Our Blog

Egypt – Cyberbattle of the Tor Brigades


Posted by
7 February 2011
16:01
2 comments
Tweet

How the Internet reacts to being cut off

At the start of the current tumult in Egypt, the Egyptian government attempted to cut off communications in and out of Egypt, including the Internet. While succeeding to a large degree, a small group of people, more specifically, a guy called Jacob Appelbaum, worked day and night to keep a communication lifeline open to Egypt using literally a handful of routable servers.

This post is a snapshot of what happened on the weekend of 27 January to 1 February 2011.

Jacob Appelbaum

@ioerror (Jacob Appelbaum)
If Egypt just took down everything except for banking/trading systems, I think the internet knows what kind of action to take! #egypt #jan25

Who is Jacob Appelbaum?

Dubbed by Rolling Stone magazine as the most dangerous man in Cyberspace, Appelbaum is a core developer at Tor, a product that uses encryption to help people stay anonymous on the Internet.

He is also a Wikileaks volunteer, who is probably being investigated by the FBI for his involvement with Wikileaks.

In 2008 Appelbaum co-demonstrated an exploit on Apple’s file encryption, FileVault, and subsequently released the exploit under the name VileFault. In the following video he speaks to Xeni Jardin about some of the cracking techniques involved.

Most importantly, though, Appelbaum created a the virtual bridge that allowed Egyptians to stay connected to the Internet during the blackout.

WTF is Tor?

Tor is a brilliant piece of software that uses a clever peer to peer encryption technique called onion routing, to ensure its users absolute anonymity on the Internet.

Tor was instrumental in keeping net savvy activists from Egypt anonymous while orchestrating and reporting on their revolution (clearly demonstrated by these usage stats, and these).

This is Tor’s normal, everyday function.

More interesting, though, is the role people who work on Tor, like Appelbaum, played in keeping Egypt online when the Egyptian government switched off the Internet and phone networks.

There are many ways of looking at this, but probably the most interesting is to, using Appelbaum’s Twitter timeline as a reference, look at a rough timeline of Egypt during the blackout:

Jan 27, 2011 – 12:30 EET:

Tor is being widely used in Egypt. Appelbaum notices and remarks on the fact that SMS is down, and some websites are being filtered.

Jan 28, 2011 – 00:01 EET:

Up to this point, TE Data, one of Egypt’s largest ISP’s, haven’t been blocking Facebook or Twitter. Suddenly, at midnight, this situation changes:

ioerror: TE Data blocking again includes Facebook,Twitter, dostor.org, and others. Networks seems seriously rate limited; gathering more data. #jan25

Appelbaum starts investigating, capturing network traffic and analysing it. It appears to be a very deliberate, carefully set up filter. Definitely not something that could be the result of an operational fault.

Jan 28, 2011 – 00:34 EET:

Suddenly, things take a turn for worse:

ioerror: Intense – it appears that Google is now filtered on TE Data DSL in Cairo. #jan25 #egypt

ioerror: @estr4ng3d Same – I’ve just lost two machines at once on TE DATA; something big just happened. Motherfuckers :-(

ioerror: I just lost all of my machines in Egypt. #jan25 #egypt

Appelbaum ramps up his investigations. He’s on the outside now, trying to get in. He suspects that the Seabone cable into Egypt (the International Backbone of Telecom Italia) was pulled on the Egyptian side. The last machine between him and any machines in Egypt seems to be a router with DNS name telecom-egypt.milano8.mil.seabone.net, suggesting that the cable is intact, but has been pulled by TE Data.

Jan 28, 2011 – 00:51 EET:

It pays to be persistent!

Noor, another large Egyptian ISP, is still up. As far as Appelbaum can tell, this is the only way into (and out of) Egypt at the moment.

Inside Egypt, the only workable network seems to be the SS7 network (the telephone switching network), and Appelbaum puts out a call to any X25 hackers to contact him. At this point the only way forward might literally be to rebuild the Internet in Egypt using the SS7 network.

ioerror: I have contact with people in Cairo – the entire internet isn’t shut off yet. The SS7 network still works. #egypt #jan25

ioerror: Any old X25 hackers online? If so – please hit me up? #egypt #jan25

Jan 28, 2011 – 02:37 EET:

At this point connections are possible from inside Egypt to the outside, not the other way round though. It’s not clear if this is due to links built on the SS7 network, but at least this means Tor functions, and because Tor uses its own routing protocol between different Tor servers, getting data in and out of Egypt is pretty much taken care of.

Jan 28, 2011 – 06:25 EET:

Since hackers are at this point targeting sites related to the Egyptian government, Appelbaum asks the community to not attack Noor, since it’s their last link with Egypt.

ioerror: It is extremely important that Noor DSL and the Noor ISP is not attacked. It is the last free standing point of access. #egypt#jan25

People post dial up howtos, and international ISP’s who created public dial up accounts specifically for Egyptian use.

habibh: Egypt can use this number for dial up: +33172890150 (login ‘toto’ pass ‘toto’) – thanks to a French ISP (FDN) #egypt #jan25

The rest of the weekend, with all the ISP’s in Egypt technically offline, Egypt as a whole gets more and more connected through various informal ways, like dialup, and Tor networks.

Later that weekend Google and Twitter steps in to create a voice-to-tweet service that Egyptians can use to leave reports on Twitter by phone.

The rest is history in the making.

These are very unique times. Many of the gospels preached by some of the first Internet evangelists are being put to test for the first time.

If anything were proven beyond any shadow of a doubt on the weekend of 28 of January 2011, it was this:

The Internet is as much, if not more, of a social construct than a physical one. Any attempts at shutting down the Internet should be compared to attempts at shutting up people. Not only does it violate a lot of what we stand for, but it is also futile.

UPDATE 2010-02-08: After posting this, a great, accurate post turned up detailing the exact sequence of Communication Shutdown in Egypt.

Posted by

Follow @adriaan_pelzer

2 Trackbacks

Leave a Comment

Your email is never shared. Required fields are marked *