TOR and DPI in Iran

The slow Internet speed in Iran that have experienced from 2009 until now, has a main cause: “ The regime makes use of DPI technology, i.e. Deep Packet Inspection, and traffic analysis, to track and trace the users and their activities. DPI is not just Inspection of the header, It’s Inspection of the contents of the message. In fact, the regime makes use of DPI as well as the fake digital certificates, Cryptanalysis, traffic analysis, etc. for taking the control of the whole encrypted and non-encrypted data flow. Of course the Internet speed in Iran is generally slow, because in 2006 the Ministry of Communications and Information Technology (MCIT) issued an order forbidding ISPs from providing Internet connectivity to homes and public access points that exceeded 128 kb/s (kilobytes/second). But The slow Internet speeds that we speak about, means 1kb/s to 28kb/s! DPI involves inserting equipment into a flow of online data, from emails and Internet phone calls to images and messages on social-networking sites such as Twitter. Every digitized packet of online data is deconstructed, examined for keywords and reconstructed within milliseconds. In Iran’s case, this is done for the entire country at a single choke point. And that’s why the Internet is and was running at such slow speeds in Iran. DPI delays the transmission of online data . In an interview on October 5, 2010, the vice-president of the Communications Infrastructure Co. in Iran said that changes to the Iranian filtering system were coming. And since January 2011, the Khamenei’s government have significantly modified their network monitoring infrastructure. In short, Iranian authorities, for the first time, found a way to identify and block any SSL and encryption connections, included T!O!R connections, and therefore a way to potentially identify dissidents. What they did was vastly upgrade their capability, said the executive director of the T!O!R Project. He added” “The Iranian authorities used DPI to detect the highly specific parameters T!O!R uses to establish an encrypted connection.” But it’s not the whole story. The traffic analysis, that are used to infer something about the message’s content, origin, destination, or meaning even if an eavesdropper is unable to understand the contents of the communication. Traffic analysis can be a powerful technique and is difficult to defend against; it is of particular concern for anonymity systems, where traffic analysis techniques might help identify an anonymous party . Anonymity systems like T!OIR contain some measures intended to reduce the effectiveness of traffic analysis, but might still be vulnerable to it depending on the capabilities of the eavesdropper. And Khamenei’s mercenaries have high capabilities, simply because they have the full support of the western companies. [1,2,3,4,5]

The western corporations help the Khamenei’s regime a lot. Nokia Siemens Networks, a joint venture between Germanys Siemens and Finlands Nokia, installed the monitoring equipment in Irans government-controlled telecom network, Telecommunication Infrastructure Co. The equipment allows the state to conduct DPI, which sifts through data as it flows through a network searching for keywords in the content of e-mail and voice transmissions. A spokesman for Nokia Siemens Networks defended the sale of the equipment to Iran suggesting that the company provided the technology with the idea that it would be used for lawful intercept, !!!! such as combating terrorism, drug trafficking, etc. Equipment installed for law enforcement purposes !!!, however, can easily be used for spying as well !!! In fact, the monitoring capability was provided, at least in part, by a joint venture of Siemens AG, and Nokia Corp. in the second half of 2008. The monitoring center that Nokia Siemens Networks sold to Iran was described in a company brochure as allowing “the monitoring and interception of all types of voice and data communication on all networks.” Some experts say: “This looks like a step beyond what any other country is doing, including China.” China’s vaunted “Great Firewall,” which is considered the most advanced and extensive Internet censoring in the world, is believed also to involve DPI. But China appears to be developing this capability in a more decentralized manner, at the level of its ISPs rather than through a single hub. That suggests its implementation might not be as uniform as that in Iran, that all of the country’s international links run through the Telecommunication Infrastructure Co. The stupid T!O!R managers say: “The good thing is that T!O!R is at first an anonymity network, second a circumvention tool. If T!O!R is temporarily blocked, then use a technology that isn’t blocked and run T!O!R over it to protect your traffic from snooping by the lower technology (proxies, etc).” But these
motherf-u-c-k-e-rs don’t know that the regime has controlled everything, even most of SSL encrypted data, by using of DPI, fake digital certificates, ,Cryptanalysis, traffic analysis, etc. In fact, the regime and its agents have focused on T!O!R, and many other famous privacy tools. It is utterly trivial to block T!O! But That they don’t do it, because they can monitor who continues to access it, and what they are saying, and who said it. [1,2,3,4,5]

