Archive for the ‘censorship’ Category

Well, this is interesting, both on the Bo Xilai story and also on the general theme of the state of the art in contemporary authoritarianism. It looks like a major part of the case is about BXL’s electronic surveillance of Chongqing and specifically of top national-level Chinese officials:

One political analyst with senior-level ties, citing information obtained from a colonel he recently dined with, said Mr. Bo had tried to tap the phones of virtually all high-ranking leaders who visited Chongqing in recent years, including Zhou Yongkang, the law-and-order czar who was said to have backed Mr. Bo as his potential successor. “Bo wanted to be extremely clear about what leaders’ attitudes toward him were,” the analyst said.

That’s Zhou Yongkang as in the head of the whole Chinese internal security structure, cops, spooks, and all. Bo’s police chief (and future sort-of defector) Wang Lijun is described as being “a tapping freak”, addicted to the productivity and hence apparent power of electronic intelligence. Not only that, Wang eventually began tapping Bo, who was also tapping the CDIC feds who came down to keep an eye on him.

The practicalities are, as always, interesting.

The architect was Mr. Wang, a nationally decorated crime fighter who had worked under Mr. Bo in the northeast province of Liaoning. Together they installed “a comprehensive package bugging system covering telecommunications to the Internet,” according to the government media official.

One of several noted cybersecurity experts they enlisted was Fang Binxing, president of Beijing University of Posts and Telecommunications, who is often called the father of China’s “Great Firewall,” the nation’s vast Internet censorship system.

It’s worth pointing out that the provincial networks belonging to China Mobile, China Telecom etc. are usually organised as companies in their own right, and they often have their own AS numbers, and indeed they often contract for substantial network development projects with Western vendors (Nokia Siemens recently had a big mobile network contract in Sichuan, notably) on their own right.

Anyway, Fang’s involvement is very interesting indeed. He is responsible for the state-of-the-art authoritarian solution to the Internet. This is not just, or even primarily, a question of blacklisting websites or turning off the Internet. The Great Firewall’s detailed design, as the Cambridge Computer Lab found out a while ago, is specifically intended to be a semi-permeable membrane. Rather like Hadrian’s Wall, it is more about the gates through it than the wall itself, and the defences point in both directions.

When a computer within it tries to initiate a TCP connection to one outside that is classified as dodgy, the Firewall sends an RST message back to kill the connection. This permits much higher performance than the DNS-based blacklisting typical of, say, the UAE.

It also means that it’s possible to ignore the RST and look through the firewall by using your own firewall utility (specifically, set something like iptables to drop any RSTs for connections in states other than ESTABLISHED before a suitable time has elapsed). However, it would be a fair guess that any traffic doing this is logged and analysed more deeply.

Further, there is a substantial human infrastructure linking the media/PR/propaganda system, the police system, and the Ministry of the Information Industry. This uses tools such as moderation on big Web forums, direct recruitment, harassment, or persuasion of important influencers, the development of alternative opposition voices, and the use of regime loyalist trolls (the famous wumaodang).

The firewall, like Hadrian’s Wall or the original Great Wall, also has an economic function. This acts as a protectionist subsidy to Chinese Internet start-ups and a tariff barrier to companies outside it. Hence the appearance of some really big companies that basically provide clones of Twitter et al. Because the clones are inside the firewall, they are amenable to management and moderation.

And none of this detracts from the genuine intention of the people at 31 Jin-rong Street, the China Telecom HQ, to wire up the whole place. Iran’s surprisingly important role providing broadband to Afghanistan and diversionary links to the Gulf reminds us that providing connectivity can be a powerful policy tool and one that you can use at the same time as informational repression.

So, Fang’s achievement is basically a package of technical and human security measures that let whoever is in charge of them command the context Web users experience.

Last autumn, several of the Chinese web startups were subjected to the combined honour and menace of a visit from top securocrats. Tencent, the owner of QQ and the biggest of the lot, got Zhou Yongkang in person. In hindsight, this will have been around the time the CDIC landed in Chongqing.

