what is cyberwar?

People are talking about using “cyberwar” to assist the Iranian opposition.

Let’s put some of our new cyber-warfare capabilities to the test, quietly and covertly of course, to disrupt Tehran’s ability to shut off the flow of information to Iranians and between them

This makes no sense at all, even less sense than “cyberwar” usually does. What can a cyberwar capability actually do? Well, it usually means either spying, or else running a distributed denial of service attack on someone. Here’s the first problem. Making the Iranian government’s web site load slowly is not the most fearsome threat that has been issued since the Melian Dialogues.

If you know which bit of it to harass, that is. It looks like the Supreme Leader supports Ahmedinejad, the Grand Ayatollah wants a recount, the militia and the secret police are doing the dirty work, and the ordinary ministerial government and the army are keeping as far out of it as they can. So you’ve got some targeting issues as well. After all, it’s far from impossible that a state-backed forum could become a centre of opposition – this is rather what happened to the Internet itself.

Further, you’ve got to understand the technology. When things like this happen, the place to go is Renesys, which tracks changes in the Internet Routing Table. Their data shows that…well. It’s hard to say what it shows. To be brief, Iran has competing ISPs and mobile phone operators but transit – i.e. wholesale connectivity to the broader Internet – is only available from a state monopoly, which appears to be the locus of censorship.

Here’s the interesting bit; rather than mass-censor great chunks of it, or try to implement fine-grained monitoring, they have chosen to cut the available capacity and, oddly, to route their international traffic down an overland link to Turkey rather than into their submarine cable landings.

Many explanations are possible. It could be that a bigger blackout was planned, but bungled. It could be that they are unwilling to cut themselves out of the Internet. It could be that they want some traffic to move, so as to spy on it. It could be that they don’t want to look like they turned off the Internet. It could even be that the network operations engineers sabotaged the censorship – if there isn’t quite enough bandwidth, there’s a high probability your first attempt to load http://www.margbarkhamenei.org wouldn’ t work, which might satisfy the ultimate Pointy-Headed Boss, but someone who was really determined to get through might well in the end.

Pakistan tried to cut off YouTube, and accidentally routed all the world’s mindless Web video into one server deep inside Pakistan Telecoms. Burma simply vanished from the routing table last year, before briefly re-appearing; no-one ever knew why. Was it a maintenance script still running? Did they need urgent data transfer? For what – perhaps a bank batch process to move the General’s money? Or was someone holed up in the network-operations centre, like the radio operator of a sinking ship?

Either way, in this case, the only possible cyberwar option as we understand the word cyberwar would be to…what? Hack the routers and turn the transit bandwidth back up? Well. It would be a pretty legendary exploit if true. But it would be very difficult, and the natural counter-game would be just to turn the power off or null-route everything.

And the rest is hammering on government Web sites, which achieves nothing but to burn up the remaining bandwidth available for getting out the truth. Get off the line, we need it for more important traffic.

But despite all this, the US seems to have a sensible strategy. It appears that the US State Department had a word with Twitter to put off their maintenance. It wasn’t just them – there had been chatter on NANOG for a couple of days about NTT America taking a day off in the middle of a revolution. I’m sure it must have helped. And Microsoft and Yahoo! have apparently suspended some of their services there as “a protest”.

You could be back in the 1950s suddenly. Jazz and abstract expressionism as a kind of war, and you have to say it beats the other kind. I think I said that the Iranians were beating us for today’s records and Marlboros – that is, WLAN – in Afghanistan.

This raises a question, though. How do we aid others to reach the Internet in tyrannical conditions? We have good techniques for encrypting and source-spoofing traffic – oddly enough, we had to fight for them against the US in the 1990s. But without backhaul connectivity you can do nothing.

Obviously, it’s got to be a radio solution, and it’s got to be a satellite one. I find it hard to imagine trying to spread Inmarsat or Hughes devices, although a major market for them is the Middle East. It would, however, be a cool idea to have a satellite or two dedicated to open communications. The world is increasingly full of satellite antennas.

If Brazilian radio hams can use old US Navy satellites, there ought to be a small constellation of civilian open relay sats – the uplink cost would protect it against spam, after all. Now that’s what I call cyber war – it is, after all, what everyone who actually thinks expects of us.




    Leave a Reply

    Fill in your details below or click an icon to log in:

    WordPress.com Logo

    You are commenting using your WordPress.com account. Log Out / Change )

    Twitter picture

    You are commenting using your Twitter account. Log Out / Change )

    Facebook photo

    You are commenting using your Facebook account. Log Out / Change )

    Google+ photo

    You are commenting using your Google+ account. Log Out / Change )

    Connecting to %s



%d bloggers like this: