Iran's "National Internet" Project: Doomed to Fail.

The National Internet aka Intranet

Iran has rolled out the start of the "National Internet" Project for all Iranian citizens to "enjoy". According to Tasnim news agency, the national internet operates independently of all others networks (in other words, the Internet we all know and love)and is designed to operate domestically.

The national internet was started in 2005(delayed by increased costs and delays)and the final two phases are due to be completed by 2017. The second phase will add cutting-edge content such as videos. Expect that in February 2017. The third and final phase will include among other things, services for Iranian business with international services. Err...

Filternet: it's all over

The previous attempt by the Iranian regime known as the "filternet" or the "smart web" (designed to limit access to the evil parts of the existing internet), has failed miserably because it is easy for Iranians to use proxy servers or VPN connections to get around the "filters" put in place by the regime.  

Mahmoud Vaezi: filternet was all his fault

Iran's Communications and Information Technology minister Mahmoud Vaezi was behind the smart web filtering project, but he now says that the "filternet" is inefficient. So, he's really saying it has not worked. And it's all his fault. You can see here that Vaezi thought "filternet" was a great success, while hypocritically using foreign companies to help set it up. Confused? No doubt Vaezi will have to wipe the egg off his face when not only the "filternet" but also the national internet, fails to stop Iranians from accessing sites on the WWW.

Iran seems fine with the hypocrisy that use of a Californian company's SmartFilter was used in the development of "filternet"...

Why bother?

To replace "filternet", the national internet is deliberately meant to create an isolated domestic intranet for Islamic content and also attempt to improve cyber security (by not exposing Iranians to the evil Western Internet).

Well, Iran's president Hassan Rouhani thinks it will magically strengthen the independence of the country. At a meeting of the Supreme Council of Cyberspace, according to the Iranian Republic News Agency (IRNA), Rouhani said that Iranian independence is increased by "not relying on external information networks for internal communications in today's world".

Hassan Rouhani: backing the National Internet

Rouhani vainly tries to convince Iranians (no one is falling for it), that they will play a more active role in furthering Iran's role in the world if Iranians get access to a, "national, trustworthy, stable, high-quality and secure network" (cyber security in Iran is a bit of a hot topic in a post-Stuxnet world).

What this really means is that Iranians are meant to only be able to access content that is delivered from within Iran, with all servers being based in Iran.

Don't panic

Like the failure of the existing "filternet", the "National Internet" will NOT be able to control Iranian access to the wider, "unclean" Internet. Why not? Well, if filters can be easily bypassed, so can this. If Iran cannot control use of Telegram for example (Telegram has no servers in Iran), does she really think control can be made otherwise? 

Less computer-literate people may not normally be able to access sites such as Facebook, Twitter, Flickr, YouTube, etc. but such sites can still be accessible using means such as described above.

Iranian Cyber Police Arrest Three Telegram Channel Administrators

The Iranian Students News Agency (ISNA) reported on August 9 that the Cyber Police of Iran (FATA) have arrested some Telegram administrators.

According to FATA's legal and international deputy, Hossein Ramazani, "Recently, the cyber police were informed of four Telegram channels that published insulting materials against religious topics. After liaison with Judiciary officials, measures were taken immediately to identify and arrest these people".

On August 9, Ramazani continued, "The cyber police detectives found out that the administrators of these channels were in Iran. The four channels were immediately blocked, and the main administrator of the channels and one of his aides were arrested yesterday".

Colonel Hossein Ramazani stated that three people were responsible for updating the Telegram channels and that the arrested administrators were from a city in Northern Iran.

FATA say that the administrators had published "blasphemous" pictures and materials against religious sacred things and leaders by using Photoshop or other editing softwares.

Cyber Police corruption

While it is possible that such blasphemy was committed, it is equally (and perhaps more so) likely that FATA had been monitoring accounts it previous gained access to (see my previous article here)and perhaps planted such blasphemy themselves to then use as evidence in the arrests? It would not be beyond them as they try in vain to control the youth of Iran. 

It is thankful that Telegram do not host their servers in Iran and my fellow Iranians can still use Telegram, much to FATA's frustration. It is best to enable 2FA (Two factor authentication) for Telegram, and to have private, not public channels where possible which will help defeat FATA. Also, do not always trust who you are speaking with in channels: they may well be FATA...

Iran's "Rocket Kitten" Group Claim Compromise of Iranian Telegram Accounts

Following on from my article here about the Iranian Cyber Police asking Iranians to stop using Telegram, it appears that the Iranian hacking group known as Rocket Kitten is behind a compromise of 15 million Telegram accounts used by Iranians.
 
Telegram is a very popular messaging app in Iran and almost 25% of the Iranian population are using the app every day.
Iranian authorities have previously demanded that Telegram provide them with "spying and censorship tools". Telegram ignored the request and was blocked in Iran for around two hours on October 20 2015. Telegram does not have any servers in Iran, making the Iranian regime's job harder to try and censor Telegram. This compares to the regime "banning" Twitter and Facebook, even though Iranians can use Tor or anonymous VPNs to get around the Iranian Internet filters...

Rocket Kitten

Rocket Kitten refers to a cyber threat group that has been attacking various organizations, such as members of the Saudi royal family, Israeli nuclear scientists, NATO officials and Iranian dissidents.
Rocket Kitten has launched two known campaigns: a malware campaign that uses the GHOLE malware, and a targeted attack called “Operation Woolen-GoldFish” which is probably run by the Iranian regime. Rocket Kitten's attacks were similar to ones attributed to the Iran's Revolutionary Guards Corp (IRGC). You can read more about Rocket Kitten here

Telegram attack

Rocket Kitten managed to obtain public information and phone numbers from 15 million Iranian users of the Telegram messaging app, as well as the associated Telegram user IDs. They compromised over 12 Telegram accounts and jeopardized the communications of people including activists and journalists in sensitive positions within Iran.

Telegram responded by saying, "Certain people checked whether some Iranian numbers were registered on Telegram and were able to confirm this for 15 million accounts. As a result, only publicly available data was collected and the accounts themselves were not accessed.”

Importantly, Telegram have since changed their API so that similar mass checks on accounts should no longer be possible: Telegram 1, Iranian Regime 0!

The Telegram vulnerability involved sending authorization codes via SMS text messages to activate new devices and these could be intercepted by the phone company. So, this means a Man In The Middle (MITM) attack capability by a country that has access to telecommunications networks. This further implicates Rocket Kitten as being part of the Iranian regime.

A word from the Iranian Cyber Police

The Cyber Police of Iran (FATA) have transparently tried to un-link the association between Rocket Kitten and the Iranian government by blaming Telegram's "weakness". No one believes them...

The legal and international deputy of the Cyber Police, Colonel Hossein Ramazani, said that the hackers did not get access to personal details of victims and that, "What is clear to us is the vulnerability and weakness which always existed in the service because of its text message confirmation system, through which [hackers] have gained access to the users' phone numbers. Then contents of people's chats and personal details, however, have not been compromised" Well, he obviously is not going to admit the regime did it, is he?

Use 2FA!

Telegram supports the use of Two-Factor Authentication (2FA), but is not enabled by default. That means users of Telegram should setup 2FA if they have not already done so, to prevent interception of SMS-verification codes via cellular networks (even if Telegram claim the mass lookup interception loophole is fixed). Perhaps Telegram should start enabling 2FA by default!