So, where am I going with this? Clearly, there was serious disquiet that somebody was usurping the right to control the wires. Even more disquieting, the surveillance establishment in Fang’s person seemed to be cooperating with him. And the systems he set up worked just as well for someone increasingly seen as a dangerous rebel as they did for the central government. (In fact, the people who like to complain about Huawei equipment in the West have it the wrong way round. It’s not some sort of secret backdoor they should be worrying about: it’s the official stuff.)

I do wonder, depending on what happens to Fang (he’s still vanished, but his Weibo feed has started updating again), if we might not see a relaxation of the firewall, which the pundits will consider “reform”. In fact it will be no such thing, rather a cranking up of internal chaos to facilitate a crackdown on opposition.


Does anyone have any idea why I’m banned from reading For the last few days, the three FP blogs I subscribe to haven’t been updating, and trying to read this I had to use an anonymous SSL-proxy server. Just for that “test your practical circumvention skills” feeling! I can ping and traceroute to their servers (Amazon EC2 – look at you all cloudy and everything!) but when I send them an HTTP GET they immediately kill the TCP session.

If I hadn’t been fiddling with file permissions to get WordPress running last Sunday, I’d probably have been writing about the Haystack saga. I’m a bit gestört by some of the coverage of it – Evgeny Morozov, typically, has been doing good work in the general war on bullshit, but I’m less convinced of his broader conclusions. See here.

What stands out about Haystack isn’t so much the technology – which we can’t really make statements about, because they kept everything secret until it all fell down, and the implementation is apparently so awful nobody wants to release the code in case someone tries to use it – but the meta-technology. As this post makes clear, perhaps the biggest problem was that it was half-open, half-closed. The code wasn’t released, so it was impossible for anyone to review it, but it was circulated widely enough that the core development team had little or no idea how far it might have spread. In fact, some people who did have the source code thought it would be a good idea to compile it, package it, and share it with people who might need it.

And although there is apparently a client-server element in it, the server was allowed to accept connections from the wider Internet. So they’d accidentally allowed the unfinished and untested project to start operating in production.

The Guardian is mocked; John Graham-Cumming is right (and check out the remarks about Tor in comments) and points out that Haystack’s crypto was reliant on a source of random numbers that, well, isn’t random. The EFF has good advice.

Now, this week has another superspy Iran story, Stuxnet, the worm that apparently attacks a Siemens SCADA application. Here’s JGC again, being sceptical. There’s a rundown at Alliance Geostrategique. The author of the theory that it’s an attack on the Bushehr nuclear power plant is self publicising here – I, for one, am not convinced that the fact they hadn’t got some software licence key in 2009 is great evidence, especially as the Windows .lnk exploit involved wouldn’t care either way. It’s the one from July in which Windows will execute code packed into the icon file for a desktop shortcut on a USB stick, so how pleased the Business Software Alliance is with the Iranians is here or there.

And it also seems to target Indian and Indonesian systems. Maybe its authors are protesting against Eat, Pray, Love.

To put it another way, I think we’re under a cyberattack from a sinister network of chancers and self-publicists who have glommed on to the whole issue as a way of getting their faces in the news and their hands into the till. As our occasional reader Bos puts it:

When you say “weapons-grade cybermunitions developed by nation states”, I hear “this patchwork of consulting gigs won’t cover my coke bill.”

Meanwhile, what’s going on in Iran? In many ways, this is much more interesting. Way back in 2006, I blogged about how the Iranian government was putting impressive resources into aid to Afghanistan. One facet of this was that they had laid a fibre-optic cable from Iran to Herat; another was that the cybercafe in Kabul with the most bandwidth and the least censorship was the one in the Iranian cultural centre.

Now, it looks like the Iranian wholesale telco monopoly, DCI (Datacomms Iran), is becoming a significant transit provider to networks in Iraq, specifically Kurdistan, and Afghanistan, including the Afghan Government. As the good people at Renesys point out, this is perfectly sensible for the Kurdish operators – they’re getting rid of their expensive and slow VSAT links, and diversifying their sources of transit – but this is dependent on actually diversifying, rather than just replacing.

The Afghan government’s network, it turns out, has recently started to show up through DCI as well as through Pakistan and an Uzbek provider. For a while, all the Afghan prefixes were being routed via either Iran or Uzbekistan and Russia, after a fibre cut on the route to Pakistan.

