Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


03:50 PM
Connect Directly

No Internet Access? Amid Protests, Here's How to Tell Whether the Government Is Behind it

Government-mandated Internet shutdowns occur far more regularly than you might expect.

Since the death of George Floyd at the hands of Minneapolis law enforcement on May 25, millions of people worldwide have taken to the streets to protest police violence. But one oft-used government tactic in some countries to limit the ability of their citizens to communicate and organize has been absent so far: There have been virtually no reports of state-mandated Internet shutdowns in response to the protest.

Part of the reason for that is it's much harder to diagnose cellular connectivity problems when thousands of people flood into one neighborhood, all demanding to use mobile phone infrastructure that wasn't designed to handle so many devices at once. While one of the few instances of a US government-mandated network shutdown came in 2011 – when police for the BART transit system in the San Francisco Bay Area shut down cellular service for several hours during protests that followed multiple police shootings of passengers – this time around Seth Schoen, senior staff technologies at the Electronic Frontier Foundation, said his colleagues haven't been able to confirm the rumors they've heard about government interference of mobile networks. 

"I haven't seen any hard evidence that couldn't also be easily explained by networks being overloaded," Schoen said in an email exchange. But in many cases, consumers can tell whether there has been government interference with Internet access because it will "affect people on different parts of the Internet in different ways," he added.

Government-mandated Internet shutdowns occur far more regularly than you might expect. The number of countries that shut down access for their residents jumped from 25 in 2018 to 33 in 2019, according to the annual Keep It On report published in February by nonprofit Internet advocacy group Access Now. China, Vietnam, Egypt, Iran, Syria, and Cuba are notorious in this regard and regularly cited as countries with the least Internet freedom, according to 2019's "Freedom on the Net" report, produced annually by the US-based democracy and human rights nonprofit Freedom House. But they're not the only countries that use Internet shutdowns to control the flow of information and ideas.

Among the worst offenders are India and Brazil. In the contested state of Kashmir, the Indian government blocked all Internet access, landlines, and mobile service for between August 2019 and March 2020. Brazil regularly blocks access to the messaging service WhatsApp, even as other Internet services in the country have continued unabated. Internet Research company Top10VPN estimated the cost of Internet shutdowns in 2019 to be more than $8 billion globally.

How to Discern  
Despite politically driven interference, Internet monitoring organizations point to some telltale clues that can help people determine whether their sudden inability to use the Internet is a technical glitch, such as an underwater cable cut, a distributed denial-of-service (DDoS) attack, or a government-mandated order.  

Most of the government-mandated Internet shutdowns or blocks are based on interfering with the country's Domain Name System (DNS), the protocol that maps websites to IP addresses, says Arturo Filastò, project lead at the Open Observatory of Network Interference, a nonprofit that monitors and documents Internet shutdowns. Since most of the world's DNS queries are resolved in plain text, Internet service providers can be "convinced" by the governments they operate under to restrict access to certain sites – or even all of them, he says.

"DNS hijacking is most common in the West. It's the first level because it's the easiest and cheapest," Filastò says. "Another technique under the DNS tampering umbrella is DNS spoofing, such as the Chinese Great Firewall, where they will spoof the response to a DNS query faster than the legitimate response."

Measuring Internet connectivity and shutdowns has grown more sophisticated over the years. The Center for Applied Internet Data Analysis at the University of California, San Diego, uses a combination of global Internet routing, active probing of IP addresses, and the background radiation from the Internet itself to evaluate the cause of a shutdown. 

"Some measurements will tell you that the physical [Internet] connectivity still exists during a shutdown. One of our three methods will still see the existence of connectivity," says Alberto Dainotti, research scientist with the Internet Outage Detection and Analysis group at CAIDA. 

Determining whether a shutdown is caused by a technical snafu, a DDoS attack, or government interference can be tricky. If you can't reach a website but others in your country can, it's most likely a technical issue with your network. (T-Mobile users experienced this in North America last week.) If all or most websites work for you but one specific one appears to be down, it could be a targeted attack (by malicious hackers or a government order) focused on that one site. Specific websites can be checked with the service Down for Everyone or Just Me.

Of course, it can also be a government shutdown. Several services can help Internet users identify when their service is being disrupted by a DDoS attack or a government shutdown. In its "Surveillance Self-Defense" guide, the EFF recommends using encrypted DNS, a virtual private network, or the Tor Browser to circumvent DNS-based network shutdowns. Filastò's employer also offers its OONI Probe to help users test network connectivity and identify likely reasons for the shutdown they're experiencing. 

The EFF's Schoen noted consumers should be more worried about technical problems on their devices or with their ISPs before presuming their government is blocking part or all of their Internet access – even though government-initiated Internet interference and shutdowns are on the rise. 

"Governments do actively tamper with people's devices and network connections, but less frequently than random errors and outages that aren't intentional on anyone's part," he said.

Related Content:


Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really bad day" in cybersecurity. Click for more information and to register for this On-Demand event. 
Seth is editor-in-chief and founder of The Parallax, an online cybersecurity and privacy news magazine. He has worked in online journalism since 1999, including eight years at CNET News, where he led coverage of security, privacy, and Google. Based in San Francisco, he also ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-10-22
The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitting X-Forwarded-For data. This resulted in an inab...
PUBLISHED: 2020-10-22
The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. This is related to wfMessage and Html::rawElement, as demonstrated by CosmosSocialProfile::getUserGroups.
PUBLISHED: 2020-10-22
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
PUBLISHED: 2020-10-21
WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter, which does not filter user inputs. By putting an XSS payload in place of a valid Owner Name, a modal b...
PUBLISHED: 2020-10-21
Adobe InDesign version 15.1.2 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .indd file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.