Babak Namdar

The video below is a video tutorial on how to use Pidgin with OTR to encrypted your instant messages.

The video is in Persian and is about 17 minutes long.

LOS ANGELES, July 16, 2009 /PRNewswire via COMTEX/ —-As the first wave of the Iranian movement characterized by huge mass rallies in June, receded following violent crackdown of IRI forces, a new wave of nationwide protests engulfed the country.

On July 9th as the whole country was almost shut down by an unprecedented deployment of Revolutionary Guards, riot police, the Basseej Islamic Militia and foreign terrorists training in Iran, tens of thousands of courageous young Iranians defied and surprised the regime by staging sporadic hit and run demonstrations in numerous Iranian cities and in particular in Tehran, Esfehan, Kermanshah and other cities. These series of demonstrations succeeded in attracting the participation of hundreds of thousands of other people along the routes who joined in the chants, encouraged the youth and even saved many from the hands of the evil forces.

Last week the revolutionary Guards announced that they were in charge of the country’s security. The regime , under the pretext of a sandstorm affecting parts of the country, had shut down schools and government offices encouraging close to a million to evacuate Tehran and millions to stay indoors. The government had also closed off all university grounds and dormitories, hoping to turn the capital city into and abandoned occupied city with major concentrations of storm troopers and network of spies. The large gaps left out due to lack of forces, revealed the regime’s weakness and provided opportunities for thousands to stage protests in unoccupied parts of the city, with minimum casualties and number of arrests. These demonstrations were frequently assaulted by riot forces who only succeeded in “dispersing” crowds to a different location. Democracy activists acquired tactical experience and organizational skills for their next round of protests by the end of July around the time of the selected president Ahmadinejad’s appointment to a second term.

Roozbeh Farahanipour is out of Iran following his entry into his beloved country earlier through free borders, exercising his right to participate in the democratic movement and contributing to the quality and the organizational aspects of the patriotic and secular parts of the youth movement. Mass singing of the patriotic anthem “O’Iran”(Ey Iran , Ey Marze Por Gohar) and demands for genuinely free and fair elections and freedom for the country have been encouraged by Marze Por Gohar party and on occasion were led by MPG activists. Such slogans and anthems have been discouraged in Iran, including by the so called reformist camp who have ordered their followers to separate their ranks from those of anti regime forces. In the meantime, even pro Moussavi crowds have picked up such slogans and have slowly inched closer to towards the Iranian opposition.

Leaders of patriotic and secular parties in Iran with whom Roozbeh Farahanipour has been ideologically associated had all been placed under surveillance hoping to ensnare Roozbeh if he tried to establish contact, and for preventing them from affecting the street protests in any way. Roozbeh avoided all such contacts and was able to evade security forces. In the meantime a number of regime agents in Los Angeles and agents calling from Tehran under different guises have attempted to find his location through his associates in California.

The MPG will issue statements and hold a press conference upon the return of Roozbeh Farahanipour to the US next week.

FOX Business

Frontpage magazine conducted a very interesting and detailed interview with Roozbeh Farahanipour, head of Marze Por Gohar Party.

I recommend everyone read it as it contains information that’s rarely, if ever, disclosed about the regime’s [s]elections.

One specific piece I liked, since the American government is turning a blind eye to illegal activities the Islamic Republic is conducting within the United States:

The regime tries to have it both ways: they try to discredit Iranians living outside of Iran who support boycotting by claiming they [boycott supporters] are detached and out of touch, while at the same time they provide logistical support to pro-regime entities living outside Iran to help promote the elections.  The latter is in fact illegal: it is illegal for the Islamic Republic to place ballot boxes in foreign states with which it has no official relations.  Meaning, it is illegal for the Islamic Republic to place ballot boxes in the Unites States and count the votes cast here in the states for the elections in Iran.

But hey, Obama wants to engage the Islamic Republic, so it’s okay if the Islamic Republic breaks American laws within America.

In intelligence, the where can be just as important as the what.

What I mean is, even if I don’t know what communication was exchanged, the mere fact that you met with someone is very valuable.

This paradigm also applies to internet traffic analysis.

While there are secure methods to exchange data online via HTTPS (the what), there are ways to cover up the where.

To get a better idea of how traffic analysis can yield the “where” information here’s a quick overview of a typical set of events that take place.

1. you type ‘marzeporgohar.org’ in your browser
2. your browser queries a DNS server asking what the IP address is
3. DNS server replies with the IP of marzeporgohar.org
4. browser requests data from the webserver with the ip

At this point you might be wondering what is this DNS server?