You can certainly see why the Afghans might not want to pass all their traffic through Pakistan. But treating this as a political issue does have a point. Back in the summer of 2009, the Iranian state found an elegant way to use DCI as an instrument of political power – rather than turn everything off, as in Burma, or call out the troll army, as in China (although they do have that capability), they rate-limited everyone down to about 20% of the typical throughput. As all Iranian ISPs have to use DCI for transit, this meant that a lot of hostile Internet activity will just not have happened, although the really determined would get through.

They are, of course, the ones you want to catch. Squelching down the bandwidth also probably meant that the traffic was reduced to a level where their lawful-intercept infrastructure* could capture and process it all. Almost certainly, they can do the same to any of their downstreams, or continue to pass customer traffic while squelching their own.

It is impressively ironic that a few router configuration rules can mean freedom in Herat and tyranny in Tehran.

I was needling Spencer Ackerman about this but didn’t get a rise. It’s applicable to Noel Maurer too.

No-One Knows About Persian Cats is a cracking little film; it’s a pseudo-documentary about Iran’s music underground, by the Kurdish director Bahman Ghobadi and a small who’s who of Iranian music. As a result, it could almost have been designed for Spackerman in the way Jeremy Clarkson said Vulcan 607 could have been designed for him.

One thing that comes through are the permanently-operating factors in the human terrain. For example, there’s always a fixer – the guy who doesn’t actually contribute any music themselves, but does know people who know people who have access to studio time and hall bookings and dodgy government permits. It’s the Tony Wilson ethic. Hamed Behdad plays him as someone of permanent charm and near perfect unreliability, never clear whether he’s totally committed to success or on the point of making off with the funds – one reading of the grim ending is that he’s the grass.

The metal band’s guitarist works – like Tony Iommi – in a metalworking factory, and the band rehearse in a shed full of cowshit on the edge of town, although paradoxically their lyrics are all about positive thinking. The rappers are slightly thuggish and given to lyrics like “the class struggle oppresses us!” which may have worked better in the original. The indie band are a bit painfully sensitive and notably more middle-class, the sort of people these guys are thinking of.

So far, so good; anything that reminds us that Iran is not actually Nazi Germany or the far side of the moon is politically welcome. So much of this is immediately recognisable if you’ve ever sat in a Mini with rust holes and a 1×12 Valvestate box on your lap, with a curry balanced on the top.

Of course, making music in an authoritarian society has its special problems. Everyone except the rappers is desperate to leave and the plot revolves around rounding up passports, visas, and means of payment, as the East Germans used to say. And getting the Ministry of Virtue permit to actually put on a gig. In the meantime, there’s a constant round of rehearsals in cellars and in breezeblock sheds on rooftops; incredibly complex informal building seems to be a bit of a feature of Tehran.

And there’s a sticky end at the hands of the militia, or not quite at their hands enough to prove it. In that way the police tend to have.

The BBC has the soundtrack as streams here.

Bob Dylan lyric too appropriate not to use yet again. Who is trying to frighten users?

It begins with a Daily Telegraph story that a clerk, Lisa Greenwood, in the Department for Children, Schools and Families was sacked for posting a comment about Hazel Blears on theyworkforyou. Unfortunately, no comment including the text quoted exists in any system, and the Torygraph doesn’t seem to know which Web site they actually mean.

Further inquiries show that the story originates from a local news agency (South West News) and the DCSF press office. The Telegraph claims that the comment was sent by e-mail, but there are no MySociety sites that accept comments by e-mail, so this cannot be true. TheyWorkForYou doesn’t send confirmations by e-mail, so it can’t be one of those, although WriteToThem and FixMyStreet do.

Clearly, someone is telling porkies, and using the same as grounds to terminate some poor sod’s employment. Now, civil servants are formally bound by oath to renounce partisanship; however, the text doesn’t make any reference – if it wasn’t invented out of thin air by the DCSF press office – to any political party, only to Hazel Blears’ personal financial probity.

