Thursday, June 18, 2009

what is cyberwar?

People are talking about using "cyberwar" to assist the Iranian opposition.
Let's put some of our new cyber-warfare capabilities to the test, quietly and covertly of course, to disrupt Tehran's ability to shut off the flow of information to Iranians and between them


This makes no sense at all, even less sense than "cyberwar" usually does. What can a cyberwar capability actually do? Well, it usually means either spying, or else running a distributed denial of service attack on someone. Here's the first problem. Making the Iranian government's web site load slowly is not the most fearsome threat that has been issued since the Melian Dialogues.

If you know which bit of it to harass, that is. It looks like the Supreme Leader supports Ahmedinejad, the Grand Ayatollah wants a recount, the militia and the secret police are doing the dirty work, and the ordinary ministerial government and the army are keeping as far out of it as they can. So you've got some targeting issues as well. After all, it's far from impossible that a state-backed forum could become a centre of opposition - this is rather what happened to the Internet itself.

Further, you've got to understand the technology. When things like this happen, the place to go is Renesys, which tracks changes in the Internet Routing Table. Their data shows that...well. It's hard to say what it shows. To be brief, Iran has competing ISPs and mobile phone operators but transit - i.e. wholesale connectivity to the broader Internet - is only available from a state monopoly, which appears to be the locus of censorship.

Here's the interesting bit; rather than mass-censor great chunks of it, or try to implement fine-grained monitoring, they have chosen to cut the available capacity and, oddly, to route their international traffic down an overland link to Turkey rather than into their submarine cable landings.

Many explanations are possible. It could be that a bigger blackout was planned, but bungled. It could be that they are unwilling to cut themselves out of the Internet. It could be that they want some traffic to move, so as to spy on it. It could be that they don't want to look like they turned off the Internet. It could even be that the network operations engineers sabotaged the censorship - if there isn't quite enough bandwidth, there's a high probability your first attempt to load www.margbarkhamenei.org wouldn' t work, which might satisfy the ultimate Pointy-Headed Boss, but someone who was really determined to get through might well in the end.

Pakistan tried to cut off YouTube, and accidentally routed all the world's mindless Web video into one server deep inside Pakistan Telecoms. Burma simply vanished from the routing table last year, before briefly re-appearing; no-one ever knew why. Was it a maintenance script still running? Did they need urgent data transfer? For what - perhaps a bank batch process to move the General's money? Or was someone holed up in the network-operations centre, like the radio operator of a sinking ship?

Either way, in this case, the only possible cyberwar option as we understand the word cyberwar would be to...what? Hack the routers and turn the transit bandwidth back up? Well. It would be a pretty legendary exploit if true. But it would be very difficult, and the natural counter-game would be just to turn the power off or null-route everything.

And the rest is hammering on government Web sites, which achieves nothing but to burn up the remaining bandwidth available for getting out the truth. Get off the line, we need it for more important traffic.

But despite all this, the US seems to have a sensible strategy. It appears that the US State Department had a word with Twitter to put off their maintenance. It wasn't just them - there had been chatter on NANOG for a couple of days about NTT America taking a day off in the middle of a revolution. I'm sure it must have helped. And Microsoft and Yahoo! have apparently suspended some of their services there as "a protest".

You could be back in the 1950s suddenly. Jazz and abstract expressionism as a kind of war, and you have to say it beats the other kind. I think I said that the Iranians were beating us for today's records and Marlboros - that is, WLAN - in Afghanistan.

This raises a question, though. How do we aid others to reach the Internet in tyrannical conditions? We have good techniques for encrypting and source-spoofing traffic - oddly enough, we had to fight for them against the US in the 1990s. But without backhaul connectivity you can do nothing.

Obviously, it's got to be a radio solution, and it's got to be a satellite one. I find it hard to imagine trying to spread Inmarsat or Hughes devices, although a major market for them is the Middle East. It would, however, be a cool idea to have a satellite or two dedicated to open communications. The world is increasingly full of satellite antennas.

If Brazilian radio hams can use old US Navy satellites, there ought to be a small constellation of civilian open relay sats - the uplink cost would protect it against spam, after all. Now that's what I call cyber war - it is, after all, what everyone who actually thinks expects of us.

8 comments:

ajay said...

The biggest problem, it seems to me, is the user end. Say you put up a constellation of satellites offering unchecked Internet access to anyone inside Iran: the chap inside Iran is still going to have to have a transceiver, and I should think that's the sort of bulky, expensive, obvious thing (it's a dish, basically) that can be banned from distribution and/or used as evidence against you, because there's no innocent reason to have one rather than a landline connection.
Maybe you could dual-use a satellite TV dish? I don't know enough about the technology.

