TOR and DPI in Iran

April 3, 2011

The slow Internet speed in Iran that have experienced from 2009 until now, has a main cause: “ The regime makes use of DPI technology, i.e. Deep Packet Inspection, and traffic analysis, to track and trace the users and their activities. DPI is not just Inspection of the header, It’s Inspection of the contents of the message. In fact, the regime makes use of DPI as well as the fake digital certificates, Cryptanalysis, traffic analysis, etc. for taking the control of the whole encrypted and non-encrypted data flow. Of course the Internet speed in Iran is generally slow, because in 2006 the Ministry of Communications and Information Technology (MCIT) issued an order forbidding ISPs from providing Internet connectivity to homes and public access points that exceeded 128 kb/s (kilobytes/second). But The slow Internet speeds that we speak about, means 1kb/s to 28kb/s! DPI involves inserting equipment into a flow of online data, from emails and Internet phone calls to images and messages on social-networking sites such as Twitter. Every digitized packet of online data is deconstructed, examined for keywords and reconstructed within milliseconds. In Iran’s case, this is done for the entire country at a single choke point. And that’s why the Internet is and was running at such slow speeds in Iran. DPI delays the transmission of online data . In an interview on October 5, 2010, the vice-president of the Communications Infrastructure Co. in Iran said that changes to the Iranian filtering system were coming. And since January 2011, the Khamenei’s government have significantly modified their network monitoring infrastructure. In short, Iranian authorities, for the first time, found a way to identify and block any SSL and encryption connections, included T!O!R connections, and therefore a way to potentially identify dissidents. What they did was vastly upgrade their capability, said the executive director of the T!O!R Project. He added” “The Iranian authorities used DPI to detect the highly specific parameters T!O!R uses to establish an encrypted connection.” But it’s not the whole story. The traffic analysis, that are used to infer something about the message’s content, origin, destination, or meaning even if an eavesdropper is unable to understand the contents of the communication. Traffic analysis can be a powerful technique and is difficult to defend against; it is of particular concern for anonymity systems, where traffic analysis techniques might help identify an anonymous party . Anonymity systems like T!OIR contain some measures intended to reduce the effectiveness of traffic analysis, but might still be vulnerable to it depending on the capabilities of the eavesdropper. And Khamenei’s mercenaries have high capabilities, simply because they have the full support of the western companies. [1,2,3,4,5]

The western corporations help the Khamenei’s regime a lot. Nokia Siemens Networks, a joint venture between Germanys Siemens and Finlands Nokia, installed the monitoring equipment in Irans government-controlled telecom network, Telecommunication Infrastructure Co. The equipment allows the state to conduct DPI, which sifts through data as it flows through a network searching for keywords in the content of e-mail and voice transmissions. A spokesman for Nokia Siemens Networks defended the sale of the equipment to Iran suggesting that the company provided the technology with the idea that it would be used for lawful intercept, !!!! such as combating terrorism, drug trafficking, etc. Equipment installed for law enforcement purposes !!!, however, can easily be used for spying as well !!! In fact, the monitoring capability was provided, at least in part, by a joint venture of Siemens AG, and Nokia Corp. in the second half of 2008. The monitoring center that Nokia Siemens Networks sold to Iran was described in a company brochure as allowing “the monitoring and interception of all types of voice and data communication on all networks.” Some experts say: “This looks like a step beyond what any other country is doing, including China.” China’s vaunted “Great Firewall,” which is considered the most advanced and extensive Internet censoring in the world, is believed also to involve DPI. But China appears to be developing this capability in a more decentralized manner, at the level of its ISPs rather than through a single hub. That suggests its implementation might not be as uniform as that in Iran, that all of the country’s international links run through the Telecommunication Infrastructure Co. The stupid T!O!R managers say: “The good thing is that T!O!R is at first an anonymity network, second a circumvention tool. If T!O!R is temporarily blocked, then use a technology that isn’t blocked and run T!O!R over it to protect your traffic from snooping by the lower technology (proxies, etc).” But these
motherf-u-c-k-e-rs don’t know that the regime has controlled everything, even most of SSL encrypted data, by using of DPI, fake digital certificates, ,Cryptanalysis, traffic analysis, etc. In fact, the regime and its agents have focused on T!O!R, and many other famous privacy tools. It is utterly trivial to block T!O!Rproject.org. But That they don’t do it, because they can monitor who continues to access it, and what they are saying, and who said it. [1,2,3,4,5]

