Cyberwar in Iran (and what you can do about it)...
It's been a full week and the Iranians are still protesting in the streets, and the government is still cracking down on them. One of the largest stories the media has grabbed hold of is the role that cyberspace is playing in the uprising, however, before everyone has a Twitter-gasm, it's important to note that the details of this cyberwar don't reveal anything that's actually new.
Here's how the Iranian government has been cracking down in cyberspace over the past few days. As the Wall Street Journal reported, the government has slowed the speed of the Internet and limited access to specific websites. This is actually a more subdued approach - believe it or not - compared to how the Chinese government allows high-speed access with extensive censorship, or how the Myanmar government severed internet access completely for the entire country during their 2007 uprising.
The Iranian government is throttling bandwidth, which some critics argue is "almost the same as shutting off the Internet, since it makes accessing Web sites slow enough to discourage users". In the days immediately following the election, Internet traffic over broadband connections was down 54%. As one Iranian engineer described it, "The government can say it didn't disconnect the Internet, but the reality is you can't really use it."
So what can aspiring hacktivists do to help those twittering Iranians?
First of all, read Cory Doctorow's, "Cyberwar Guide for Iranian Elections". He offers a brief, 7-step plan for non-computer nerds to follow if they truly want to help the protesters. Some of these include instructions as simple as DO NOT publicize Proxy IP Addresses or bloggers' identities. It is a common sense reminder for people who too often have been tweeting recklessly in their haste to help.
Second, you can participate in what are called Distributed Denial of Service (DDOS) attacks. These have been around for years and remain controversial, but the basic concept is that the official Iranian government websites can be taken offline if their servers receive too much web traffic. For example, if thousands of people simultaneously go to the Iranian government's portal, their servers may become crippled by the wave of traffic. A few software tools exist to make DDOS attacks easier to execute with less people. PageReboot is a particularly good one (and all the more effective if you change the "Refresh rate" to only 1 second).
Third, you can setup a proxy server. This may require slightly more technical expertise, but the idea is that, since the Iranian government is censoring specific IP addresses, hacktivists need to give the protesters new IP addresses they can use to get through a government firewall and reach the outside world. People can create a proxy server either by using a pre-existing software tool like Tor, or else follow these instructions.
Fourth, and along similar lines, Iranians need to know which proxy servers are available to them (just because you set one up doesn't mean they'll know how to find it). So if you create or discover a working proxy that's accessible from within Iran, spread the word, but in a responsible manner. There are ongoing lists of working proxies like this one, updated regularly, which you can contribute towards.
Finally, as a very simple and symbolic show of support, Twitter users have been encouraged to change the foreground color of their avatar to green. You can use this link to make the change for you in one click.
Again, what is remarkable to those of us who study cyberwarfare for a living is that none of this is actually new. All of these tactics, both on the part of the government and the hacktivists, have been put into practice repeatedly for years. Perhaps the scale of the engagement is comparatively larger, but not necessarily by huge leaps and bounds. It'll be interesting to see if the hacktivists, with their new recruits, can sustain these freedom-fighting activities once the furor over these particular Iranian election results eventually quiet down.