'Net Parrot Effect'Net Parrot Effect
Iran. You remember the place? Before several celebrities died in the past week, Iran's election aftermath gripped national attention. The more I found out about the election situation, the demonstrations, and the crackdown, the more I felt as if I were reading a political thriller. That's when the ugly side of our hyper-connected society reared its ugly head.
June 30, 2009
Iran. You remember the place? Before several celebrities died in the past week, Iran's election aftermath gripped national attention. The more I found out about the election situation, the demonstrations, and the crackdown, the more I felt as if I were reading a political thriller. That's when the ugly side of our hyper-connected society reared its ugly head.People started passing information around the Twitter/blogger/Interweb superconnect highway about how to help the Iranians/bloggers/Tweeters who were being censored.
Make no mistake: The information passed around about ways to help bloggers was not helpful and, in most cases could actually aid Iran in censoring free speech. In general, this gives rise to what I call "the parrot effect," or just repeating information you hear or read without actually understanding it. In this case, high-profile technology gurus, including Tim O'Reilly, were guilty of spreading misinformation (RT @JoeTrippi: Change ur twitter time zone to GMT+3.30 (Tehran) Security search location & time. If we are all Iranians it will help 9:29 AM Jun 21st from Seesmic Desktop).
I sympathize with the Iranian citizens and think censoring speech is horrible. But to understand why the information being sent to "help" them wasn't useful at all, burn this phrase into your brain: "nation-backed resources." That means the resources of a government budget can be brought to bear. For instance, in Iran monitoring all Internet traffic in and out of the country would be as simple as a trip down to a monitoring center that has eavesdropping capabilities.
Let's look at a few of the parroted suggestions and why they would result in a visit from Iranian police. The most popular suggestion involved changing your location on your Twitter profile to say you were in Tehran and to set your time zone appropriately. At first I thought this suggestion was to show solidarity, but it turns out the friendly Internet parrots thought this would confuse the Iranian government censors since they would have to search through a wave of Twitter users claiming they are in Iran, allowing legitimate information to slip out unnoticed.
While I am sure there were noble intentions, no one seemed the vet the technological premise behind it. Silly smokescreens don't hold up when nation-backed resources can allow you to write a simple filter to show anybody going to Twitter.com from inside Iran. This would be as simple as writing a Wireshark filter to capture traffic going to cnn.com from inside your home network. With power like that, nobody looking for Twitter traffic would care about a profile location. I was accused of being antifree speech when I asked some people passing around the Tehran Twitter-location tip that if a Twitter profile location would actually help, then hy don't the people inside Iran just change their location to somewhere else?
People also suggested that the Iranians use proxies outside of Iran or Tor. While these ideas seem to have more merit, they still show a government that controls all Internet traffic in and out of the country that you are doing something suspicious and should get a visit from people with batons. I didn't see a single suggestion that would actually help free speech advocates. If I wore a tinfoil hat, then I could even go as far as to say that this disinformation was planted by the government of Iran because, in the end, all it did was show them exactly who they needed to arrest. But I don't have a tinfoil hat.
David Maynor is CTO of Errata Security. Special to Dark Reading
About the Author(s)
You May Also Like
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023
Everything You Need to Know About DNS AttacksNov 30, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
Gone Phishing: How to Defend Against Persistent Phishing Attempts Targeting Your Organization
Protecting Critical Infrastructure: The 2021 Energy, Utilities, and Industrials Cyber Threat Landscape Report
Build a Case for a Password Manager