Let’s say the IP address of mpg’s site is 10.10.1.14.  Well, you can paste the IP address into your browser and the site will come up, but most people don’t memorize IP addresses, rather domain names. Memorizing marzeporgohar.org is a lot easier then 10.10.1.14

This is where a DNS server comes in, it basically maps an IP address to a domain.

Here’s a sample exchange:

Query
From (you): 192.168.0.10
To (DNS Server): 66.75.160.63
Standard query A marzeporgohar.org

Answer
From (DNS Server): 66.75.160.63
To (you): 192.168.0.10
marzeporgohar.org: type A, class IN, addr 64.34.168.37

So why should you care? Well lets say you are in Iran and you are look up https://marzeporgohar.org.  The Islamic Republic can’t intercept the HTTPS traffic because it is encrypted, however the initial DNS query to get the IP address of marzeporgohar.org can be.

So while they may not know what you are doing on mpg’s site, the mere fact that you visited may be enough to begin building a profile on you.

Even if you are using a proxy (I like SSH tunnel proxies), you are open to DNS traffic analysis.

So what is the solution?

One solution is to use SOCKS5 proxies and enable remote DNS proxy in firefox.

Now all your DNS queries will be done through the proxy server (which is obviously outside Iran).

A topic that comes up repeatedly in talks with Iranians inside and outside the motherland is how to surf the web more securely.

The topic itself is very broad and thus I’m just going to concentrate on one of the more easier ways you can view sites more securely.

I’m sure you’ve seen http and https before appear in the url bar of your favorite browser.

So what really is the difference between HTTP & HTTPS as far as security goes?

Here’s what the network traffic looks like for http:

Content-Disposition: form-data; name="emailto"

blah@blah.com
-----------------------------147344601515699300481942305708
Content-Disposition: form-data; name="emailpriority"

0
-----------------------------147344601515699300481942305708
Content-Disposition: form-data; name="emailcc"

-----------------------------147344601515699300481942305708
Content-Disposition: form-data; name="emailbcc"

-----------------------------147344601515699300481942305708
Content-Disposition: form-data; name="emailsubject"

this a test
-----------------------------147344601515699300481942305708
Content-Disposition: form-data; name="emailmessage"


this is just a test


-----------------------------147344601515699300481942305708--

Now lets take a look at a piece of the https traffic:

T.....QF..u...K...w.@....)U...d?.....|.....x..%..J{-.Y...(..W.R..C...p.n..v..h.(.J;.GA*.......
..Q^....A....L...t...*:}.#......8.\d...)Y.......&...]&..`..(ac...u.@..]..|.b.S..Q." ..U9.X;. u
......J....q..eo.....`o.N.$...3w..~..k(].....Az.J.j.R..t....).......+/or....qd85.7w6{~..?3.).
w$..-..9........{...|ZE0..qh.....Ktl.=7..E..1H....
8$N........WVP..mw.......&....t...L.*T.ujZc8..j.. ....0.......+.....Q..;2...\.+...J.I.Z..OeKB.
v.G[.U...Q%]@........I......G.EI...<..X..`]Z.Gf.#..M.^..+)<..)..#.G.@X\.....m.lPgx......%^.
.~..a....b\?.P....C".9py.w.k.'...8....x~>q..p...l.
..O.L..2.._...|.$....&.
...n.|O~Q....5h4.1m...=..V............p..L...O...<`.~3...[AT?N..w....L.....kf..et..J....r+..k
c.C:.K.
......n....o........p....qv;_......\.........D
1.R...j....O...:+.V...KHbM.M..w>v...~f;o..E..T........D/..k2g9...;g..b.E3A..`... ..g.
\>Q{6o...."H.....
......rH..Fb.`f...pf..X..l?..e....seS`0................TU...z.Z.z !.l.....1....3..w"h.-.
;_.l..<....Z8.....:'....Q{....,...E./.Q.u**].Z.
.*.R...]..a.......3*..#..J..!7N..........t_\..<.P....7.xF...r.UzvJW'X....2.
..+...]&\..K.......1l...n.......f.q.F.
.aRy..hZ..
...k.za..f.a..
.i..q8..d...>`.a.....Y..b...wx...e.$I..{...4v^....i...c.h..i....i./.T.D...Y.1........L.\
N....lgs9.<...w._.......:.Z`xH.|...J(.d.<.(........0.......%........e*7.....%.....*..\!T.c^.
|....a.v.."_.F.+.....1.......A...m.....O...%...t5=...Ld..K0Y....@.5.....}(.h.....Uz`{.5.
.3..!.^........1..t..O<.z.7.....5.....Z......<._.hU1.....b.N.9....A.X.=.#2.:+g.i:.&...c....6
#.>..2.s...lc..W....%.m.RN.0...?...............L.i{
..Eh........2x8.........$~..
....[..-.;.M...B..W..cE..CCCF........l.k.7m..}..:In;e...7.....{.<@.....'.......X.I>...
.P..7.dI.x5..oY.@.p.a.....y...M.Y&.hL.2F...r. ..34..G...../.h.+aW..
.A.f
...q.
........D.N.D..g.D|....~....\..-.....$.F...u..P.......qN.N ....1.,mt.W.m..z.e

