June 17, 2009

Iran rocked by cyber-attacks, during unrest

Activists have knocked key Iranian Web sites offline

By Robert McMillan, IDG News Service

---

An apparently ad-hoc cyber protest against the results of recent Iranian elections has knocked key websites offline.

On Monday, sites belonging to Iranian news agencies, President Mahmoud Ahmadinejad and Iran's supreme leader Ayatollah Ali Khamenei, were knocked offline after activists opposed to the Iranian government posted tools designed to barrage these Web sites with traffic.

This type of attack, known as a denial of service (DoS) attack, has become a standard political protest tool, and has been used by grassroots protesters in several cyber-incidents over the past few years, including cyber events in Estonia in 2007 and Georgia last year.

Activists had encouraged anti-government protesters to use automatic web page refresh tools such as Pagereboot.com, to hit government run site. But they have also developed custom DoS tools. One such tool, called BWRaeper was posted to an Iranian sports discussion forum on Monday. Others are being promoted via Twitter and blogs, and hosted by activists in the US.

The "campaign is starting to target international users, compared to the original one aiming to recruit Iranians only," said Dancho Danchev, a security consultant who has blogged about the tools. "Judging by the effect this crowdsourcing is having, they've disrupted the sites set as targets."

Danchev counts 12 sites as being under attack, including other news agencies, the Ministry of Foreign Affairs, Ministry of Justice, National Police, and the Ministry of the Interior.

In response to the attacks, state-sponsored Iranian News site Fars News added a small piece of Web code that redirected the attack to pro-opposition Web sites, Danchev said via instant message. "Apparently, they thought that the attackers wouldn't stop their attack since they were also indirectly loading the [attack code]," he added. "They, however, didn't stop the attack."

Web disruptions have occurred on both sides of the dispute.

Last month, Iran blocked access to Facebook, apparently to prevent opposition voters from using the social networking service to promote their candidates in last week's elections. YouTube and the BBC's Web site have also reportedly been blocked. BBC satellite service to the country has also been jammed.

General Internet service in Iran was also disrupted, though that lasted for just a short period of time, according to network monitoring company Renesys.

Hundreds of thousands of protesters have taken to the streets in Iran to protest the results of last week's presidential elections. Protesters claim that their candidate, Mir Hossein Mousavi, lost because the election was fixed by the government.

Although it has been reported as inaccessible by some Iranian users, Twitter has emerged as the major source of information on the protests, and is being credited with driving coverage of the event on U.S. television networks such as CNN.

Newsletters

Sign up to our Weekly Round-Up for the past week’s not-to-be-missed news analysis and insight delivered straight to your inbox.