Iran's emerging 'netwar'

Greg Walton has been in charge of the Citizen Lab's Twitter outreach in Iran, offering access to software that help's them view banned content. CBC News reached Walton by email to find out how Iran's conflict has spread online.

Canadian group helps keep Iranians connected as government blocks websites

As protests in Iran in the aftermath of the national election enter their fourth day, social messaging tools such as Twitter have emerged as new sources of information, even though the site itself has been blocked in Iran.

Citizen Lab, which operates out of the University of Toronto's Munk Centre for International Studies, is one of many groups making software available that allows citizens in Iran to sign on to a server that gives them secure access to web pages anywhere, bypassing government restrictions while allowing access to services such as Twitter.

The organization, led by director Ron Deibert, is perhaps best known for its work with the Ottawa-based think-tank SecDev Group in uncovering what they called GhostNet — a spy network based in China that had infiltrated more than a thousand computers belonging to government departments and other organizations in 103 countries.

Greg Walton is the editor of the Information Warfare Network, a joint project of The SecDev Group, Citizen Lab and the Advanced Network Research Group and part of the Cambridge Security Programme in the U.K. During the last few days, Walton has been in charge of the Citizen Lab's Twitter outreach in Iran, offering software access to people in Iran through Twitter to help them view banned content. CBC News reached Walton by email to find out how Iran's conflict has spread online.

Q: In what ways is the Iranian government attempting to cut off access to information since the election?

A: Speaking as a researcher for ONI [the Open Net Initiative] Asia, I'm afraid we haven't yet developed an acceptably accurate suite of tools for monitoring what Prof. Deibert refers to as "just-in-time censorship" during election campaigns. However our engineers are actively working on such a project, consequently I can only report on what I am hearing from Tehran with regards to which sites are blocked.

Social networking sites are blocked — notably Facebook and Twitter — however Iranians are using proxy servers to access these sites. Opposition websites are also blocked. We have unconfirmed reports that they have also been defaced and/or disinformation posted.

The best analysis we have on the overall state of Iran's internet comes from CircleID.

Q: What are the ways around these information blockades?

A: Speaking as Psiphon Inc.'s forward deployed Psi-Operator — I can tell you that we have an aggressive Twitter campaign currently in operation propagating our proxy nodes.

We are giving away what we call "right2know" nodes that "push" banned content to Iranians, and that they then can use to surf other banned content, without even signing up for an account. They can sign up if they choose and we're getting hundreds of people signing on — one a minute in the first hour-and-a-half we set up the first node.

Q: What can you tell me about the people who have downloaded the software? What are they trying to view?

I'm reluctant to go into the stats on what people are surfing from Iran, but to give you a sense — RadioFarda is popular as is the mobile version of Facebook, the BBC and other international news agencies.

Q: What kind of impact has social media and the internet had in shaping events in Iran during the last 72 hours?

Speaking as editor of the Information Warfare Monitor, I can confirm that we have been tracking numerous (possibly thousands of) calls to launch DDOS (distributed denial of service) attacks against Iran government sites via Twitter in the #iranelection channel.

We have been urging people to resist these calls. [As our Twitter message said]: "Pls resist calls to DDOS govt websites - will slow down access for everybody going through Iran's int gateway #cyberwar."

We can confirm that some [government] sites have been defaced — but are now restored — apart from, which is now offline and was defaced, but I don't have screenshots. Currently down possibly due to DDOS.

I would characterize this phenomena as "netwar" as opposed to "cyberwar". Netwar is a term developed by RAND researchers John Arquilla and David Ronfeldt to describe an emergent form of low-intensity conflict, crime, and activism waged by social networked actors. Typical netwar actors might include transnational terrorists, criminal organizations, activist groups and social movements that employ decentralized, flexible network structures.

The term is proposed in order to focus specifically on the spread of network-based organizational structures throughout the low-intensity spectrum of societal conflict. It is argued that other terms applied to information age conflict, such as "information warfare," are inadequate, focusing too narrowly on technological issues while missing the broader social transformation enabled by technological advances. "Cyberwar' is a corresponding term which Arquilla and Ronfeldt propose to describe high-intensity information age conflicts.