You’ll notice the https traffic looks like gibberish.

The reason https looks illegible is because the information is first encrypted then sent to the server and vise-versa.

That’s why when you’re making credit card payments over the internet, you almost always see https.

Mining information from network traffic over http is a pretty trivial matter, especially for a regime like the Islamic Republic that is flush with oil money.  And there have been reports from inside Iran, how the Islamic Republic is using text-mining technologies to sift through network traffic and gleam information on political dissident in Iran.

Gmail has an option under “Settings” (at the very bottom) that says “Always use HTTPS” and so everytime you login Gmail will automatically use HTTPS.  Using HTTP would mean that while you’re reading / writing an email, a person with access to the network traffic could read what you are reading / writing.

When reading / writing emails or chatting on websites (like facebook), you should try to use HTTPS, as it will drastically lessen the ability for someone to intercept the network traffic and actually learn something from the data.

While using HTTPS is a good start, it is by no means the be-all-end-all for secure surfing.

I’ll try to post more entries about technologies you can use to minimize eavesdropping on your internet activities.

The fact that the European Union is one of the Islamic Republic’s most important trading partner is not exactly news, nor is the regime’s particular close relationship with Germany.
However, what may be of surprise to some is the amount of technology European firms are providing the government with the second highest rate of executions, the Islamic Republic.

A Wall Street Journal article discusses how some of Europe’s largest companies are helping the Islamic Republic monitor and track communications inside Iran.

There are some points worth mentioning regarding telecommunication companies operating inside Iran.

First, the regime has absolute authority over these companies meaning the Islamic Republic can at any point ask to eavesdrop on any calls.

Second, the telecoms are in a very powerful position since they essentially control a subscribers cell phone. The telecoms have the ability to push software to a cellphone (OTA, over the air) without the user even knowing.

Bruche Schneier, an expert on cryptopgraphy and security talks about telecoms turning on subscribers cellphone’s microphones to hear conversations.

While the European Union is thumping it’s chest declaring their support for human rights, it’s difficult to believe their rhetoric considering they are providing sophisticated technologies to a regime that has a history of violently suppresing human rights.  It is a sad case of irony, that while the EU discusses resolutions for “violations of obligations” by the Islamic Republic, it is helping the very same regime apprehend, arrest and execute political dissidents.

There are steps Iranians inside the country can take, for starters take out cellphone batteries before going to meetings, discussions, etc. It is not enough to just turn your phones off.  By doing this, the regime will not be able to track you or listen in via your cellphone.  Face-to-face meetings that can’t be eavesdropped via technology means they will have to send a human to track and listen to the conversation. Simple arthietmetic dictates they can’t track everyone, especially since a portion of the Intelligence Ministry is sympathetic to their compatriots.

In short, Iranians must begin using more primitive means of communication as they can’t be intercepted as easily as digital communications.

According to Reporters without Borders:

The Tehran attorney-general’s adviser said on 19 November that the authorities were responsible for filtering out “five million websites.”

I was on a VOA program where one of the guests was claiming that a five-person committee determined what cites would get censored.

Just by using simply arithmetic we can conclude that the regime is using a script / program to analyse contents of sites to determine whether they contain any specific words / phrases that would relegate them to the “black list.”

Let’s take a look of how much effort it would take to compile the “black list” via route good-old-fashion - aka manually.

Even if it took a person a mere 10 seconds to read a page on a site and determine whether to censor the site or not, and then update the database:

Each minute a person could censor 6 pages

5,000,000 websites divided by 6 = 13,888 hours

13,888 hours divided by 24 = 578 days

Even if every site they analysed would get censored, it would take about a year and 7 months to come up with the list of 5 million censored sites (working 24 hours a day / 7 days a week).

Keep in mind that not every site they visit will be censored so even if we go with a liberal censorship rate of 25% of sites they visit will get censored, you’d have to spend more then 6 years to manually create a list of 5 million censored sites.