It is probably worth remembering at this point that several government ministers have been in the habit of quoting what they claim is other people’s private correspondence during parliamentary debates, no doubt because they cannot be sued for what they say in the House. Specifically, Lord Warner, Andrew Miller MP, and Caroline Flint MP used what purported to be private e-mail sent by Professor Ross Anderson of Cambridge University and Simon Davies of Privacy International and LSE to score points in debates on ID cards and on the NHS National Programme for IT.

Nobody has ever explained how they came by these documents, or whether the quotes were genuine, and the (sigh) mainstream media has displayed zero interest. E-mail messages have the legal status of letters, and even under RIPA it would be hard to consider the campaign to opt out of the NPfIT Spine a question of national security. The government has form for using dubiously acquired, or possibly fictional, private correspondence for partisan ends.

Update: Well, well. She contacted Blears from her own Web site, by clicking a MAILTO link, which of course launched her local (i.e. service) mail client rather than a Hotmail account.

But the issue here is that a minister (with exceptions – Scotland and Wales and Northern Ireland, of course. Yes, yes) is responsible as an MP to their constituents, and as a minister to Parliament as a whole, i.e. the nation at one remove. Further, it’s just fucking indecent and violent, an act of boss brutality. She was on £16,000 at age 38; what else is it?

Far from wanking about trivialities, we ought to demand her reinstatement. If she wants to deal with an organisation that spies on private correspondence for partisan ends, that is.


Arbor Networks has a great post with data on Iranian Internet censorship. As well as the deliberate transit shortage, they seem to be targeting specific protocols, notably SSH, the secure shell protocol one uses to administer servers and also quite often to provide a VPN tunnel. This isn’t surprising, really, but it is depressing; practically any shell account and any machine, including my mobile phone, will let you set up an SSH tunnel, and it is strongly encrypted, so it’s one of the most reliable and easiest ways to beat the censor.

Arbor’s analysis suggests that the point is to limit traffic to levels that their existing censorship infrastructure can handle; interestingly, e-mail, and bogstandard Web traffic on port 80, seem unaffected, which suggests they already had the big squid proxy etc. in place. There is, of course, nothing to stop you configuring your server to do SSH on port 80, but it might be a little obvious. An alternative would be to use something like OpenVPN, which uses the same HTTPS protocol and port that all the e-commerce and corporate e-mail things do.

Fascinatingly, levels of gaming application traffic are unaffected, and Arbor wonder if it would be possible to use this for clandestine communications. (Perhaps the government wants people playing computer games?) This is, of course, a major plot point from Charlie Stross’s Halting State, although the exploit is rather more sophisticated there – rather than just meeting up for a chat in-game, they are mapping their data to the game’s commands and reversing the process at the other end.

Depressingly, according to Renesys, many of the open proxy servers that have been set up for the use of Iranian dissidents are being heavily abused by Chinese spammers. This is a hard problem; any tunnelling system intended to defeat the censor must be open to anyone, it’s insanely risky to keep any logs of who accesses it, so it seems inevitable that the vermin will get in.

The Rude Pundit has a very good point.

You can’t even picture Obama pardoning a fucking turkey. Sure, he’ll probably do it. But unlike Bush, who approached such obligations with dunce-like glee, for Obama it’ll be like a kick in the groin.

As usual with Rude, there’s a serious point here, sneaking past the guards while all the noise and snark and chainsaw dust draw their attention. Pardoning a turkey is, let’s face it, exactly the kind of stupid crap most British people look at as just the kind of stupid crap Americans get up to. Can you imagine a British prime minister trying this? He or she would be laughed out of the country; probably they’d end up doing a John Profumo and choosing a life of deliberate monkish obscurity.

But it’s not just ridiculous; it’s morally repellent and politically more than dubious. After all, what is the turkey’s crime? Being a turkey? Pardon implies that you committed a crime, and also that you were punished by some legitimate authority, which has now offered you mercy out of the goodness of its heart. It’s a sort of reversed sacrifice – rather than killing a goat to expiate your sins, it’s not killing a turkey so as to go off and eat millions of ’em with a clean conscience.