Alex said...

Well, in the civilian satellite world, there are now terminals that are basically like an old mobile phone in form-factor, but which provide only psuedo GSM service - voice, SMS, and 56kbits data. There are a hell of a lot of Thuraya (hence the name) and Inmarsat satphones around the Middle East.

There are also terminals for the various satellite IP services which are similar in form factor to a netbook with a small square patch antenna. The one I know most about is INMARSAT's BGAN service, which will get you 492Kbits IP plus a couple of voice channels. I think Hughes does one with a built-in WLAN router.

Then, there are much more specialised solutions that provide DS3 and higher equivalent service, but at a serious price and with rather obvious terminals. If you're an ISP you probably have an excuse to have a big dish - are you providing TV down the lines? do you have a backup satellite link? - in which case you get to argue about where *exactly* it was pointing on the day.

I'm not aware of Iran having a ban on satellite backhaul - I would think MTN uses it for a lot of their cell sites. But the obvious reason why everyone gets transit from the monopoly is that satellite service is usually the most expensive option.

Doing something like the FLTSATCOM hackers did also requires someone to downlink it and route it into the global Internet. There is actually an IP address block reserved for radio hams who like to play with packets over HF. A community of packet-radio gateways could be interesting, but again, you don't want the other end to be too obviously spooky.

I suppose there is some mileage, if this goes on, in looking at trying to smuggle BGAN terminals in like Xeroxes in 1980s Eastern Europe, as they are common enough in the ME to be moderately deniable and small enough to hide.

Obviously once you TX you're overt, but I'd be surprised if they have a sufficiently quick reaction internal electronic warfare capability integrated with the police to catch you if you were doing a batch transfer of e-mail or USENET traffic, then shutting down and moving away. This is one of the problems of things like Twitter - you can't batch process it, although I suppose you could write a bunch of blog posts off-line and uplink them all at once.

Probably the best place would be outside the hotel where the Big Media guys are staying, no chance of identifying a particular uplink there.

ajay said...

There is actually an IP address block reserved for radio hams who like to play with packets over HF. A community of packet-radio gateways could be interesting, but again, you don't want the other end to be too obviously spooky.

Covert HF radio communications. Now you're talking. Old-school SOE stuff, ionospheric disturbances and sporadic E, skywave minimum skip distances, Coke bottles for insulators, B2 sets in suitcases, stringing the antenna wires under the eaves of houses, jumpers for goalposts, mmmm... of course, the secret police aren't going to be too keen on people with unregistered HF sets either. Small satphones probably the best way forward, I would have thought, if they're widespread enough in Iran - just buy up a block of numbers and make them available freephone to anyone inside Iran to provide dialup access.

Alex said...

The good thing about a satellite is that you don't need to do HF fancy things, of course. That's the benefit of it.

ajay said...

Ahem.

Tehran's War on Satellite Dishes

http://www.motherjones.com/mojo/2009/06/tehrans-war-satellite-dishes

"[Ahmadinejad's] Security-Intelligence Complex (ANSIC) has now resorted to an all-out communication war.
According to friends and family in Tehran, they are using all types of methods, helicopters and Basij, to identify neighbourhoods with the highest number of satellite dishes and the police then starts the crackdown. In several occasions, the civilian clothing agents have remained on the scene to monitor the activities of the neighbours and have arrested those that have tried to tip off the dish owners."

ajay said...

Peer-to-peer mobile phone networking, that's what they need. No base stations to be shut down - just handset to handset. Probably wouldn't work for voice, but SMS might be OK.

Anonymous said...

YR - another great post from you - illustrating some reality.

For some sad comic relief you should check out the right wing blogs attacking Obama for "not doing enough" or Bob Kagan saying Obama is "objectively pro Ahmadinejad."

These are the same people who were calling for the wholesale bombing of the Iranian people a few weeks ago. Now they say they wanna help so much.

cian said...

Its a little odd. I mean Mousavi helped found Hezbollah, defended taking the American hostages, is in favour of a "state" controlled economy (billionare clerics in a commodity based economy. Uh-huh), is very anti-American, etc, etc. The difference between him and Ahmadinejad are real, but they probably have more to do with factional fights, intelligence and style. But you know, twitter, that's sexy now...

I really like the idea of promoting a satellite/wireless alternative internet. Is this the kind of thing individuals/NGOs could start? Or does it need government muscle/money?

kostenloser Counter