A new eavesdropping attack on Iranian GMail users suggests that the Islamic Republic is stepping up its digital offensive against dissidents. But Iran is not unique - it is just ahead of the curve. There is no simple response for Western governments.
By Meredydd Luff for RUSI.org
In the context of cybersecurity, many think of Iran primarily as playing defence against its Western adversaries. Those adversaries scored a notable victory with the Stuxnet virus, arguably the first state-launched 'cyberweapon', which severely damaged Iran's nuclear enrichment plants last year. But since the failed Green Revolution of 2009, Iran has also become a world leader in digital offence - against its own citizens.
On Monday 29 August, users in Iran uncovered a sophisticated eavesdropping attack against Google's GMail service. This attack demonstrates a progressive improvement in Iran's control over its domestic Internet use, as well as demonstrating 'in the wild' a structural vulnerability in the encrypted Web. Although Iran's strong capabilities in this area stem from a confluence of size, technological sophistication and experience, those who care about international freedom of expression should be considering the implications now, because Tehran will not be the last to use these techniques in defence of its regime.
In addition to assessing Iran's activities, it is important to compare how its activities fit into the broader context of the Arab Spring and digital repression, and the trade-offs that Western governments face in responding.
Secure web browsing, as used daily across the Internet from Facebook to online banking, has two goals. First, the web browser must create an encrypted connection with the website. This is a well-researched problem, and unless a dramatic mathematical breakthrough is made, no third party can read or tamper with the data sent back and forth.
Second, however, the web browser must ascertain that it is really communicating with the target website, and not some impostor who has hijacked the connection. To this end, the browser verifies that the 'certificate' which was used to set up the encrypted connection is the correct certificate for the domain name that was accessed (such as google.com).
It is not feasible for the web browser to know the certificate of every website in the world, so the task is delegated to companies acting as 'certificate authorities'. A certificate authority can securely 'sign' certificates for websites, certifying that they belong to the owner of the website they claim to represent. A web browser holds fingerprints for a few dozen of these certificate authorities, and checks that a website's certificate is signed by one of these authorities before deeming it valid.
What has set the security world chattering is the discovery, by an Iranian user, of a certificate for the google.com domain. This certificate does not belong to Google, but is correctly signed by a Dutch certificate authority called DigiNotar. This would enable the owner of that certificate to hijack encrypted connections to Google's GMail service, present the false certificate, and have the web browser believe it has established a secure connection with GMail. Typically, the attacker would then make its own encrypted connection to the real website, and forward data in both directions. The user uses GMail normally, unaware that the attacker is listening in on everything passing down that connection.
What's more, this certificate was being presented to users of an Iranian ISP, indicating that such a 'man-in-the-middle' attack was actively in progress. Under the circumstances, it is widely believed that this is an eavesdropping attack by the Iranian authorities. From the issue date of the certificate, it appears that the eavesdropping has been occurring for at least a month.
This attack exploits a structural weakness in the secure web, about which security experts have been warning for years. Popular web browsers such as Firefox places complete trust in over fifty certificate authorities. Each of these authorities can sign a certificate for any domain, and with so many to choose from, a determined attacker can coerce, trick, or break into one of them (digitally or physically) to get a fake certificate signed.
Since 2009, Iran has been stepping up the intensity of its domestic digital surveillance activities. Among a wave of arrests of suspected dissidents in 2010, some are reported to have been detained based on private online activity. This successful man-in-the-middle attack, however, represents a leap in sophistication. It highlights Iran as a leader in Internet repression, and sets a worrying precedent for autocrats worldwide.
The importance of digital communications in the recent popular uprisings of the Middle East has been widely questioned, with many analysts suggesting that the lion's share of the credit should go to older media such as satellite television rather than newer social media or other electronic communication. Autocratic regimes themselves, however, have consistently treated these new media as a serious threat, and gone to extraordinary lengths to curtail their use.
Tunisia, whose revolution fired the starting pistol for the Arab Spring, fell before its government realised the danger. But when an uprising followed immediately thereafter in Egypt, the Mubarak government disconnected the country from the Internet entirely. Libya also shut down Internet access in March, as protests intensified. Iran, of course, had done likewise nearly two years earlier, when post-election protests threatened the regime, and footage of brutality posted online brought international condemnation.
But in the modern age, to disconnect a country from the Internet is to cut off its nose to spite its face. As a country modernises, its economy becomes more reliant on digital connectivity, and to sever those links is to risk dealing an economic blow which could damage any regime's long-term stability. While a teetering autocrat might regard that as a gamble worth taking in the short term, it is not a sustainable means of repression. In some countries, such as Bahrain with its 88 per cent Internet penetration, it was not judged to be worth it at all.
Successful long-term repression requires a functional but controlled Internet. This is hard work, and cannot be implemented overnight.
The simplest means of controlling the Internet is to block access to whole domains. This can be done by local Internet service providers, who already provide name lookup and routing services. When a user's computer asks the ISP, 'What's the numerical address for bbc.co.uk, and how do I get there?', subverting the answer to either of those questions will prevent access to the BBC's website. This strategy is already in use by many Arab countries, such as Tunisia and Bahrain.