Pardon is also interesting because it can’t be separated from executive power. To pardon someone means that the head of state decided, whatever the law happened to be, whatever the judiciary thought of the case, whatever the jury thought of the evidence, just to intervene and make an exception. It’s only possible, after all, because the executive has the power to execute. It also means that the executive agreed to all the other executions; what, after all, would happen if the president pardoned everyone? That would be about as likely as pardoning all the turkeys. Executive clemency is the flip side of executive cruelty. (Note, of course, that a British prime minister isn’t the head of state.)

It’s therefore a profoundly anti-rational, authoritarian custom; no wonder it’s a holdover from absolute monarchy. And this, I think, is what worries me about this ceremony – it’s the sacralisation of the executive branch. Like the King’s touch for scrofula. (He can even un-turkey a turkey!) No wonder, as Rude so wisely points out, Bush loves it.

Before we go on, here’s a video from Talking Points Memo in which you can see both Bush doing the turkey thing and also Sarah Palin’s now-notorious performance in which she pardoned a turkey while a worker slaughtered turkeys in the background. It will help your comparative turkeyology to watch closely.

Now, what about the well-known cockup in Alaska? A couple of points come to mind. For a start, as befits an anti-rationalist movement, neoconservatism has no culture of competence. They never run anything; their natural habitat is the thinktank, the university campus, the elite circle. Hence the Schlamperei that follows them around, like a drugfuddled burglar in a darkened room full of gym equipment. Of course they’d fuck it up – even in Washington, Bush managed to grant the bird a “full unconditional unconditional pardon”.

The second is that perhaps they aren’t trying. Looking back, when did they lie convincingly? The case for war was based not on lies, but on the unwillingness to confront the lies. Later, on things like torture and mass surveillance, they moved beyond this and simply admitted the facts while denying the form. Yes, we waterboarded the guy and pulled your call-detail records – are you with the terrorists? Of course, we do not support torture or illegal surveillance. In a very real sense, they were pardoning turkeys in front of the slaughter live on TV all the time.

More China convergence blogging. Declan McCullagh reports on efforts by the US and China to sneak something nasty into the ITU standardisation process, through a committee that doesn’t publish its documentation or let anyone else in the room. But the Chinese appear to be the ones leaning forward;

The Chinese author of the document, Huirong Tian, did not respond to repeated interview requests. Neither did Jiayong Chen of China’s state-owned ZTE Corporation, the vice chairman of the Q6/17’s parent group who suggested in an April 2007 meeting that it address IP traceback.

A second, apparently leaked ITU document offers surveillance and monitoring justifications that seem well-suited to repressive regimes: A political opponent to a government publishes articles putting the government in an unfavorable light. The government, having a law against any opposition, tries to identify the source of the negative articles but the articles having been published via a proxy server, is unable to do so, protecting the anonymity of the author.

Now that’s what I call a use case! The standards group in question includes someone from the Chinese ministry of telecoms and an NSA official whose biog appears to be secret, as well as someone from Verisign; who is hilariously quoted as saying that:

“The OSI Internet protocols (IPv5) had the capabilities built-in. The ARPA Internet left them out because the infrastructure was a private DOD infrastructure.”

(Trust me, if you know your Internet history, it’s hilarious.) The poor darling, still wishing for someone to bring back OSI. And the representatives of the Chinese Communist Party conspiring away with the NSA.

Oh well; it’s not as if it’s going to work. Viz:

“Since passage of the Patriot Act, many companies based outside of the United States have been reluctant to store client information in the U.S.,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center in Washington. “There is an ongoing concern that U.S. intelligence agencies will gather this information without legal process. There is particular sensitivity about access to financial information as well as communications and Internet traffic that goes through U.S. switches.”

But economics also plays a role. Almost all nations see data networks as essential to economic development. “It’s no different than any other infrastructure that a country needs,” said K C Claffy, a research scientist at the Cooperative Association for Internet Data Analysis in San Diego. “You wouldn’t want someone owning your roads either.”

Read the whole damn thing; it’s one of the best reported stories on the Internet infrastructure I’ve ever seen, they spoke to the right people (Renesys, k c claffy, Odlyzko), and the conclusions are interesting to say the least.

