Home » Cyber Security » Iranians Wars of the Web

Iranians Wars of the Web

By Colin Clark Monday, June 22nd, 2009 10:18 am
Posted in Cyber Security, Intelligence, International, Policy

Everyone knows the story by now about how the State Department asked Twitter to postpone an upgrade that would have taken the site down at a crucial moment during the Iranian election protests, surely the first time a 27-year-old at State could establish such an important policy precedent. Defense Tech’s Kevin Coleman (who also consults for Strategic Command) has a detailed look at just how the opposition and the government battled over use of the web. This may go down as one of the first true cyber battles between well matched opponents, as opposed to the pastings that occurred when Russia attacked Georgia and Lithuania.

Kevin’s article follows:

Few people would dispute the significant role the Internet plays in political affairs but the recent election in Iran took this role to a new level. Prior to the election, the Iranian authorities blocked access to the social networking web sites. Supporters of the opposition party used social networking sites to recruit hackers and coordinate highly targeted attacks focusing on key web sites of President Ahmadinejad.

Top Social Networking Sites:
* Twitter
* MySpace
* Facebook
* BeDo
* Friendster
* Hi5
* LinkedIn (groups)
* Ning
* Classmates
* Reunion

Before
Candidates and their supporters opposing President Ahmadinejad had been using the social networking sites to spread information as part of their election campaigns and organized events.

During
In the heated battle for the presidency, the social networking sites were used to coordinate analysis, and report abnormal events that were said to be taking place and to rally all those who were supporting a regime change in Iran. In fact there was even a “Cyberwar guide for Iran elections” posted for download by would-be hacktivists.

After
Shortly after the election results were announced, political hacktivists launched a series of cyber attacks targeting high value web site of the Ahmadinejad regime. The Iranian opposition supporters coordinated a series of cyber attacks that successfully managed to prevent access to many pro-Ahmadinejad Iranian web sites, plus the President’s site and other government sites. The DDoS attacks were successful and sites were brought down by traffic from an estimated 500,000 computers. Twitter and Facebook are thought to be the primary sources where computer users could download the software necessary to join the ranks of the political hacktivists.

President Ahmadinejad took decisive steps and basically turned off the Internet in Iran for about an entire day. His action, blocked access to information being distributed by the opposition party and the coordination of the cyber revolt activities. The social outrange was collected, focused and targeted into a political weapon and the enabling technology was the Internet. Many find it hard to believe a 500,000 node DDoS attack army could be assembled that fast without prior planning. Some have speculated that outsiders may have had a hand in the rapid assembly of the cyber capabilities used in the post election cyber attacks. Given the massive distributed sources of attack, it is hard to believe this could have been pulled together in a few short hours.

The role of the Internet in politics has increased and the events in the Iranian election are the latest example of the power and influence the Internet can and will have to impact and influence political campaigns and elections. A few have termed these actions — citizen-based political warfare. The opposition party turned their collective power of influence into a political weapon through the use of social networking sites. The events that took place in Iran represent a harbinger of what is sure to come. There is no doubt the implications social networking sites will have on politics from now on.

This website uses IntenseDebate comments, but they are not currently loaded because either your browser doesn't support JavaScript, or they didn't load fast enough.

Join the Conversation

	Rob June 22nd, 2009 at 5:29 pm “Given the massive distributed sources of attack, it is hard to believe this could have been pulled together in a few short hours.” I’m glad more attention is being paid to these areas (finally), but I’m not sure about this premise. Given that most DDoS attacks utilize botnets comprised of machines whose zombie status is unknown to their legitimate owners, the source of any DDoS attack will be “massively distributed.” Also, as the BBC recently took some flak over, it is relatively trivial to hire a small (comparatively!) botnet — I believe the BBC’s was 10k or so strong? Given these two facts, it seems far more likely that rather than One Large Botnet — which would require spreading malware to zombie enough machines, and maintaining command and control’s secrecy — set up ahead of time and controlled by a few; it would be a simpler and perhaps more elegant solution to say that 50 hacktivists each went out and hired a 10,000 unit botnet. I would be interested to see any analysis of the DDoS traffic that would support different C&C systems, attack patterns, etc.; anything that would indicate that the various attack machines had a variety of botnet “citizenships.”
	Daniel June 23rd, 2009 at 10:02 am Astonishing that when the new revolution happened not one US “news” service had feet on the ground. Twitter, like all technology is a great equalizer. Daniel Civilianmilitaryintelligencegroup.com
	LockMartSkunk June 23rd, 2009 at 2:42 pm I’ve got a bad feeling that if these protesters don’t come on top, that most if not all will come out six feet under.…and you won’t hear a word of it in any sort of media if the IRGC and Ahmadinejad have a chance to consolidate their power.
	Rob June 23rd, 2009 at 10:45 pm Daniel: in fairness to our standard media, there have been a few professional journalists walking the streets and getting word out, at great risk to themselves. A Newsweek journalist was arrested in his apartment, as a preemptive strike lest he decide to go out and see what was happening for himself. At last count, 33 journalists were known to be detained — tying Iran with China as the world’s largest prison for journalists. But you’re right — without Twitter, without YouTube, and most of all without the hacktivists who produced access to these things despite the regime’s censorship, we’d be watching CNN endlessly repeating stock footage and repeating the “official” statements, eventually giving way to some statistical analysis of the vote tallies. They wouldn’t have known what else to do. I think one of the side effects of all this will be a growing integration of new media into standard outlets, and (for good or ill) greater credibility to man-on-the-street reports.
	cd June 25th, 2009 at 7:42 pm it’s BEBO …noobs
	Tom Feely July 5th, 2009 at 9:15 am This may not exactly be the correct thread to make this post but it is close enough for government work. I noticed yesterday from a headline that President Obama is still saying that Iran can not have nuclear weapons. Why? A world in which Iran does not have nuclear weapons looks like a much more unstable and frightening world to me. I also read this article published in Nation magazine about what America can do to help the green revolution in Iran. So I have come up with my own proposal. To show its good faith towards Iran the US military, oops I mean government, oops, shall promise to deliver 6 nuclear tipped cruise missiles on a C17, hey do not get any funny ideas, and train the Iranian military on how to maintain and use. If however the security forces of the Iranian regime were to recognize the legitimate victory of Mousavi as President then the US will deliver not one but two Wasp class aircraft carriers, yes they are aircraft carriers, complete with 20 A8 aircraft and a gaggle of helicopters. If the security forces were to realize that the true Caliphate of Iran has a family name that begins with the letter M. and it is not Mousavi, then a Trident Submarine, complete with nuclear tipped SLBMs will magically surface at Bandar Abbas and the crew will invite members of the Iranian Navy on board for training on how to operate the submarine and its missiles. When the Iranian crew says the are ready to operate the Trident themselves the US crew will go home, with each carrying a Copy of Iran’s heaviest cookbook. Now the Khameni-Ahmadinejad faction may claim that this bribery is an unfair intrusion in to Iran’s internal affairs. My response to that would be you two have done a fine job during your periods in office but if we were to keep secret our desires to give Iran Wasp class naval vessels and Trident submarines then we would also be intruding in to Iran’s internal affairs by withholding critical information that the officers in Iran’s security services should be aware of. Now of course I am not a member of this administration so what I just wrote is pure fantasy. But people in the right time and place can make such fantasies become realities. President Obama and his subordinates will of course make sure that everything under the sun is done to make sure that such a fantasy does not become a reality. I do not work under the sun however. I work under the moon shadow of the Lotus. Wow what a mysterious ending. Just like someone walking off base alone without his weapon, or an Air Force Colonel being relieved of command with no real explanation given. Or a Canadian man and Swiss man found murdered in a hotel room in Lugano in June with no witnesses or motive for the crime. Many things are not as they seem. But yes you can rest assured there really is a United States located between an Atlantic and Pacific Ocean with a huge virtually unprotected northern border with a virtually unpopulated and huge nation called Canada filled with tens of thousands, perhaps even hundreds of thousands of Muslims trying to make a good life for themselves but when they perceive that there brothers are under attack from their cousins may just decide that they have more important things to do than drive a taxi cab. Wow I guess that was not really such a mysterious ending after all. At least when you know the rest of the story.
	BuddhalovesPaine July 6th, 2009 at 4:19 am I do not know if anyone will see this or not. I just want to say, to me when Joseph Biden the Vice President of the United States can make such a nonsensical statement as, Israel is entitled to attack Iran, he has delivered evidence that what is wrong in Washington and the Pentagon is not just a case of system that is out of control, he has delivered evidence of a vast and continuing criminal conspiracy controlling the organs of the US government. Yes any who goes to college gets indoctrinated to believe that conspiracies are the imagination of simple minded people. With so much evidence right before our eyes I have to wonder whether college professors are blind or part of the conspiracy. What Stalin I mean Biden is doing here is adding to the impression that war with Iran is inevitable. He is not manufacturing consent for the war he is manufacturing acceptance of the war. He is telling you people in the military today, you better get used to the idea because it is coming whether you like it or not. This conspiracy is so insidious it really makes me question my commitment to ending torture. For people like Biden and the US Generals who he, and you by the way, follow, neither life in imprisonment nor death is a severe enough punishment to make them pay for what they have done and what they are doing. What you are doing by the way.
	Rhyno327 July 6th, 2009 at 8:45 am Sounds like the US just gave the green light to the Israeli’s. Those words Biden spoke carry alot of weight. Oh, it won’t be long now..