Iranian TOR arms race a shadow of things to come?

Recently, the anonymizing network system TOR (The Onion Router) found its traffic was ratcheted to a standstill in Iran, prompting a comparison by one of the TOR project developers to an emerging “arms race”. Users of the service, hoping to evade state censorship/snooping, encrypt the traffic that then gets routed anonymously around the globe. But it seems Iran has caught on, and started shutting down the traffic.

This, the latest in a continuing escalation globally of attempts to crackdown on Internet traffic, matched by zealous competing efforts from those in favor of a more open system of communication. Nation states are being tapped to control what may be perceived as threatening communication, ala recent efforts in the UK to tag Internet traffic as a more likely propagator of potential “violent radicalisation” activity than any other, including religious institutions, prisons, universities, etc.

But TOR had an “ace up its sleeve” according to developer Jacob Applebaum with the project. Apparently, they had anticipated the increased scrutiny on the SSL/TLS traffic that TOR communication generates, and have developed an add-on called obfsproxy, which works around it, making the encrypted traffic appear more like normal Internet traffic, thereby avoiding unwanted attention.

And so it goes. Last month TOR operators noticed Chinese state actors apparently sensing TOR traffic and blacklisting the TOR onramp “relays” so others couldn’t connect. What is interesting is the way it was detected and blacklisted, causing speculation that the methodology used near-linespeed realtime Deep Packet Inspection (DPI) to snoop the traffic, a non-trivial feat to be sure, especially at speeds fast enough to avoid creating excessive latency, a telltale sign that the traffic may be monitored. TOR communications, while tunneled across a standard SSL port, are unlike traditional SSL negotiations which only last short periods. TOR, on the other hand, would show a continual stream of SSL traffic for longer periods of time.

What is also interesting is that Iran is second only to the U.S. when it comes to use of the TOR network (according to the project’s statistics), suggesting a level of cyber sophistication in that region that is far above average. We also read that other middle eastern nation states are ratcheting up cyber attack rhetoric and posturing more reminiscent of traditionally military actions. It’s easy to draw parallels to a new emerging cyber arms race, as mentioned by Mr. Applebaum.

This promises to be a long haul, technologically, with privacy and anti-censorship efforts coming into full focus in the coming months, as states attempt to control dialog – for whatever reason – and citizens attempt to exercise their power to communicate freely, both for good and evil.

Author , ESET

  • Hebenon

    If knowledge is power then the uncensored deep internet is the key to that power, as long as we are allowed to view it. Being in the USA, I am happy to find that censorship is limited to minimal and we can view most of what we like. I feel sorry for those that are in other countries where their information is guarded and in limited supply.
    With that being said, there is no fool proof way to circumvent any system. For every workaround there will be another obstacle but I am happy that there are enough likeminded people to work toward a common goal, a feat that is seldom heard of. By bringing us tools like the TBB (Vidalia),  Obfsproxy, Portable TOR (Tails), Orbot or even TOR Cloud, it shows that the team is ever vigilant in keeping anonymous browsing safe. I guess it is just a race between the coders at the Internet defense League and the censoring countries like China and Iran. My money is on the good guys, the good people of TOR if that needed clarification.

Follow us

Copyright © 2017 ESET, All Rights Reserved.