New Citizen Lab report: “Monitoring Information Controls in Iraq in Reaction to ISIS Insurgency”

A new report from the Citizen Lab at the University of Toronto takes a look at Internet monitoring in Iraq. Since violence led by the Islamic State of Iraq and Syria (ISIS) broke out in the country several weeks ago, the government has responded by cutting Internet access, first by blocking websites including Twitter and Facebook and then, on June 15, issuing orders for a total Internet shutdown in five of the nation’s 19 provinces.

Among the report’s key findings:

  • A total of 20 unique URLs were found to be blocked on three major Internet service providers (ISPs): Earthlink Telecommunications, IQ Net, and Newroz Telecom. The blocked sites include Twitter, Facebook, Instagram, Skype, YouTube, WhatsApp, and WeChat, as well as popular VPN services including OpenVPN and StrongVPN.
  • The majority of the websites found to be unavailable corresponded with the list of that the Ministry of Communications ordered to be blocked on June 13. The ISP Newroz Telecom showed no signs of filtering, which “was expected, because this ISP serves the Kurdistan area, and reports have indicated that the shutdown and social media blocking orders did not include Kurdistan.”
Traffic from Akamai, a content delivery network, to Iraq, showing a sharp drop in traffic since the filtering orders from the Iraqi Ministry of Communications. Via the Citizen Lab.

Traffic from Akamai, a content delivery network, to Iraq, showing a sharp drop in traffic since the filtering orders from the Iraqi Ministry of Communications. Via the Citizen Lab.

  • The Citizen Lab also looked at seven websites “affiliated with or supportive of” ISIS. None were blocked. “Given that the insurgency was cited as the rationale for the shutdown and filtering,” wrote the authors, “this finding is curious.” This could suggest that the Maliki government is using the present crisis as an excuse to rein in broader social media around the country—whether or not it is related to ISIS violence.
  • Usage of Psiphon and Tor, which allow users to circumvent filtering, has soared in Iraq in recent days (though Tor use has since fallen slightly).
Directly connecting users of Tor in Iraq, via the Citizen Lab.

Directly connecting users of Tor in Iraq, via the Citizen Lab.

Daily users of Psiphon in Iraq, via the Citizen Lab.

Daily users of Psiphon in Iraq, via the Citizen Lab.

More information about the Citizen Lab’s analysis can be found in its report, Monitoring Information Controls in Iraq in Reaction to ISIS Insurgency.

Anonymous sets its sights on the World Cup

The hacker collective Anonymous has launched a series of attacks on World Cup sponsors and other affiliates, stealing data and taking over websites.

On Thursday, Anonymous took credit for taking down sponsor Yingli Solar, a Chinese solar power company, as well as breaching the network of Globo TV Brasil, Brazil’s largest television network, and publishing employee details online.

The group has also targeted a number of Brazilian governmental bodies, including the Ministry of the Environment and the Military Police of Sao Paulo State.

On Friday, Anonymous used a DDoS attack to bring down the 2014 World Cup site for several hours. Later that day, the group bragged about its alleged conquests: “Anonymous 145 x 0 FIFA.”

The hacks have been publicized under hashtags including #OpMundial2014, #OpWorldCup, and #OpHackingCup.

The cyber security company Symantec, which tracks cyber attacks, issued a notice on the eve of the World Cup warning potential targets of likely ploys, “including ‘run-of-the-mill’ distributed denial of service (DDoS) attacks, phishing/spear-phishing emails, intrusion and data-theft attempts, vulnerable software exploration, web application exploits, and possibly website defacement.”

Anonymous has been vocal about its plans to disrupt the World Cup. In February, several alleged Anonymous members told Reuters that they planned to go after sponsors as well as the Brazilian government during the tournament, noting that the massive audience would serve as a useful stage to protest the expense of the World Cup games—estimated at $14 billion—in a country where many citizens still lack access to basic services.

In May, Anonymous hackers broke into the Brazilian Foreign Ministry’s computers and leaked confidential emails. Stating that the group had “a plan of attack,” one hacker told Reuters that World Cup sponsors would be Anonymous’s prime targets, naming Coca Cola, Budweiser, and Adidas.

Despite the longstanding threats, Brazil was widely seen as a sitting duck for hackers, in large part because of its aging telecommunications infrastructure. “I don’t think there is much they can do to stop us,” one hacker told Reuters.

