Olivier Laurelli, a French hacker and cofounder of the investigative publication Reflets.info, has reportedly uncovered proof that the American company Cisco is directly assisting the government of Iran in its efforts to muzzle independent voices in the Islamic Republic.
The Guardian recently published a report on keyword filtering on the Iranian Internet in the lead-up to the country’s upcoming presidential elections, perhaps in an attempt to avoid the sort of bloody protests that surrounded the 2009 elections.
“Olivier connected his computer with a VPN (virtual private network) to several Iranian computers (fellow Iranian hackers) in order to observe the Internet as it is seen inside Iran,” Reflets’ Fabrice Epelboin told the Daily Dot. “He did a simple ‘traceroute’ (that’s a really basic network analysis tool) to see what was going on when trying to reach several political websites the Guardian was talking about.”
What he found was a “freshly installed Cisco router blocking the traffic to those site.”
This indicated to Laurelli that in addition to keyword filtering, Iran was also banning sites “on a whitelist basis.” In other words, Iran was allowing an agent to provide a list of banned sites that are cut off at the root. Cisco has been accused of doing this elsewhere, most prominently providing a significant part of the toolkit for the building and maintenance of the “Great Firewall” of China.
The Cisco machine was installed on an “autonomous system,” which, according to the definition on Wikipedia, is “a collection of connected Internet Protocol (IP) routing prefixes under the control of one or more network operators that presents a common, clearly defined routing policy to the Internet.”
Basically, the Cisco router has been installed at an Internet traffic bottleneck, “concentrating most of the internet traffic the Iranian authorities wishes to keep under close surveillance,” according to Epelboin.
“This time, unlike the Blue Coat affair,” he said, “there’s no way to tell if Cisco had an active participation in all this.”
In an earlier report, Reflects discovered that 15 Syrian servers hosting Blue Coat software were regularly reporting back for updates to locations in the U.S., and further, that 37 of them were doing it this year, as well as 171 Iranian servers. In the wake of the 2011 revelations, Blue Coat successfully made the case to the U.S. government that a third-party had sold the software to Syria and that the company itself was blameless. That case may be harder to make this time.
Iran, like Syria, is the target of U.S. trade sanctions, which make it illegal to sell the country certain goods. Computer hardware and software are high on that list.
Cisco equipment has been alleged to carry backdoors, secret access routes that allow for the bypassing of authentication measures, which can be used by those who know their location to peek into the Internet traffic and actions they regulate. The backdoors poses a potential security threat, given the heightened state of vigilance between the U.S. and global opponents like China and Iran.
Update: According to Fabrice Epelboim, Cisco is now blocking access to Reflets, tagging the site as malware.
Photo by Ali Nasery/Flickr