Recent events in Egypt

by ioerror | January 29, 2011

The current state of affairs in Egypt looks quite bleak for people using Vodafone, Orange, TE Data, and other well-known service providers. It is reported that each of those companies was ordered by the Egyptian government to turn down their internet services. The nature of the order and its legality is of course very unclear at this time. What is known is that nearly in perfect unison many Egyptian ISPs turned down their BGP route announcements to countries outside of Egypt and from what we've been able to gather they're also not peering with each other. The cables connecting (FLAG and SEABONE) Egypt to the world are still physically intact.

The impact of de-peering is significant; even if someone is able to get packets directly to the edge routers of TE Data or another ISP, no response will be forthcoming. Renesys, RIPE, and BGPmon have fantastic technical details for those without access to an active BGP router.

At this point it is also well-known that the ISP Noor has been up through the entire event. With access to systems inside of Egypt, we have discovered that it appears to be entirely unfiltered - Tor works perfectly, controversial websites are not blocked, and it is even quite fast compared to our systems on other Egyptian networks. As of very late last night, systems from Noor were still unable to reach systems on TE Data or other networks in Egypt. Early this morning it appears that another ISP, Etisalat (AS36992), returned to the Internet (via nileonline.palermo7.pal.seabone.net) and we're working with contacts in Egypt to test any possible filtering and to ensure that Tor is functional on their network.

In our tests of the TE Data network before it disconnected, we found very heavy handed but sloppy filtering. Tests of popular websites revealed that TE Data filtered based on IP blocklists, they did not tamper with DNS queries, they did not trigger TCP resets on keywords, nor did they attempt to perform any kind of Man-In-The-Middle attacks on SSL or SSH connections. While it is possible that TE Data may have layer seven filtering or Deep Packet Inspection capabilities, it does not appear to have used any advanced filtering methods.

While the seemingly unfiltered nature of Noor's network is a positive development and sharply contrasts with the heavy filtering of TE Data's network, we have no methods for discovering data retention policies or wiretapping capabilities of any of the available networks in Egypt. We urge all people in Egypt to consider that any ISP may log data and depending on political outcomes, it may not be favorable to have easy to trace records of your online activities.

Many Egyptians are also using dial up services that route through the Egyptian controlled state telecommunications systems. While on the face this seems safe and it may very well be safer than a known filtered or probably wiretapped network, it's certainly not outside of the capabilities of the Egyptian authorities to decode or analyse these kinds of communications. We urge people who are using dial up systems or leased lines, VSAT or even BGAN connections to be cautious. The nature of any internet connection has a variable difficulty for monitoring but it is by no means impossible. That's why we're working so hard on Tor because the world needs software for traffic analysis resistance; the internet doesn't have this for free and certainly not in a country with a highly centralized internet architecture.

There is a serious trade off to be made by users in hostile network environments with major political instability: Tor usage is possibly detectable with a skilled adversary. Connections made with questionable "privacy" or "security" proxy services are certainly easier than detecting Tor because of their static nature. The same is true of VPN services: all of these things are probably detectable with the right understanding and the proper equipment. It goes without saying that entirely unprotected connections to known unfavorable sites or services is detectable and well within the reach of the Egyptian network operators.

Please understand that while we make no promises, we believe that Tor is currently the best option for people in this situation. It's what we use when we're in Egypt and it's what we think will serve people the best in Egypt when they have a network connection to the rest of the internet.

The number of users in Egypt in the last week has skyrocketed:

The number of bridges run around the world has increased remarkably:

Most impressively, the number of fully public Tor relays has increased:

It appears that the Tor network itself has gained bandwidth capacity and geographical scope thanks to people concerned with the situation in Egypt. If you'd like to get involved, we'd love it if you could help by running a Tor relay or a Tor bridge.

Update: As of late January 30th, most of Egypt's BGP routes for residential access has been pulled from the Internet.

Comments

Please note that the comment area below has been archived.