Last June, hackers replaced the FIFA World Cup homepage with a video showing protesters marching against public transit fare increases, which spurred mass protests around the country. In the video, the protesters, who chant “sem violencia” or “without violence” throughout, eventually encounter a line of police officers, who respond with rubber bullets and tear gas. That month, the UN High Commissioner for Human Rights called on Brazilian authorities to rein in their use of force against peaceful demonstrators. In March of this year, officials in Rio de Janeiro and Sao Paulo announced the rollback of the cities’ respective fare increases.

#IMWeekly: June 20, 2014

Hong Kong
On the eve of a referendum about voting rights this week, Hong Kong’s digital voting platform was hit by a massive DDoS attack. Today is the first of three days of voting for Hong Kong citizens, who will decide whether to offer universal suffrage, seen as a move that would weaken the influence of Beijing-sponsored candidates. Now in its fourth day, the DDoS attack is being called “one of the largest and most persistent DDoS attacks in the history of the Internet” by the company CloudFlare, which has been contracted to defend the voting platform and said that the attack reached a scale of 300Gb per second today. The attack is widely suspected to be the work of pro-Beijing groups, who oppose the referendum. The vote is unofficial, meaning that its results will have “no legal effect,” according to a statement by the Hong Kong government. More than 200,000 ballots have already been cast. For more information, see our earlier post on the attacks.

The spiraling violence as the Islamic State of Iraq and Syria (ISIS) sweeps across Iraq prompted the Maliki government to cut Internet access in the country. Last Friday, sites including Twitter, Facebook, and YouTube were blocked across the nation. Two days later, the government issued orders to ISPs to shut down all Internet access in five of the country’s 19 provinces. The Atlantic reported this week that ISIS is particularly effective at using “gaming Twitter” to push its message and recruit new followers. More information can be found in our blog post about the shutdown.

Twitter announced that it would no longer censor tweets deemed “blasphemous” by the government. In a statement, the company said that it had “re-examined the requests and, in the absence of additional clarifying information from Pakistani authorities, [had] determined that restoration of the previously withheld content is warranted.” Though hailed as a victory for freedom of expression in Pakistan, the decision drew attention to Twitter’s murky takedown policy, which it has declined to make public.

Reporters Without Borders reported that YouTube has been blocked and Google is only partly accessible in Tajikistan since June 12. Blocking has surged in the country over the last two years, usually around times of political tension like last November’s presidential election. On Monday, a Global Voices contributor and the publication’s former Central Asia Editor, Tajik-born Alex Sodiqov, was detained while conducting academic research in the eastern part of the country. The government has allegedly shown him on national television “in an apparent attempt to discredit both him and an opposition politician.” More information can be found in our earlier blog post on Sodiqov’s detainment.

United Kingdom
Revelations emerged this week that the British government has been using a legal loophole to scrutinize its citizens’ social media communications. Charles Farr, director general of the Office for Security and Counter Terrorism, revealed that posts and other communications made on platforms like Facebook and Twitter are considered “external communications” because they’re routed through foreign companies. This means that even missives traded by British nationals in the UK, who are usually afforded significant privacy protections, are fair game for government interception—without a warrant—because the data leaves British shores before reentering.

#imweekly is a weekly round-up of news about Internet content controls and activity around the world. To subscribe via RSS, click here.

DDoS Attacks in Hong Kong Target Pro-Democracy Websites

Between Friday, June 13, and Wednesday, June 18, Hong Kong suffered two DDoS attacks aimed at pro-democracy sites.

The targets—one, the site of civil society group “Occupy Central with Love and Peace”, the other newspaper Apple Daily—both seek to advocate for universal suffrage in Hong Kong.

Since 1997, when Hong Kong’s period under British control ended and the city-state came under Chinese rule, many of its top officials have been elected by a small group of Beijing loyalists. Occupy Central advocates for a civil referendum that would shift voting power away from these Beijing loyalists and to Hong Kong’s citizenry, allowing them the right to vote in elections that determine who will be Hong Kong’s Chief Executive. Recently, Occupy Central, with the help of Hong Kong University’s Public Opinion Programme (HKUPOP), planned to run an online public opinion poll between June 20 and 22 to vote on a referendum on constitutional reforms.

Google’s Digital Attack Map, June 10, via Global Voices Advocacy.

