Protesting Iranians were already using new technology like Twitter to coordinate their efforts, as we noted on Monday. Now those protests are taking a new direction—with simple crowd-sourced denial of service (DDos) attacks being aimed directly at government sites.
These attacks were rumored before, but now they're happening for sure, and the targets are pretty widespread. According to "Internet Censorship Explorer" Nart Villeneuve the targets include Ahmadinejad's official site, the Iranian justice and judiciary Web sites, police Web site and news sites like Rajanews.com and Farsnews.com. All are sites that directly or indirectly have pro-government leanings.
The really interesting thing about these attacks are not that they're going on—DDoS attacks after elections apparently isn't a new phenomenon—but how they're being carried out. Rather than using simple code, with automated viral botnets and the like, these efforts are largely being driven by hand. There are a number of simple scripts going around that can be downloaded and which continually re-load the target Web sites in a browser window. It's a simpler system, being coordinated by word of mouth, Twitter and other means, but it appears to be effective—all the target sites are offline, or have bandwidth issues. In a test yesterday, Villeneuve found the following were unavailable:
16/06/09 12:18www.iranjudiciary.org/184.108.40.206(51, "Network is unreachable")
16/06/09 12:18rajanews.com/10.7.222.162(51, "Network is unreachable")
16/06/09 12:18www.farsnews.com/220.127.116.11(61, "Connection refused")
16/06/09 12:18www.leader.ir/18.104.22.168(61, "Connection refused")
16/06/09 12:18www.president.ir/22.214.171.124timed out
16/06/09 12:18www1.farsnews.com126.96.36.199timed out
16/06/09 12:18www.irna.ir/188.8.131.52timed out
16/06/09 12:18www.police.ir/184.108.40.206timed out
16/06/09 12:18www.mfa.gov.ir/220.127.116.11timed out
And the subtlety that this is a crowd-sourced form of cyber war, or cyber revolution, rather than an anonymous automated network of infected PCs, shouldn't go unnoticed. The new technological infrastructure is giving people a way to protest and act in ways that wouldn't have been possible before. While the morality of DDoS attacks remains a grey area, it's nevertheless a fascinating V for Vendetta-style effect in action.
On a related note, there was a brief flurry of worry yesterday that the BoingBoing site, which has been covering the Iranian issue and Tweeting about it, was suffering a retaliatory DDoS attack, possibly Iranian government-sourced. This isn't the case, as Joel Johnson has tweeted to confirm this. The powers that be are instead contenting themselves with restricting the activities of foreign journalists inside the country.