January 29, 2011

Permalink

I am currently in China and I just want to say thank you from the bottom of my heart. I can easily comunicate with my whole family via. facebook. Whem I get home to Canada I will set up a relay network to help others.

Read "Litle Brother" http://craphound.com/littlebrother/, http://craphound.com/littlebrother/download/ or "For the Win" http://craphound.com/ftw/, http://craphound.com/ftw/download/ by Cory Doctorow.

In "Someone Comes to Town, Someone Leaves Town" http://craphound.com/someone/, http://craphound.com/someone/download.php, there's food for another idea: Imagine WiFi routers reprogrammed to route everything in encrypted (twice, using two different algorithms, autochange at least once a week) form and anonymously, maintaining sessions by means of randomly generated throwaway session IDs and perhaps GPG signatures rather than using IPs and MAC addresses. Either no logs or even log memory, frequent log purging or well encrypted logs/completely encrypted system internally). Add a mechanism for reducing/managing redundancy and let them run on mobile phone batteries + solar charging. Now you can build truly free local Internets. There are surely ways of making uplinks to other geographical locations or outside a country's borders Cantennas, lasers or old-fashioned radio carriers (from longwave to shortwave, digital and encrypted signal) for long-distance links, or even satellite uplinks. On the user side, encrypted combo USB WiFi dongles (same anonymous way of operation as the routers) with all the necessary software and TOR ready-to-use inside.

With a simple gyro device and parachutes (think plastic bags + cord), an area could be showered with such devices, automatically turning into correct operating position upon landing. Umbrella type satellite dishes is just one option for providing some satellite uplinks or the like.

If possible, the WiFi signal could be made to look like signal noise, making detection and homing in for elimination difficult. The technology is known, just a matter of having the knowhow and programming it.

All of the above can be applied to mobile phone networks too. Technology (software) making every cell phone a cellular network router/repeater already exists (Swedish invention) and just needs tweaking.

Not only the oppressed would benefit from such technology, everyone in both the developing world and the rich countries would, ensuring true Internet freedom and Internet access.

//GA

Hi, and Thank You!

Any links to info about these ideas? I've been wondering about whether this might be possible, after watching Egypt, and hearing that Mr. Obama was looking for an "internet kill-switch" in the USA. We need a new internet that is more distributed, robust, and - dare I say it? - democratic.

What I don't personally have is the tech expertise. I wouldn't even know where to start. -But I'm willing to learn. I'm starting to Google your terms, but if you know of sources for good, concentrated knowledge on these subjects, please share.

//MI

January 29, 2011

Permalink

You inspired me!
I've setup a tor exit node on my debian VPS. Hope the provider doesn't mind. ;)

January 29, 2011

Permalink

set up a Tor bridge yesterday; however can't tell if it's being used; bandwidth graph doesn't show much activity, some, but not much...hope i am doing everything right!

Probably you're doing everything right.

Tor relays (bridges ^= dark relays) need "a little" time to come up to speed.

I think this might be to protect the network, you need to be stable enough to get traffic.
My Tor relay was restarted 24h ago with a limit of 20MBit, it took >8h to get over 10kBit of traffic, after 16h it was at about 600kBit, currently it has about 8Mbit. and rising.

I had to learn the hard way that you have a long wait for traffic when you restart to make changed parameters active, it is possible to change torrc and send SIGHUP to reload it.

The same "problem" for me, my bridge has nearly 0.00 KB/s (up & down) , the msg in log say it's up and all ok, but ...

Hope that in some extra time it get more traffic.

I've run bridges on and off for years though one I configured recently is receiving zero incoming. Nothing at all. TORRC looks fine, same as I've always used, inbound ports are open, nothng is blocking, just there hasn't been even a single (client) packet inbound to the ORPort yet since I started it 2 days ago. The only inbound seen has been immediately after startup where what I gather are a selection of Tor servers out there momentarily check bridge connectivity (I see around 4 inbound connections pull ~150KB shortly after firing the service up, and then that's it).

I'm wondering what's going on.

Day 3. Still zero clients inbound, only the occasional Tor relay/exit/node popping in momentarily for a quick chat.

Not much demand for bridge relays then?

January 29, 2011

Permalink

Gosh it feels good to be able to help other people, even though I live in Australia halfway across the other side of the world. I've been running my Tor Bridge for a few days now and notice that the vast majority of users are from China. Haven't seen any from Egypt yet...

January 29, 2011

Permalink

The fast pace of mankind is showing up all around the globe. We are people of the earth and the sooner we realize that the better off we will be. I hope the government realizes that and gets the internet up and running again.
Scary thought how easy a country can shut down information.

January 29, 2011

Permalink

Pirate Party of New York is currently running Tor bridges 24/7 among numerous members and getting more people to do so everyday. Thank you for giving us the power to help others and keep up the great work!

<3 PPNY

January 29, 2011

Permalink

I'm intrigued as to why the "number of active bridges" chart is nearly a perfect sine wave. Connections only available in the daytime?

-- abadidea

January 30, 2011

Permalink

Possibly how they did it.
I am in Egypt and using Noor DSL
All blocked networks are routed through AFRINIC http://www.afrinic.net/
Machines can connect to local routers and free dial-up numbers such as 07777777 or 07770777 but if you do trace-rout all traffic ends at AfriNIC., This was tested for TE Data, Itisalat, Link
Noor DSL is routing through a google IP 72.14.198.229 and is getting through.
I don't know if this information can be used to help the people being blocked.
I leave this to the tech savy
Best of luck

As of yesterday, Noor has also gone dark, as Mubarak commits Egypt to financial suicide. What little traffic is still getting out is apparently via asynch dial-up (POTS) to ISPs in other countries. With proposals afoot to give "kill-switch" authority to POTUS, I think I'll hold on to my last USR 56K brick, instead of throwing it away as planned...

January 30, 2011

Permalink

Ok first of all i know this isn't the right place for this.

Is there a way for a exit node to decide which sites it allows exits to? Something like facebook, twitter and some newspapers?

This way i could participate as a exit node without having to worry about the police accusing me of being a pedophile. Or is there a good reason why this shouldn't be done?

January 30, 2011

Permalink

Good stuff! I installed and set up bridge. Even though it's arm chair assistance, the fact that the world can get involved is tremendous. Perhaps we should prepare for wider shutdowns in other nations north-south-east-west as governments become more alienated from their people. The "leaders" just don't get it and in many instances, the "public" just goes along. People in Egypt, Tunisia, Yemen, Jordan (and those in France and UK that rebelled against budget cuts) show us all that real change does not happen until the street is occupied. Thanks TOR and to the US Navy for initial funding.

January 30, 2011

Permalink

Very interesting, am pleased to see that freedom still exists in the face of those trying to stop it.

January 31, 2011

Permalink

What's interesting to me about the internet is that the "free frontier" aspect of it is, inevitably, going to fall to corporations and the government. However, once it does, I see stuff like this liberating it again, causing what could possibly be termed as an internet revolution. Glad to find out that projects like this exist, and glad to see that, even though they may try and have some measure of success, no one country can COMPLETELY sever its people's connection to the internet overnight.

- Locke

January 31, 2011

Permalink

can i browse the internet for free using gprs my fone working as a modem on my computer

February 01, 2011

Permalink

As has been the case in the past, radio amateurs aka 'hams' have made emergency communications available when normal channels are cut. In the United States of America they are represented by the American Radio Relay League 'ARRL'. There must be a comparable group in Egypt. I do not know whether they are able to operate as ISP's, but they can at least provide communication more basic levels.

February 02, 2011

Permalink

Ive got 3 vps in an egypt telecom data centre that have just come back online.

OpenVz/Linux/Solus.

Sadly, I suck at installing things like tor very quickly, if someone with quicker/better skills wants to have a go and get tor running while its all working mail me.

treeist - at - gmail

February 02, 2011

Permalink

situations like these highlight the value of tor. I do have a question i am not sure if this is the right place to ask it but from what i see there is no forum, so hopefully someone will be able to answer. It's not clear to me who can be a TOR entering node, my concern is in case of ISPs who want to monitor users, if they are able to provide an entering TOR node, all they need to do is to forbid for their users access to the rest of TOR nodes resulting the use of their node to entering TOR network and by that gain total access on the traffic of their users. Is that correct or i am misunderstanding something?

February 03, 2011

Permalink

With expansion, sorting out the rotten apples in the network becomes a rising priority. The damage a single corrupt node can do is worse than all those Echelon domes on the face of the planet, and once corrupt nodes can remain a permanent part of the network it will only be a matter of time until they might obtain a legal monopoly in some places, turning it all into a worse than useless farce.

In the recent weeks the indymedia network is doing just that - international activist communications have been polluted by secret police for quite a while, and with the increase in common sensitivity brought about by Wikileaks now there is rollback. European nodes reported a number of successes in dissassembling infiltration and entrapment cases, and that part of the network has begun rearranging itself. Arizona indymedia was crucial for bringing about the spiritual paralysis of the global surveillance regime which gave breath to the insurrection in North Africa. Australia indymedia has better in depth analysis of the events than any diplomatic cable. In the past, indymedia has lost some nodes in West Asia to secret police totalitarianism, and would be enriched by a new node with a fresh spirit.

Mubar(a)k is only the currently most annoying high profile CIA proxy. We'll shut the entire circus down, and by helping a fellow human being unwind government minders you can be a part of it.

February 12, 2011

Permalink

I am in Egypt and work in the IT Sector as a foreigner I have a point of view that is much different from those who are looking from the outside in... The system is very broken here when it comes to data and internet. I work with all providers for years and years. The idea that they are capable of advanced packet filtering at any level is interesting.

TE Data is reliant with outsourcing of the high end capacities of there network and that is the primary reason the shut down was so sloppy on their side. Silly pride will not allow them to make the phone call to have the outsourced technical support team help them to shut things down properly.

To me it is amazing that they were even capable to do rudimentary DNS Filtering. TE Data uses Open DNS as their Primary DNS Servers and uses the advanced features of the Pro Service to filter as they like. The ADSL and Dedicated users are mostly on DHCP for IP Addressing and when Static IP are assigned the give the Open DNS server as the DNS the client should use.

The population is not informed enough to understand DNS so it is an easy FREE way to do base filtering. As I said when this started the only to stop the access is by flipping the power switch at Ramses. Shutting down the Core routers is the only way because those who have rudimentary knowledge will by pass the measures.

They spent days trying to manage a controlled shutdown and then it came down to a power breaker! Kill the core and it all falls down! No BGP4 - No Internet!

February 12, 2011

Permalink

Leaving the sms system down is only for one reason! Phone calls can be tracked by increased volume and the looked at to see who was calling who. Then they can be linked to internal spy data of people of interests.

The mass sms will not so much point to the ring leaders of the opposition groups... So at the time that retribution and or payback goes into play... those who spearheaded the coordination of the people for the revolution will be easy to find...

February 17, 2011

Permalink

I have just downloaded and begun to use Tor after a suggestion from an IT Security friend. I love it, I love its mission and purpose.

I am forever going to be a a relay and exit-node. This service is valuable in this day when governments and those with power want to shut down the common man.

February 23, 2011

Permalink

This user wants intelligent exit enclaving. If there are no exit nodes with the same IP as the website target, there should be some in the same country or continent. A reasonable balance between minimising the distance (especially the presence of network bottlenecks) between exit node and target, and minimising the predictability which exit node might be used to reach a certain website might be the best defence against the echelon datamining + last mile wiretap correlation attack method.

February 11, 2012

Permalink

I had a dream to begin my organization, but I did not earn enough amount of cash to do that. Thank God my close mate proposed to take the personal loans. So I used the student loan and made real my old dream.