Occupy Central’s three web hosting services suffered violent DDoS attacks; due to the fallout of the incident, only one of these services, Cloudflare, still supports the voting system. As a proposed workaround to the voting system’s susceptibility to attacks, Hong Kong University’s Public Opinion Program is now considering using telephone lines instead, a weak alternative to the online platform.

Google’s Digital Attack Map, June 14, via Global Voices Advocacy.

The second target of the attacks, Next Media’s Apple Daily, is an independent Hong Kong newspaper often critical of Beijing. Its founder, Jimmy Lai, is a vocal supporter of Occupy Central. Apple Daily has encouraged its readers to vote on Occupy Central’s referendum.

The attacks were separately orchestrated. That said, Next Media chairman Jimmy Lai suspects that mainland Chinese hackers, eager to suppress Hong Kong’s emerging democratic impulses, wanted to silence two of the city’s most audibly pro-democracy voices through these attacks.

The attacks aren’t limited to Apple Daily and Occupy; they come in a long line of incidents in which pro-Beijing forces, working online, have tried to suppress groups within Hong Kong that are working toward greater democracy. In anticipation of the June 4 anniversary of the Tiananmen Square protest in 1989—an anniversary that sparked wide censorship across mainland China—the website of the Hong Kong Alliance in Support of Patriotic Democratic movements was also taken offline by sustained DDoS attacks.  In October 2013, Global Voices Advocacy anticipated that malicious hacking of civic groups and activist communications like those of Occupy Central would surge approaching July. A similar DDoS attack occurred on HKUPOP’s servers in March 2012, shortly after HKUPOP held mock elections for the city’s Chief Executive.

Occupy Central and Apple Daily’s founders both feel that Beijing loyalists are undoubtedly behind the attacks, given the subversive, pro-democratic nature of both sites in the wake of increasing tensions between Hong Kong’s pro-democracy supporters and the mainland Chinese government. That said, no particular hacking forces have come forward and taken responsibility for the attacks.

A Scholar, not a Spy: The Detainment of Alexander Sodiqov

Khorog is a remote and mountainous Tajik town. It’s situated in the country’s volatile Gorno-Badakhshan Autonomous Province (GBAO), geographical and political worlds away from Dushanbe, the country’s capital and political epicenter. Khorog has, in recent years, been regarded as as a hotspot for the festering of anti-Dushanbe sentiment. Since July 2012, it has been a site of deadly clashes between the government and opposition forces. Alexander Sodiqov, a Tajik-born PhD candidate in Political Science at the University of Toronto, traveled to Khorog to conduct fieldwork for a project on the role of international actors, states, and civil society in Central Asian conflict management. While there, he met with Alim Sherzamonov, an opposition leader based in GBAO, for the purposes of this research. His research would meet an abrupt end on June 16, when Tajikistan’s State Committee for National Security (GKNB) detained Sodiqov, who is also the former Central Asia Editor for Global Voices.

Sodiqov and his family, via Global Voices Advocacy.

Though the reasons for his detainment were initially vague, the GKNB soon claimed that Sodiqov was acting on “subversion and espionage.” Sodiqov’s arrest comes amid claims by GKNB officials that foreign spies are enacting “a big geopolitical-ideological game” to destablize the country. Two days after his detainment, Sodiqov appeared on Khorog local state television reading a forced statement subtly disparaging Sherzamanov. Viewers described him as pale and confused-looking in the video. Sodiqov’s arrest coincides with the partial blockage of both YouTube and Twitter in Tajikistan since June 12, a move many activists fear is a reaction to public discourse that is critical of President Emomalii Rahmon. The past few years have seen blockages of this nature in spades, from such widely-used social networks as YouTube, Twitter, and VKontakte to independent news agencies and websites. Months ago, in the run-up to the presidential elections, YouTube was blocked after a video of Rakhmon drunkenly dancing at his son’s wedding surfaced online.

Many activist organizations have mobilized to advocate for Alex’s release. Some media freedom advocates have launched the #FreeAlexSodiqov Twitter campaign to raise awareness of his arrest, while such organizations as Freedom House, Human Rights Watch, and Avaaz have begun petitions and released official statements condemning the detainment. Fellow academics have banded together to form Scholars for Sodiqov, insisting that his academic work was anything but politically-motivated espionage. A website has also been launched to advocate for his release.