Web Attacks Expand in Iran’s Cyber Battle (Danger Room)

Web Attacks Expand in Iran's Cyber Battle (Updated Again)

http://www.wired.com/dangerroom/2009/06/web-attacks-expand-in-irans-cyber-battle/

• By Noah Shachtman 
• June 16, 2009  |  
• 4:06 pm

More and more of Iran's pro-government websites are under assault, as opposition forces launch web attacks on the Tehran regime's online propaganda arms.

What started out as an attempt to overload a small set of official sites has now expanded, network security consultant Dancho Danchev notes. News outlets like Raja News are being attacked, too. The semi-official Fars Newssite is currently unavailable.

"We turned our collective power and outrage into a serious weapon that we could use at our will, without ever having to feel the consequences. We practiced distributed, citizen-based warfare," writes Matthew Burton, a former U.S. intelligence analyst who joined in the online assaults, thanks to a "push-button tool that would, upon your click, immediately start bombarding 10 Web sites with requests."

But the tactic of launching these distributed denial of service, or DDOS, attacks remains hugely controversial. The author of one-web based tool, "Page Rebooter," used by opposition supporters to send massive amounts of traffic to Iranian government sites, temporarily shut the service down, citing his discomfort with using the tool "to attack other websites." Then, a few hours later, he turned on the service again, after his employers agreed to cover the costs of the additional traffic. WhereIsMyVote.info is opening up 16 Page Reboot windows simultaneously, to flood an array of government pages at once.

Other online supporters of the so-called "Green Revolution" worry about the ethics of a democracy-promotion movement inhibitting their foes' free speech. A third group is concerned that the DDOS strikes could eat up the limited amount of bandwidth available inside Iran — bandwidth being used by the opposition to spread its message by Twitter, Facebook, and YouTube. "Quit with the DDOS attacks — they're just slowing down Iranian traffic and making it more difficult for the protesters to Tweet," says one online activist.

But Burton — who helped bring Web 2.0 tools to the American spy community — isn't so sure. "Giving a citizenry the ability to turn the tables on its own government is, I think, what governance is all about. The public's ability to strike back is something that every government should be reminded of from time to time." Yet he admits to feeling "conflicted." about participating in the strikes, he suddenly stopped. "I don't know why, but it just felt…creepy. I was frightened by how easy it was to sow chaos from afar, safe and sound in my apartment, where I would never have to experience–or even know–the results of my actions."

Meanwhile, San Francisco technologist Austin Heap has put together a set of instructions on how to set up "proxies" — intermediary internet protocol (IP) address — that allow activists to get through the government firewall. And the Networked Culture blog has assembled for pro-democracy sympathizers a "cyberwar guide for beginners." Stop publicizing these proxies over Twitter, the site recommends. Instead, send direct messages to "@stopAhmadi or @iran09 and they will distributed them discretely [sic] to bloggers in Iran." Other advice:

• Keep you bull$hit filter up!  Security forces are now setting up twitter accounts to spread disinformation by posing as Iranian protesters.  Please don't retweet impetuosly, try to confirm information with reliable sources before retweeting.  The legitimate sources are not hard to find and follow.
• Help cover the bloggers: change your twitter settings so that your location is TEHRAN and your time zone is GMT +3.30.  Security forces are hunting for bloggers using location and timezone searches.  If we all become 'Iranians' it becomes much harder to find them.
• Don't blow their cover! If you discover a genuine source, please don't publicise their name or location on a website.  These bloggers are in REAL danger. Spread the word discretely [sic] through your own networks but don't signpost them to the security forces. People are dying there, for real, please keep that in mind.
• Denial of Service attacks. If you don't know what you are doing, stay out of this game. Only target those sites the legitimate Iranian bloggers are designating.  Be aware that these attacks can have detrimental effects to the network the protesters are relying on.  Keep monitoring their traffic to note when you should turn the taps on or off.

UPDATE: Here's the latest wrinkle in the online conflict, according the activists' Twitter streams. The government is filtering text-message traffic, and Secure Socket Layer-protected web sites. That's making it much harder for pro-democracy types to communicate with each other  — and with the outside world. In response, the activists are calling for renewed assaults on government web pages. "Iranian gvmt is blocking out all INTERNET/SMS/PHONE - as long as they do this, we cut down THEIR sites," one Tweets.

[Photo: U.S. State Department]