Countrywide Iran DPI spy system
p2pnet news view Freedom | P2P:- DPI — deep packet inspection (or, sometimes, deep privacy invasion) — has reared its head in Iran.
Say the Wikipedia »»»
Deep Packet Inspection (DPI) (also called complete packet inspection and Information eXtraction – IX -) is a form of computer network packet filtering that examines the data part (and possibly also the header) of a packet as it passes an inspection point, searching for protocol non-compliance, viruses, spam, intrusions or predefined criteria to decide if the packet can pass or if it needs to be routed to a different destination, or for the purpose of collecting statistical information. This is in contrast to shallow packet inspection (usually called Stateful Packet Inspection) which just checks the header portion of a packet.
Deep Packet Inspection (and filtering) enables advanced security functions as well as internet data mining, eavesdropping, and censorship. Advocates of net neutrality fear that DPI technology will be used to reduce the openness of the Internet. DPI is currently being used by the enterprise, service providers and governments in a wide range of applications.
It’s used by Phorm, formerly known as 121Media, a US digital technology company, commercially, says another Wikipedia post, going on »»»
Founded in 2002, the company originally distributed programs that were considered spyware, from which they made millions of dollars in revenue. It has since stopped distributing those programs after complaints from groups in the United States and Canada, and announced it was talking with several United Kingdom Internet service providers (ISPs) to deliver targeted advertising based on the websites that users visit.
The company’s proposed advertising system, called Webwise, is a behavioral targeting service (similar to NebuAd or Front Porch) that uses deep packet inspection to examine pages. Phorm says the data collected will be anonymous and will not be used to identify users, and that their service would even include protection against phishing (fraudulent collection of users’ personal information).
Still, World Wide Web creator Sir Tim Berners-Lee and others have spoken out against Phorm for tracking users’ browsing habits, and the ISP BT Group has been criticised for running secret trials of the service.
The Wikipedia post also says the European Commission has, “called on the UK to protect Web users’ privacy, and opened an infringement proceeding against the country in regard to ISPs’ use of Phorm, going on, ‘Some groups, including Amazon.com and the Wikimedia Foundation (the non-profit organization that operates Wikipedia and other collaborative wiki projects), have already requested an opt-out of their websites from scans by the system’.”
Now, in a political application of DPI, “The Iranian regime has developed, with the assistance of European telecommunications companies, one of the world’s most sophisticated mechanisms for controlling and censoring the Internet, allowing it to examine the content of individual online communications on a massive scale,” says the Wall Street Journal.
“Interviews with technology experts in Iran and outside the country say Iranian efforts at monitoring Internet information go well beyond blocking access to Web sites or severing Internet connections,” it says.
And, “The monitoring capability was provided, at least in part, by a joint venture of Siemens AG, the German conglomerate, and Nokia Corp., the Finnish cellphone company, in the second half of 2008, Ben Roome, a spokesman for the joint venture, confirmed.”
The “monitoring center,” installed within the government’s telecom monopoly, was part of a larger contract with Iran that included mobile-phone networking technology, Roome is quoted as saying.
The sale falls under a joint venture called Nokia Siemens Networks, reported last year by Austrian information-technology Web site called Futurezone, says the story:
“The Iranian government had experimented with the equipment for brief periods in recent months, but it had not been used extensively, and therefore its capabilities weren’t fully displayed — until during the recent unrest, the Internet experts interviewed said.”
Iran’s use of DPI, “is done for the entire country at a single choke point, according to networking engineers familiar with the country’s system,” says the WSJ, but, “It couldn’t be determined whether the equipment from Nokia Siemens Networks is used specifically for deep packet inspection.
Britain also has a list of blocked sites, and Germany, too, is considering similar measures, says the post, continuing, “In the U.S., the National Security Agency has such capability, which was employed as part of the Bush administration’s ‘Terrorist Surveillance Program.’ A White House official wouldn’t comment on if or how this is being used under the Obama administration”.
The dark spectre of pornography is used by a repressive entities of all kinds, including the entertainment cartels in their bid to gain control of who does what online, as an excuse for employing what they euphemistically call ‘filtering’.
“Internet censoring in Iran was developed with the initial justification of blocking online pornography, among other material considered offensive by the regime, according to those who have studied the country’s censoring,” says the story, also pointing out the country has been trying to control the Net, “since its use moved beyond universities and government agencies in the late 1990s” and, “In the 2005 presidential election, the government shut down the Internet for hours, blaming it on a cyberattack from abroad, a claim that proved false, according to several Tehran engineers.”
Adds the WSJ “The monitoring center that Nokia Siemens Networks sold to Iran was described in a company brochure as allowing ‘the monitoring and interception of all types of voice and data communication on all networks.’ The joint venture exited the business that included the monitoring equipment, what it called ‘intelligence solutions,’ at the end of March, by selling it to Perusa Partners Fund 1 LP, a Munich-based investment firm, Mr. Roome said. He said the company determined it was no longer part of its core business.”
Stay tuned.
