recommended reading

New clues emerge of private Internet network in Iran

Iranian women use computers at an Internet cafe in central Tehran, Iran.

Iranian women use computers at an Internet cafe in central Tehran, Iran. // Vahid Salemi/AP

An independent researcher has unearthed clues of a private Internet network accessible only inside Iran. The findings confirm brewing official efforts to build a system for the state apparatus to redirect and block Web traffic, as well as offer Iranian versions for global Web services.

There are “initial indicators that telecommunications entities in Iran allowed private addresses to route domestically…creating a hidden network only reachable within the country,” according to a newly-released report penned by Collin Anderson, a D.C.-based researcher funded by the University of Pennsylvania.

Anderson studied traffic flowing through hosts -- networked machines -- located within the country and attempted to make connections to 16.7 million possible private addresses, which identify networks not connected to the World Wide Web.  He confirmed to Nextgov he detected 46,000 possible networks. Some of them were owned by ministries or linked to ministry websites and public services such as the Iranian national webmail service. Some Web traffic redirected to a private IP address affiliated with the Telecommunication Company of Iran, so that censoring and blocking could take place.

Iranian officials have cited protection from computer attacks as the motivation behind the regime’s push for an Iran-only Internet infrastructure. The use of private addresses by the Iranian government has dated back to at least 2010.

While state-owned media and officials have trumpeted efforts to build domestic Internet, such a system remains, for now, woven alongside a more open web infrastructure. Anderson stressed that implementation of a national information network was by no means complete: “We do not expect access [to domestically routable networks] to be universal or consistent across all geographic regions or networks.” He added his research should not indicate immediate plans to disconnect from the global Internet.

He highlighted evidence of a ‘dual stack’ approach, in which servers are assigned domestic internet protocol addresses, in addition to a global one.

Anderson’s findings come as Iranian authorities have reopened access to Google’s email service a week after blocking it. The blocking of Gmail was an unintended result of trying to block YouTube. "Unfortunately, we do not yet have enough technical knowhow to differentiate between these two services,” a member of the telecommunications ministry committee tasked with filtering the Internet in Iran was quoted as saying, by the Mehr news agency.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.