The T!O!R Project is funded in part by grants from both the Department of Defense and the State Department. Many countries simply block IP addresses to stop access to the public T!O!R nodes, as well as many T!O!R bridges. But Iran uses DPI and stateful inspection of traffic flows. In fact, They are not merely detecting “SSL or not” but rather able to detect “T!O!R’s SSL or not” and “Gmail’s SSL or not” and “U-l-t-r-a-s-u-r-f’s SSL or not” and handle each individually. They are able to do this for their entirety of Internet traffic in real-time. This ability to snipe traffic is really horrible. The Khamenei’s regime in less than a year has started from scratch, with the help of Nokia and Siemens, and now surpassed the T!O!R project in technical ability. Some Iranians say: “The SSL fingerprinting could be just the beginning. T!O!R traffic sticks out like a sore thumb on the wire in many different ways. T!O!R project team has known this for years, unfortunately their progress in the matter has been hijacked by academics who care more about publishing and their salaries than what they do for the T!O!R users. T!O!R is a ghost of what it could have been. All that’s left is a source of income for paper pushers and code monkeys who cannot innovate and actively work against those who do. T!O!R gets about $500k from the State Dept and everyone bitches at them.” But it is useless for Iranians, and Iranians say: “If the regime can identify encrypted traffic belonging to T!O!R versus other encrypted traffic, that’s a serious problem for Iranians. Not only users can not have access to the T!O!R network, but they’ve broadcast themselves as users of “subversive” technology, ripe for repercussions. In fact, Iranians should be so careful about the classic T!O!R, and should stay far away from T!O!R until this issue is resolved properly. In fact, T!O!R managers don’t care about this matter and we should ask them: Is the fact that T!O!R users can be identified so casually by random governments not considered an important enough issue? ” [1,2,3,4,5]

An Iranian says: “I’ve had an unpublished T!O!R bridge node running for a good and would love to be able to advertise it to those needing it, but how? I need an ability to be able to pass my details on to only a very few people. I’ve grown tired with trying to reestablish working bridges these days as they’re always blocked so very quickly as soon as I publish to the T!O!R network. I sincerely appreciate the T!O!R effort, but I feel the people behind it really should start to entertain more radical changes in how the network operates if they truly do wish to create what they say/promise. As it stands now, T!O!R as a network exists only at the behest of controlling governments, a comical position considering its stated goal. ” Another Iranian says: “When money are involved, people turn biased and their work becomes based on the money they can obtain from it. Capitalism is evil. And, many developers don’t want to lose the money once they had the opportunity to get it. So, they are no more independent. They’ll do what they’re told and paid for, rather than what is useful for real. People driven by the money and no more by the love in what they’re doing. I think that if all donations, or at least big donations (I call them “bribes”!) from non-real-persons and companies, were refused by the T!O!R PROJECT it would have some benefits. You’ve the example of Firefox itself, a free and open source software, corrupted by Google. Many of us very dislike the fact that even T!O!R works together with Google for the “summer of code projects”. T!O!R, an open source, and also pro-privacy and anonymization tool is together with the most anti-privacy multinational company ! Why is the “summer of code projects” important?! FOR THE MONEY! for the corruption!” And another Iranian says: “We lost a bit of interest in T!O!R after having had many of our good suggestions rejected because of somebody else jealousy! and we think it was an open source, but now is a too closed project! A group very similar to a clique, manage it. The T!O!RPROJECT shouldn’t work for what donators want. They should work for users’ suggestions and what users want ! ” [1,2,3,4,5]

Iranians should not be disappointed. There are still some ways for f-u-c-k-ing the Khamenei’s western technologies. The essential key point is : Don’t use the fairly popular techniques/tools or continue using the same service or method for a long period of time. And the key point for avoiding DPI is: “ Don’t use any dangerous keywords in your emails and other data. “; Don’t use any non-encrypted data; Always check your digital certificates; Use lesser-known browsers that support OCSP feature; Don’t trust your V!P!N totally. Even if you know and trust the person running a single-hop proxy or V!P!N, they may be hacked, or forced to compromise your information. It is dangerous to think that it is possible to have a “one click solution” for anonymity or security. For instance, routing your traffic through a proxy or through Tor is not enough. Be sure to use encryption, keep your computer safe and avoid leaking your identity in the content you post. If your network blocks HTTPS port, you should assume that the network operator can see and record all of your Web browsing activities on the network. Even if your HTTPS port is open, remember that t a sophisticated attacker, like Khamenei’s agents, could trick your browser into not displaying a warning during an attack. This is not a reason to avoid using HTTPS, but you should be very cautious about Digital Certificates and the validation of them. Fighting against the Internet censorship is a constant fight, and we should be updated and search for better tools and methods regularly. And finally we, i.e. many Iranians that live inside Iran and live under the serious threat, should say: “Shame on the US Department of Defense and the US State Department that waste their money in the name of helping Iranians, while Iranians can not see any serious help at all. And shame on the stupid T!O!R project managers that don’t care about the serious T!O!R problems”

Resource for further reading:

[1]Iran’s Web Spying Aided By Western Technology
[2]Iran now actually use DPI
[3]T!O!R Project Blog
[4]Basij Hack Comodo Certificate
[5] Access Controlled


