Following the reelection of President Ahmadinejad in Iran, supporters of rival Mir Hossein Mousavi appear to have taken up cyber-arms and their protests online. So far there’s no evidence of botnets being employed to DDoS Irans main governmental Web sites, but that could change easily enough – after all, it’ll only take one supporter to whip out a credit card and rent a few tens-of-thousands of bots for the week.
Most of the cyber-protesting has been pretty unsophisticated – largely limited to simple DDoS techniques and antiquated opt-in tools. The real news worthy events center around the use of social networking sites to coordinate the mob – in particular, Twitter – despite emergency steps by the government to block traffic to/from Twitter and Facebook, along with satellite jamming of Farsi-language radio newscasts by the BBC and The Voice of America.
When I last scanned the tweets on Twitter the list of targeted Iranian Web sites had encompassed the following:
- Ahmadinejad.ir
- Farsnnews.com
- Irib.ir
- Iribnews.ir
- Irna.ir
- Justice.ir
- Kayhannews.ir
- Khamenei.ir
- Leader.ir
- Mfa.gov.ir
- Moi.ir
- Police.ir
- President.ir
- Presstv.ir
As for the tools, well they’re relatively unsophisticated – although, as time goes by, more DDoS tools are being thrown in to the mix. To date, they range from very simple “open lots of iframes within your browser” (such as Web pages like the one found at dev.austinheap.com/iran/)…
… through to the Low Orbit Ion Cannon (LOIC) DoS tool…
– Gunter Ollmann, VP Research