Colonel Mohammad Mehdi Kakovan, Head of Tehran’s Cyber Police
New concerns about the safety of Internet communications have emerged following statements by Iranian authorities about the government’s utilization of new, more complex, and undetectable filtering methods. The new methods used by government organizations not only limit access to Internet websites, but they also put the users’ communication security at risk, making them vulnerable to hackers wishing to access their Internet communications.
These new actions can allow the identities of users of hacked websites to be tracked, making their data available to government organizations, in addition to making it very easy for the hackers to access the users’ data.
Although the Head of the Tehran Cyber Police Colonel Mohammad Mehdi Kakovan had previously told ISNA, “Under no circumstances does the Cyber Police enter the individuals’ private domain, and emails, chat sessions between two individudals, and specific pages are not monitored,” the new filtering system will make just such access easily possible.
Colonel Mohammad Kakovan told ISNA that the job of experts within the Cyber Police’s “Determination and Prevention Unit” is to surf the Internet and monitor different websites, blogs, social networks, chat rooms, and similar online spaces, to ensure that no crimes would take place. “I would like to emphasize that the Cyber Police never enters the individuals’ private domain and in other words their electronic mail, two-person chat sessions and specific pages are [considered] private domain and are not monitored. If the private domain of individuals is violated, the plaintiff must first obtain a judicial permission [before] the police confronts the suspect. Protecting the Islamic Republic of Iran, the individuals’ religion, the individuals’ material and intellectual property, etc., are our red lines,” Colonel Mohammad Mehdi Kakovan told ISNA.
In spite of these statements, the government organizations’ new advances in the area of Internet blocking, coupled with reports from Iranian users about attacks on Internet services such as email and Skype, as well as the lack of regulations and the authorities’ selective behavior in implementing these Internet tools, expose Iranian internet users to cyber attacks without any defense. In addition, many of these cyber attacks are sponsored by government organizations.
Fars News Agency, a news website close to the IRGC, announced details last month about the new blocking operations. Considering the circumstances this type of filtering would impose on the users, many Internet activists are concerned about it. “The Telecommunications Infrastructure Company within the Ministry of Communications and Information Technology, which is responsible for technical [aspects of Internet] blocking, has taken technical steps such that at special times when it is necessary to block the SSL protocol, the authorized websites that use this protocol will remain open and the blocked sites using the SSL protocol will remain closed,” wrote Fars News.
The use of this technique is a clear departure from what the Cyber Police Chief had said earlier. The new filtering system has substantially improved the government’s ability to perform wire tapping and online surveillance of users, and given the lack of regulations for security organizations and lack of laws in support and observation of citizens rights including protecting and respecting their private domain, Iranian Internet users face serious security risks.
What is SSL? Why does it matter?
Secure Sockets Layer (SSL) is a protocol for transmitting information between users and websites. SSL encrypts data so that even if a user’s line is tapped, the data are not accessible.
By convention, web addresses that require an SSL connection start with “https://” instead of the usual “http://”. Websites accessed through the “https://” convention have a higher security level than websites accessed by the “http://” convention. When a website does not have such a protocol and the user must enter a user name and password, that information is transmitted as regular text and any program that can insert itself between the user and the destination website can view the information. Using SSL is important not only for sending and receiving passwords, but also for other forms of communication: if a site, for example, has an SSL license for its chat service, the middle user, such as the Internet service provider, is not able to read the transmitted and received information in the chat session.
The Second Wave of Internet Blocking and Government Secrecy
If the Cyber Police and the Iranian security forces have no intention of stepping into users’ private domain or reading their emails or chat sessions, why would they need to block certain SSL websites, which Fars News calls “unauthorized”? With this type of blocking, the authorities could be actively pursuing the information users are sending and receiving from these websites.
This SSL blocking can therefore be seen as the second wave of Internet blocking in Iran. Until now, the Iranian regime has only blocked Internet websites, which in its worst form constituted censorship and a violation of the users’ right to free access to information. But in this second wave of blocking, the blocking of security protocols is targeting the very security of Internet users.
This extremely dangerous step may be useful for the regime’s security forces, because they can tap into the users’ communications much more easily, but they will simultaneously abet a sharp increase in Internet crimes, because when they compromise the security to access a website, any hackers can follow in their footsteps and further compromise Iranian users’ security.
Blocking a website for a long period of time, even by mistake, may not create security risks for users. But even one second of compromising the security of a website can cause irreparable damage, risking the security of email, chat sessions, online financial transactions, and more for Internet users inside the country.
This is not the first time the Iranian regime has tried to violate the security of Iranian users through creating changes in Internet protocols. On August 29, 2011, Google wrote in its official blog that SSL man-in-the-middle (MITM) attacks had taken place against Internet users living in Iran. Google stated that an individual or a group of individuals in Iran were attempting to step in between Google and its security services and to fabricate security certificates from DigiNotar Company, in order to create fake pages through which email access information of users was accessed.
The Associated Press reported at the same time that experts believed the Iranian government may have been the source of attacks by hackers against Google users in Iran. The Iranian government never responded to the statements by Google officials and never confirmed nor refuted the allegation.
During that incident, Google immediately discovered the fabrication and resolved the issue by revoking the fabricated security license. But companies and websites without the technical and legal resources of companies like Google are much more vulnerable in similar attacks. In fact, this was not the Iranian government’s only attempt to fabricate these licenses: on March 24, 2011, Iranian agents tried to hack the Yahoo, Gmail, and Skype accounts of Iranian users using the same method.
It appears that considering their unsuccessful attempts at fabricating the security licenses and the high cost and difficulty of these attempts, the Iranian government has found a new way to control its Internet users’ activities. This type of intervention leaves hackers and online criminals free to attack Internet users, and the Iranian government must accept the responsibility for any type of damage this may cause the Iranian users.
In order to protect their communications, Iranian users must routinely update their browsers to take advantage of the latest security protection provided by the browser manufacturers. Network security experts also recommend that users add this plugin, called “https everywhere,” to their browsers. By installing this plugin, the communication between the user and the major websites that use SSL will be more secure.