewman, executive director of the Dedham, Mass.-based nonprofit, Tor Project Inc.
Tor is one of number of groups that have devised methods for circumventing government censorship. It has software and services that link users to volunteer node providers that route traffic through three separate network hops to defeat traffic analysis, which used to try to deduce who you are dealing with from the source and destination of IP traffic. Its services are agnostic: it can be used by police, bad guys, journalists and activists -- anyone.
Kunal Johar, a former U.S. Department of Defense computer scientist who now runs a security firm in Washington, vOfficeware Inc., said governments will find proxy services and block IP addresses in a never ending game of cat-and-mouse.
Johar believes this is now happening in Iran. Even so, information continues to seep out online. "It has allowed people to get their voice. It's important to note that the only people we are hearing from are the people who only know how to use the Internet."
"The fact that we even have a movement like this going on in Iran can be credited to the Internet," said Johar.