Cybersecurity

New clues emerge of private Internet network in Iran

Iranian women use computers at an Internet cafe in central Tehran, Iran.

Iranian women use computers at an Internet cafe in central Tehran, Iran. // Vahid Salemi/AP

An independent researcher has unearthed clues of a private Internet network accessible only inside Iran. The findings confirm brewing official efforts to build a system for the state apparatus to redirect and block Web traffic, as well as offer Iranian versions for global Web services.

There are “initial indicators that telecommunications entities in Iran allowed private addresses to route domestically…creating a hidden network only reachable within the country,” according to a newly-released report penned by Collin Anderson, a D.C.-based researcher funded by the University of Pennsylvania.

Anderson studied traffic flowing through hosts -- networked machines -- located within the country and attempted to make connections to 16.7 million possible private addresses, which identify networks not connected to the World Wide Web.  He confirmed to Nextgov he detected 46,000 possible networks. Some of them were owned by ministries or linked to ministry websites and public services such as the Iranian national webmail service. Some Web traffic redirected to a private IP address affiliated with the Telecommunication Company of Iran, so that censoring and blocking could take place.

Iranian officials have cited protection from computer attacks as the motivation behind the regime’s push for an Iran-only Internet infrastructure. The use of private addresses by the Iranian government has dated back to at least 2010.

While state-owned media and officials have trumpeted efforts to build domestic Internet, such a system remains, for now, woven alongside a more open web infrastructure. Anderson stressed that implementation of a national information network was by no means complete: “We do not expect access [to domestically routable networks] to be universal or consistent across all geographic regions or networks.” He added his research should not indicate immediate plans to disconnect from the global Internet.

He highlighted evidence of a ‘dual stack’ approach, in which servers are assigned domestic internet protocol addresses, in addition to a global one.

Anderson’s findings come as Iranian authorities have reopened access to Google’s email service a week after blocking it. The blocking of Gmail was an unintended result of trying to block YouTube. "Unfortunately, we do not yet have enough technical knowhow to differentiate between these two services,” a member of the telecommunications ministry committee tasked with filtering the Internet in Iran was quoted as saying, by the Mehr news agency.

Threatwatch Alert

Network intrusion

UC Berkeley Waits Three Months to Inform Hack Victims

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
// December 19
X CLOSE Don't show again

Like us on Facebook