June, 2009
Wall Street Journal – Iran’s Web Spying Aided By Western Technology, June 22, 2009
Use free p2pnet newsfeeds for your site. It`s really easy!
Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php
Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details.
June 22nd, 2009 at 9:30 am
It’s time for the Iranian people to discover 128/256-bit encryption. DPI can only tell packet header info, which is useless if the data is fully encrypted.
Surfer, please correct me if I am wrong.
June 22nd, 2009 at 12:05 pm
@Robert
DPI can read everything it is only completely useless is all the data is encrypted including DNS & the IP address!
June 22nd, 2009 at 12:37 pm
@JD if you encrypt the DNS and IP address, will it still be routed properly?
Even if they know the IP and DNS, if the content of the packets (such as IM’s or eMail packet content) is encrypted, they can’t read what data is being sent, it could be “Hi mom, happy birthday” or “They are shooting into the crowds” and it won’t be known to the DPI people.
Is this not correct?
June 22nd, 2009 at 8:27 pm
I am from iran ,inside iran , anyone tell me how to secure my privecy ,surffnig the web, pls
June 22nd, 2009 at 8:49 pm
@ bar:
The WSJ says, “with the assistance of European telecommunications companies, one of the worldâs most sophisticated mechanisms for controlling and censoring the Internet, allowing it to examine the content of individual online communications on a massive scale”.
But I wonder how “massive” that really is.
Cheers!
June 22nd, 2009 at 9:30 pm
Hi Bar,
I’ll begin with the depressing: total anonymization of data traffic is incredibly challenging if you’re up against a dedicated and well-prepared foe. Fortunately, you’re up against a government, which suggests that there will almost certainly be gaps, holes, and errors in any content analysis system that you can use to your advantage. I don’t know what DPI appliances have been sold to Iran (it’s typically a challenge to get this sort of information from companies, even here in Canada), but there are typical modes of ‘resisting’ full content analysis.
(1) Encrypt your data traffic using a TOR node, or something similar. Alternately, use https://proximize.me/ or some other proxy service that also encrypts traffic and you can browse with SSL encryption. DPI cannot penetrate packets that are encrypted – the content is secure when it passes through the devices. The devices *will* still be able to look at header information, but because you would be using a proxy service would not offer accurate destination/origin information to the device.
(2) Wherever possible, use communications systems that are designed to obfuscate what they are; examples of VoIP would be Skype, which attempts to ‘fake out’ heuristic analyses of data traffic. At the same time, I don’t know whether DPI engineers have caught up to the most recent ways that Skype initiates a call, which can indicate the program that is being used.
The challenge that you get into is that, should DPI be deployed effectively, even when it cannot identify the content of the message it can identify what application-type is likely in use (e.g. a web browser, P2P, etc). If you use a series of proxies, however, you will obfuscate the origin of packets (i.e. your location) as well as the destination that you are going to (e.g. hotmail.com, facebook, twitter, etc); this can limit your exposure to particularly obtrusive government surveillance and its effects.
Now, having written this, I truly wonder just how accurate the story from the WSJ is on the technical capabilities of the DPI devices that are deployed. I would agree with Rooke, who is referenced in the WSJ article, that when you sell digital networking equipment you are also selling items that can easily be used for interception – you don’t need DPI appliances to do this, given that a large amount of network equipment can be configured to ‘dump’ data flows to secondary storage for subsequent analysis (and this is far more sensible – capture tons of data now, and then scan it, and then derive rules from it that can be applied to subscriber connections). Now, to totally pull together packet flows, examine them for content, and then send them on their merry way to the destination in real time seems a bit of a stretch. Sure, it is possible for this to be done, but it would be a truly massive undertaking. More likely what is happening is something like this:
The DPI device looks at the first 5-100 packets in a packet stream. These packets are then evaluated against a rule list – are the packets going somewhere that is impermissible? is an application being used that we are disallowing? – and then allowed to continue to their destination or not depending on what the rule set dictates. In the case of images/movies/songs it is possible, in the case of some devices, to quickly look at the first packets of a .mov, .jpeg, etc file and correlate that particular file with a particular digital ‘fingerprint’. That fingerprint can then be examined against all disallowed files and, if a match is found, the packet stream terminated. This method of analyzing content is not perfect, though it does have high degrees of accuracy in most cases. This is what copyright-oriented devices presently do.
In essence, I worry that the WSJ is claiming that DPI is being more effective than it is in reality, must like we hear claims that CCTV is more effective than studies show. This isn’t discounting that DPI *could, potentially, in an ideal world* do what the WSJ is suggesting, but networking environments, where you’re trying to regulate gigabytes of traffic each second, are hardly these ideal environments for mass surveillance using DPI appliances. Hopefully the pressure gets Nokia-Siemens to fess up about what they sold, but I’m not holding my breath…
July 1st, 2009 at 10:07 am
Christopher – hopefully you’ll have seen that we “fessed up” to what we sold even before your comment. We provide no IP technology in Iran.
http://blogs.nokiasiemensnetworks.com/news