The Renesys rankings of Internet connections, an indirect measure of growth, show that the big winners in the last three years have been the Italian Internet provider Tiscali, China Telecom and the Japanese telecommunications operator KDDI.

Firms that have slipped in the rankings have all been American: Verizon, Savvis, AT&T, Qwest, Cogent and AboveNet. “The U.S. telecommunications firms haven’t invested,” said Earl Zmijewski, vice president and general manager for Internet data services at Renesys. “The rest of the world has caught up. I don’t see the AT&T’s and Sprints making the investments because they see Internet service as a commodity.”

If the “American Internet” is ending, it’s because they don’t deserve it any more.

So, after the Phorm evilhood, and the weird brokenness detailed here, and the 30-odd hour no-notice outage they dropped on me just after I started working from home, literally driving me to drink (the nearest operational open WLAN I found was in a pub), now Virgin Media comes up with this. It’s not just the delight with which they want to deliberately spoil everyone else’s day to extract cash from non-customers, it’s the contempt, to say nothing of the ideological horror within revealed by someone who thinks bus lanes exist to make buses go slower.

Well, I’ve got all the contempt anyone can handle, so I’ve just churned to I’ll be cancelling on Virgin just as soon as they hook up my new ADSL link.

Let me count the ways.

If you think Phorm – the evil advert-spooking system practically all the UK’s eyeball ISPs want to force on you – isn’t so bad, I’ve got news for you. First of all, let’s have a look at this Grauniad Tech article.

BT’s 2006 trials certainly involved some sort of interception, because the data streams had extra Javascript inserted into them – which puzzled a number of people at the time. Two examples can be seen at the forums of and In both, the Javascript and other tags inserted by the 121Media system are clearly visible, with one showing the referring page and possibly “interests” of the member. Both contain links to – the 121Media-owned site through which BT sent browser requests during the 2006 trials and later ones in summer 2007.

OK. So not only were they snooping, but Phorm actually injects not just data – like a cookie – but code into your URL requests, so their customer websites react differently as a result. It’s especially worrying that what they are adding is JavaScript; it’s not just data, it’s program logic. It does things. And, as any user of modern Web 2.0 services should realise, you can do all kinds of things with it – for example, you can call other web servers from within a web page without reloading. There is no way for you – the person whose BT, Virgin or Carphone Warehouse billing record stands behind the IP address that stands behind the identifier Phorm assigned – to know what such code does until after the fact.

Now, consider this; the good people of F-Secure unpicking the latest trend in security threats, the iFrame injection. It works like this – a lot of websites catch the search requests they receive and cache them, either to speed up the search process or to provide suggestions with the search results. This means that the search string…appears in a web page on their servers. So, if you fire enough popular search terms (which you can get from their website…) in, and append your attack code, there’s a chance it’ll get cached. And then, a visitor who uses the same search terms will get a page that contains the attack code; JavaScript is executed in the client side – i.e on the visitor’s computer – so you’re in.

So, let’s put them together; if you’re a Phorm customer, you can get the interests and web habits (and billing data?) of everyone in the UK delivered to your dodgy website in real time, and then you can reload anything you damn well like in their browser based on that information. Suddenly – let’s back off here. It’ll be someone unpopular. At first. So or sends you to; and there’s fuck all you can do about it, except try to explain the concepts of “deep packet inspection”, “iFRAME SEO injection”, and the like to a court of law.

Paranoia, right? Not so much.

You think that’s scary? Here’s some more F-Secure for you. There is at least one exploit out there, which could be delivered through the lines we just discussed, that writes dubious code to the BIOS – the low-level insect brain of a computer, the bit that lights up the screen, spins up the hard drive, and explains how to read the boot sector and start the operating system. The only fix there, I think, would be to format the fucking lot and install something completely different – or throw the damn thing in the sea.

But here’s where it gets bad; the thing nicks your online banking passwords. And then what does it do? It puts money into your bank account. Feel free to speculate.

Update: Now that’s what I call an April Fool from F-Secure. A cracker. This is of course without prejudice to the rest of the post, but I should have realised there would be no way they’d have included a live link to the exploit if it was real. If you were brave enough to follow it, well…you’d get the joke.