The T!O!R Project is funded in part by grants from both the Department of Defense and the State Department. Many countries simply block IP addresses to stop access to the public T!O!R nodes, as well as many T!O!R bridges. But Iran uses DPI and stateful inspection of traffic flows. In fact, They are not merely detecting “SSL or not” but rather able to detect “T!O!R’s SSL or not” and “Gmail’s SSL or not” and “U-l-t-r-a-s-u-r-f’s SSL or not” and handle each individually. They are able to do this for their entirety of Internet traffic in real-time. This ability to snipe traffic is really horrible. The Khamenei’s regime in less than a year has started from scratch, with the help of Nokia and Siemens, and now surpassed the T!O!R project in technical ability. Some Iranians say: “The SSL fingerprinting could be just the beginning. T!O!R traffic sticks out like a sore thumb on the wire in many different ways. T!O!R project team has known this for years, unfortunately their progress in the matter has been hijacked by academics who care more about publishing and their salaries than what they do for the T!O!R users. T!O!R is a ghost of what it could have been. All that’s left is a source of income for paper pushers and code monkeys who cannot innovate and actively work against those who do. T!O!R gets about $500k from the State Dept and everyone bitches at them.” But it is useless for Iranians, and Iranians say: “If the regime can identify encrypted traffic belonging to T!O!R versus other encrypted traffic, that’s a serious problem for Iranians. Not only users can not have access to the T!O!R network, but they’ve broadcast themselves as users of “subversive” technology, ripe for repercussions. In fact, Iranians should be so careful about the classic T!O!R, and should stay far away from T!O!R until this issue is resolved properly. In fact, T!O!R managers don’t care about this matter and we should ask them: Is the fact that T!O!R users can be identified so casually by random governments not considered an important enough issue? ” [1,2,3,4,5]

An Iranian says: “I’ve had an unpublished T!O!R bridge node running for a good and would love to be able to advertise it to those needing it, but how? I need an ability to be able to pass my details on to only a very few people. I’ve grown tired with trying to reestablish working bridges these days as they’re always blocked so very quickly as soon as I publish to the T!O!R network. I sincerely appreciate the T!O!R effort, but I feel the people behind it really should start to entertain more radical changes in how the network operates if they truly do wish to create what they say/promise. As it stands now, T!O!R as a network exists only at the behest of controlling governments, a comical position considering its stated goal. ” Another Iranian says: “When money are involved, people turn biased and their work becomes based on the money they can obtain from it. Capitalism is evil. And, many developers don’t want to lose the money once they had the opportunity to get it. So, they are no more independent. They’ll do what they’re told and paid for, rather than what is useful for real. People driven by the money and no more by the love in what they’re doing. I think that if all donations, or at least big donations (I call them “bribes”!) from non-real-persons and companies, were refused by the T!O!R PROJECT it would have some benefits. You’ve the example of Firefox itself, a free and open source software, corrupted by Google. Many of us very dislike the fact that even T!O!R works together with Google for the “summer of code projects”. T!O!R, an open source, and also pro-privacy and anonymization tool is together with the most anti-privacy multinational company ! Why is the “summer of code projects” important?! FOR THE MONEY! for the corruption!” And another Iranian says: “We lost a bit of interest in T!O!R after having had many of our good suggestions rejected because of somebody else jealousy! and we think it was an open source, but now is a too closed project! A group very similar to a clique, manage it. The T!O!RPROJECT shouldn’t work for what donators want. They should work for users’ suggestions and what users want ! ” [1,2,3,4,5]

Iranians should not be disappointed. There are still some ways for f-u-c-k-ing the Khamenei’s western technologies. The essential key point is : Don’t use the fairly popular techniques/tools or continue using the same service or method for a long period of time. And the key point for avoiding DPI is: “ Don’t use any dangerous keywords in your emails and other data. “; Don’t use any non-encrypted data; Always check your digital certificates; Use lesser-known browsers that support OCSP feature; Don’t trust your V!P!N totally. Even if you know and trust the person running a single-hop proxy or V!P!N, they may be hacked, or forced to compromise your information. It is dangerous to think that it is possible to have a “one click solution” for anonymity or security. For instance, routing your traffic through a proxy or through Tor is not enough. Be sure to use encryption, keep your computer safe and avoid leaking your identity in the content you post. If your network blocks HTTPS port, you should assume that the network operator can see and record all of your Web browsing activities on the network. Even if your HTTPS port is open, remember that t a sophisticated attacker, like Khamenei’s agents, could trick your browser into not displaying a warning during an attack. This is not a reason to avoid using HTTPS, but you should be very cautious about Digital Certificates and the validation of them. Fighting against the Internet censorship is a constant fight, and we should be updated and search for better tools and methods regularly. And finally we, i.e. many Iranians that live inside Iran and live under the serious threat, should say: “Shame on the US Department of Defense and the US State Department that waste their money in the name of helping Iranians, while Iranians can not see any serious help at all. And shame on the stupid T!O!R project managers that don’t care about the serious T!O!R problems”

Resource for further reading:

[1]Iran’s Web Spying Aided By Western Technology
[2]Iran now actually use DPI
[3]T!O!R Project Blog
[4]Basij Hack Comodo Certificate
[5] Access Controlled

Comments are closed.

%d bloggers like this: