Tuesday, June 23, 2009

Iranian regime and US DoD have something in common

They can't control the network. The DoD wants to keep bad stuff out of their networks; the Mullahs want to keep their people from finding stuff on the Internet. Both are failing, for the same reason.

Let's look at the DoD. A while back, I described their problem in How To Hack A Classified Network:
The problem is that what you want (security) and what your users want (information on Al Gore's Intarwebz) inherently is in conflict. You can't win unless they lose, and vice versa.

And remember, you're not really the architect. These networks weren't so much designed, as grew. Even the Internet itself grew by connecting networks together - a network of networks. The name IP comes from this: Internet Protocol.
The chief driver of the security FAIL that they find themselves in?
It's the Dancing Baby from the mid-1990s. This was the first example of a mass Internet video meme - it was wildly popular, and spread virally, via email from user to user as people passed the link on to each other. Remember, as the architect, you need to keep the [Classified] network from getting to the dancing baby.

You lose.
So what does this have to do with Iran? Well, they're trying to do the same thing that DoD is trying - stop the flow of information on the Internet. They also lose:
So when a government censors the Internet, it had better think twice: “Cute cats are collateral damage when governments block sites,” Mr. Zuckerman wrote for a recent talk. People who could not “care less about presidential shenanigans are made aware that their government fears online speech so much that they’re willing to censor the millions of banal videos” and thereby “block a few political ones.”

You lose. Mirrors, anonymizers, tunnels, VPNs, Steganography, fast flux DNS - the only way that the Mullahs can stop the leaks is to sever all connections to the world. Because to cut off the traffic they're worried about, they have to cut off the funny kitteh traffic their people want. Even if your security team is smart, they're not as smart as a whole country of people. Even if they're motivated, they're not as motivated as an entire country looking for LOLs.

UPDATE 23 June 2009 07:53: Interesting, and a view into what's happening in real time:
Within an hour after I received a plea for help from Iran, a regular commenter on this blog recruited me into a hacker network that has been forming to support the democratic Iranian revolutionaries by providing them with proxy servers, Tor anonymizers, and any other technologies needed for them to communicate over channels the Iranian regime cannot censor or control.
I'd with the Iranian regime good luck, because they'll need it to close down these channels. But they don't deserve it, and I dare say that they won't get it.

1 comment:

ASM826 said...

One of the best articles on internet censorship explained how design redundancy treated censorship as a system failure or outage and repaired itself to route around it.