Blocks on entire domains are awkward, though - for example, blocking the domain of a popular email provider, such as gmail.com, is nearly as crippling as cutting off access to the Internet altogether.
China's Golden Shield project, commonly known as the Great Firewall, is more subtle. Instead of blocking access, it passively monitors traffic at the physical points where fibre-optic links cross the Chinese border. When it sees a word or page address it doesn't like, it injects instructions to 'shoot down' the connection before the web page can load. This is an impressive technical achievement, as it requires scanning every byte of data transferred into and out of China. However, it cannot examine the contents of encrypted connections. Due to its resource requirements, it is not believed that China uses Golden Shield for large-scale intelligence gathering.
This new attack in Iran, however, is even more sophisticated and resource-intensive than Golden Shield. A man-in-the-middle attack requires intercepting all incoming traffic to or from the target website, decrypting it, recording or manipulating it as necessary, and then re-encrypting it before sending it on so that the user is none the wiser. The resources required are about the same as serving the website in the first place, which for large sites involves warehouse-sized data centres. Reports suggest that the fake certificates were being offered for at most an hour each day, implying that the authorities had the resources to intercept only a fraction of the online population at once, and were rotating their targets hour-by-hour. The payoff is an unprecedentedly personal level of surveillance of large numbers of users, including their encrypted communications. In other words, Iran is not picking off just dissidents one by one. It is casting an incredibly powerful digital dragnet.
Iran is the first state known to have performed an attack this sophisticated. Indeed, this is the first publicised breach of a certificate authority for a man-in-the-middle attack - unusual in an industry where nimbler non-state actors are often the first to use a new attack.
Why Iran, and not other countries better known for their expertise in digital repression, such as China? There are two reasons, both to do with scale.
One is that Iran has a sufficiently small digital footprint that it can afford to try these new techniques. China's online economy is simply too big to make intense, universal eavesdropping practical. A higher proportion of Iran's population use the Internet (38%) than China's (29%), but the difference in absolute numbers of users is massive (28 million versus 384 million). As with their other information-control efforts, the Chinese authorities have instead opted for a 'Swiss cheese' model of repression: each layer may have holes, but put enough of them together and the problem is reduced to a manageable level.
The second reason is that China is big enough to enforce compliance from most communications providers, and to replace those who do not cooperate with domestic alternatives. Yahoo was widely excoriated in 2007 for divulging dissidents' emails to the Chinese government, but no company can refuse such a request and still remain in business in China. Some external communication services can just be blocked entirely, in the confident knowledge that a compliant domestic business will fill their niche. So it is with Sina Weibo, a microblogging platform which replaces the blocked Twitter service, or Renren, which replaces Facebook. What China can do with economic muscle, Iran must do with technology.
But why has Iran developed and deployed this technology where many small countries with ambitions to control their citizens' online discourse have not? Iran has had more time to develop this technology than many of the autocratic regimes now most under threat from their citizens. At the time of the 2009 Green Revolution, the Iranian Internet strategy was no more sophisticated than Egypt's this year. Unlike Egypt's, however, Iran's government survived its attempted 'Twitter revolution', and has been building its digital repression capabilities ever since. This strongly suggests that we should be considering our response to these tactics now, because the indications are that Iran is not unique - it's just ahead of the curve.
How to respond
How can those governments with an interest in making the Internet less repressive support the cause of free speech online? This is already an avowed foreign policy of the United States. Hillary Clinton, in an address in February 2011, called for 'a global commitment to Internet freedom, to protect human rights online as we do offline', on both an economic and a moral basis.
Technically speaking, the problems with certificate authorities are fundamental. Although the false certificate has now been revoked, and the DigiNotar authority is being removed from future releases of popular web browsers, this will not be the last such breach. Far too many certificate authorities are trusted to vouch for the identity of any website. But redesigning the encrypted web would be a gargantuan task, and nobody has any good answers.
More generally, Western democracies need to be careful about how they push for the Internet to be structured. Although they do not control the entire Web, they are still the source of standards and conventions which percolate through to other countries, if only through the widespread availability of suitable products and services. These products include 'dual use' filters, such as Australia's new legally-mandated Internet censorship systems, or the Golden-Shield-like anti-piracy filters proposed by the American recording industry in a government consultation last year. But they also include systems like the Tor anonymity system, which is used by dissidents in repressive regimes worldwide. Clinton was right, in her speech, to announce additional funding for systems like Tor. Some argue that this makes life easier for terrorists and child pornographers - but these actors can usually evade restrictions. By contrast, off-the-shelf availability of censorship systems can only help the next regime which wishes to construct its own Great Firewall. Each time we curtail anonymity and free expression online, we are making a rod for the back of anybody who stands up online, speaks out, and says something their government does not like.
Meredydd Luff is a doctoral student at the University of Cambridge's Computer Laboratory.