It’s Complicated

April 3, 2011

The Mullah Mafia have started their activities in 2011, again. But this time they make use of a different tactic. Their current tactic is more complicated, but we could find the truth, if we open our eyes. Yesterday, the notorious Trita Parsi wrote an article in Huffingtonpost . He has tried to pretend that he is a pro-Iranians. But we could find the truth, if we were not so naive. First lets have a look at what he said: “President Obama marked Norooz, with his strongest words to date in solidarity with the people of Iran … The president’s critics predictably fail to acknowledge that three decades of enmity and conflict will not be resolved in a single step !!!… President Obama should honor his promise by fixing a glaring problem for young Iranians seeking to study here: the Single-Entry Visa policy … For many young Iranians, studying abroad offers a reprieve from the repression they face at home from their government. Students have faced increased restrictions since 2005 under AN that has only escalated in the aftermath of the 2009 elections … Under the Single-Entry Visa policy, students who come to the US cannot leave for the duration of their studies without losing their visa … The Iranian students ask why the US, if we say we are friends with the Iranian people, subject them to restrictions that no other nationals from Middle East countries face … As former New York Times Tehran correspondent Nazila Fathi said: “If the US wants to help, the first thing [Iranians] need is access to the Internet.” Unfortunately, the US imposes its own firewall on Iran through sanctions that restrict software and hardware from being exported to Iranians” Lift the sanctions … There is satellite internet over Iran, but because of the sanctions they cannot access it. The first step to supporting Internet freedom in Iran is for the US to get out of its own way … The US should exempt useful Internet software, hardware, and services from this counterproductive, cumbersome licensing requirement … The president should permanently lift the restrictions that prevent Americans from exporting goodwill to the people of Iran … President Obama now has an opportunity to create his own space and match his promises with important policy adjustments. He must not miss this opportunity to truly stand with the Iranian people.”

It seems positive and good. But in these days, at the edge of toppling Khamenei’s regime, we need more serious things than the Student Visa Lifting the software sanctions, and freeing the Satellite Internet are very good and effective. We strongly support it, even if Mullah Mafia support it. But acknowledge that three decades of enmity and conflict will not be resolved in a single step !!! is our key to understand the real intention of these bastards, the Mullah Mafia in the US. The Iranians that live inside Iran, certainly don’t want to resolve the three decades of enmity and conflict between the Mullah and the US. They want to topple the Mullah and then make a strong and equal relation between Iran and the US We should be very careful about the real intention of Mullah Mafia in the US. They want to save the Islamic regime and Resolve the three decades of enmity and conflict between the Mullah and the US They are forced to pretend to be friend of the Iranian people. They could not directly say that they support the Mullah and the Islamic regime, simply because they would be rejected strongly, and they would lost all their remaining influence in the US. We should not be naive and should see their desperate effort and their need for the good gesture. Just when the Mullah Mafia’s members directly say that they support Iranians in toppling the Mullah and Khamenei’s regime, then we could say that they really have changed. But we are sure that they refuse to acknowledge that the majority of Iranians hate the Mullah and the Islamic regime and want to topple them. It’s our key to know these hypocrite bastards. The US and Obama should support Iranians in toppling Khamenei’s regime, and anything less than it, is not acceptable for the majority of Iranians.


The latest 13-Bedar News, 1390

April 3, 2011

We have received the supplementary information about the 13-Bedar News :

The regime had censored the real cause of Mr. shit’s death. This was not car accident. Mr. shit dead in a plane crash. The state TV said: “Mr. shit and the civil aviation authorities were going to attend in the seminar “Iran: The Most Safe Aviation Industry in the World” in Kish Island, but unfortunately their plane had some little problems, and so all of them dead in the plane crash.”

After just one day, Khamenei’s office denied what he said yesterday , i.e. he has heard the voice of Iranian revolution. The Khamenei’s office said : Our great leader, our dear leader, did not want to resign and leave you alone. Last night he had not eaten his Poppy essence (Shireh) and said bullshit. Please don’t take it serious. Please always remind yourself that our great and dear leader is not less than Gaddafi.”

Mousavi said that his statements about Khamenei should be interpreted as a opportunity for Islam and Muslims. He said: “When I was in the safe house, they did not torture me. I were free and all I said was from my heart and …. Ah, my heart, my heart, my heaaaaaaart …..” and then he was taken to the hospital by the security forces that wore journalist’s cloth.

– Hugo Chavez says: “Our sacred war against American Capitalists, has just one reason : “Because Khamenei says to me that Imam Zaman, the Mahdi, has come and the second coming of Mahdi has become a reality now. I go to Tehran to visit both him and Jesus Christ.We surely will use our Atom…, excuse me, our Corn bomb. That Corn bomb that Iran built in the Corn factory that I made a joke about it in “South of the Border” movie. God bless Corn and Corn factories.”

David Cameron denied his last statement about Khamenei. He says: “I don’t reject Khamenei’s proposal. Actually I have not seen his proposal until now. Actually I don’t know if there is any proposal. Actually I didn’t have any meeting with Khamenei’s agents in London. I just had a meeting with some Guardian and Telegraph reporters, and some people thought that I had a meeting with Khamenei’s agents. They are Britons; They are not Khamenei’s agents.”

Hillary Clinton said: “Obama’s apology was a joke. He should apologize for what ?? we could write and send any letter or message to any one, to our friends, to any one.” She added: “As you know, I’m so sensitive to lie and telling lie, and that’s why I’m really angry now. It has not any other reason, please don’t invent any gossip about my current anger.”