Thursday, February 17, 2011

How did Egypt switch off the internet?

One of the most ominous governmental moves of our time was Egypt's ability to switch off the internet.
Amid spreading protests, the Egyptian government has taken the incredible step of shutting down all communications. Only a handful of web connections, including those to the nation’s stock exchange, remained up and running.

It’s an astonishing move, and one that seems almost unimaginable for a nation that not only has a relatively strong Internet economy but also relies on its connections to the rest of the world.

But how did the government actually do it? Is there a big kill switch inside Egyptian President Hosni Mubarak’s office? Do physical cables have to be destroyed? Can a lockdown like this work?

Plenty of nations place limitations on communications, sometimes very severe ones. But there are only a few examples of regimes shutting down communications entirely — Burma’s military leaders notably cut connectivity during the protests of 2007, and Nepal did a similar thing after the king took control of the government in 2005 as part of his battle against insurgents. Local Chinese authorities have also conducted similar, short-lived blockades.

The OpenNet Initiative has outlined two methods by which most nations could enact such shutdowns. Essentially, officials can either close down the routers which direct traffic over the border — hermetically sealing the country from outsiders — or go further down the chain and switch off routers at individual ISPs to prevent access for most users inside.

In its report on the Burmese crackdown, ONI suggests the junta used the second option, something made easier because it owns the only two Internet service providers in the country.

The Burmese Autonomous System (AS), which, like any other AS, is composed of several hierarchies of routers and provides the Internet infrastructure in-country. A switch off could therefore be conducted at the top by shutting off the border router(s), or a bottom up approach could be followed by first shutting down routers located a few hops deeper inside the AS.

A high-level traffic analysis of the logs of NTP (Network Time Protocol) servers indicates that the border routers corresponding to the two ISPs were not turned off suddenly. Rather, our analysis indicates that this was a gradual process.

While things aren’t clear yet, this doesn’t look like the pattern seen in Egypt, where the first indications of Internet censorship came earlier this week with the blockades against Twitter and Facebook, but when access disappeared, it disappeared fast, with 90 percent of connections dropping in an instant.

Analysis by Renesys, an Internet monitoring body, indicates the shutdown across the nation’s major Internet service providers was at precisely the same time, 12:34 a.m. EET (22:34 UTC):

Renesys observed the virtually simultaneous withdrawal of all routes to Egyptian networks in the Internet’s global routing table … The Egyptian government’s actions tonight have essentially wiped their country from the global map.

Instead, the signs are that the Egyptian authorities have taken a very careful and well-planned method to screen off Internet addresses at every level, from users inside the country trying to get out and from the rest of the world trying to get in.

“It looks like they’re taking action at two levels,” Rik Ferguson of Trend Micro told me. “First at the DNS level, so any attempt to resolve any address in .eg will fail — but also, in case you’re trying to get directly to an address, they are also using the Border Gateway Protocol, the system through which ISPs advertise their Internet protocol addresses to the network. Many ISPs have basically stopped advertising any internet addresses at all.”

Essentially, we’re talking about a system that no longer knows where anything is. Outsiders can’t find Egyptian websites, and insiders can’t find anything at all. It’s as if the postal system suddenly erased every address inside America — and forgot that it was even called America in the first place.

A complete border shutdown might have been easier, but Egypt has made sure that there should be no downstream impact, no loss of traffic in countries further down the cables. That will ease the diplomatic and economic pressure from other nations, and make it harder for protesters inside the country to get information in and out.

Ferguson suggests that, if nothing else, the methods used by the Egyptian government prove how fragile digital communication really is.

“What struck me most is that we’ve been extolling the virtues of the Internet for democracy and free speech, but an incident like this demonstrates how easy it is — particularly in a country where there’s a high level of governmental control — to just switch this access off.”





No comments:

Post a Comment