Bypassing Iran’s National Information Network (ShoMA)

Following my previous articles on Iran’s “filternet” and the new (sort of) National Network (ShoMA) which are both attempts from the government of Iran to block internet access for Iranians (officially just to create a “clean” Internet, free of security threats and un-Islamic content), this article suggests some options to bypass ShoMA. It may be a case of cat-and-mouse between being able to access a site to download the software in the first place, before you can then bypass ShoMA. The regime can’t block everything, so basically there will ALWAYS be a way to bypass ShoMA

There is much talk online by Iranians in supporting ShoMA! You must wonder if they are supported by or live in fear of the regime

I think as it’s impossible for the regime to block access to all Internet websites, ShoMA could perhaps be most effective (assuming you cannot bypass it) at throttling Internet access speeds to sites anywhere outside of the ShoMA Intranet.

Smartphone access

The Iranian regime is finding it hard to combat the massive market for smartphones accessing Western-based social media applications which the regime is trying to ban/block/discourage such as WhatsApp, Viber, and Telegram. More Iranians access the Internet via their smartphones than they do from PCs/laptops, etc. which mirrors how most people around the world access the Internet.

The regime is trying to encourage Iranians to use domestic equivalent applications via Iran’s equivalent to Google Play, for example, but why would anyone want to do that when they can continue to get access to the rest of the Internet and speak with friends outside of Iran?

Anonymous VPNs

Just Google for “iranian vpns” shows some likely providers which are popular in Iran right now (2016), such as the following:

  1. NordVPN
  2. IPVANISHVPN
  3. SAFERVPN
  4. VPN AREA
  5. VYPRVPN
  6. TorGuard VPN

Obvious/not-so-obvious features to look for in a good Anonymous VPN are:

  • SSL tunnels for encryption of traffic (not much point using a VPN if it cannot do this!).
  • “Stealth” features that will bypass DPI (Deep Packet Inspection) firewalls & unlike normal VPN traffic which can be filtered or blocked by an ISP, services will appear as regular HTTPS traffic making it virtually impossible to block (you will have the double protection of using a VPN and proxy). TorGuard’s Stealth VPN Service, for example, offers this. See here for details. You can view a video on this feature here.
  • Unlimited server switching and IP addresses.
  • Application support to run on your phone as well as your PC.
  • Use a combination of VPN and online stealthed proxy servers or use VPNs with Tor (very slow/may be blocked!).

Other previous popularly downloaded VPN software in Iran (some of which may now be blocked, so check!) by platform (Windows PC or Android) are/were:

Windows: 

  • Psiphon 3
  • Freedome
  • Hotspot Shield
  • Lantern
  • Ultrasurf
  • Freegate

Android:

  • Hotspot Shield
  • Psiphon
  • F-secure Freedom VPN
  • Rakhsh
  • Hola
  • Gospeed
  • Tunnelbar
  • ShellFire
  • GoVPN
  • Haftkhan VPN
  • FreeVPN In Touch
  • North Ghost Touch VPN
  • Your Freedom VPN
  • Globus VPN


Tor/Orbot

Tor is used less in Iran than previously, because it’s easier for the regime to block the traffic, and because the speeds are VERY SLOW, so VPN access will always be sought by Iranians in the balance between speed of access and security/anonymity. Tor may work even if standard VPNs, proxies, and SSH tunnels will not.

Online proxy servers

These are sites where you can either get in or get out of Iranian networks and are sites which the regime may try and block/the servers themselves may only be temporary. Typically comprise HTTP (for speed, not security) or HTTPS (for security) connections typically connecting via ports 8080; 80; 3128 or 8888. You simply set your browser to use the socket proxy settings so all traffic goes through that proxy. Some example sites that list Iranian proxy servers are:

SSH Tunnels

You may be able to access a server you already pay for and connect to it via the SSH (Secure Shell) protocol; you can then tunnel all your traffic via that server. If SSH connections are blocked, then you won’t be able to connect to the server.

DNS Filtering

This is least likely to work, but involves changing the DNS servers through which to request. Some Internet service providers have implemented filtering by changing their DNS servers to redirect requests for the blocked websites to another website. Examples include OpenDNS or Google public DNS servers, but these would be likely blocked by ShoMA.

Satellite access: a fantasy?

Assuming you can afford this expensive option and can get a subscription and a portable VSAT (Very Small Aperture Terminal), then satellite Internet access could be a way to bypass ShoMA, as the regime will not have access over satellite providers and they cannot disrupt or jam all such connections? VSATs are used in Internet cafes but you would need to present your national ID in such places…

The cost to purchase and run is very high and would need to be shared by many people to be affordable, so is maybe just a fantasy.

  

Serious Flaw: POODLE SSL 3.0

A bug has been found in the Secure Sockets Layer (SSL) 3.0 cryptography protocol (SSLv3) which could be exploited to intercept data that is supposed to be encrypted between computers and servers. Three Google security researchers discovered the flaw and detailed how it could be exploited through what they called a Padding Oracle On Downgraded Legacy Encryption (POODLE) attack (CVE-2014-3566). 
 
It is important to note that this is NOT a flaw in SSL certificates, their private keys or their design but in the old SSLv3 protocol. SSL Certificates are not affected and customers with certificates on servers supporting SSL 3.0 do not need to replace them.
This flaw is highly likely not to be as serious as the Heartbleed bug in OpenSSL, since the attacker needs to have a privileged position in the network to exploit the latest. The usage of Hotspots, public Wi-Fi, makes this attack a real problem. This type of attack is a “Man-in-the-middle” attack. 
Solution:
  1. Check to see if SSL 3.0 is disabled on your browser (for example in Internet Explorer it is under Internet Options, Advanced Settings).
  2. Make sure “HTTPS” is always on the websites you visit to avoid MITM attacks.
  3. Monitor any notices from the vendors who you use regarding recommendations to update software or passwords.
  4. Avoid potential phishing emails from attackers who ask you to update your password. Stick with the official site domain to avoid going to an impersonated website.
  

5 Million Gmail Account Usernames & Passwords Hacked

Nearly 5 million usernames and passwords associated with Gmail accounts have been leaked on a Russian Bitcoin forum. The database contains 4.93 million Google accounts belonging to English, Russian and Spanish speaking users.
The list has since been taken down, and there is no evidence that Gmail itself was hacked, just that these passwords have been leaked. Most sources are saying that lots of the information is quite old, so it is likely they were leaked long ago, though others claim that 60% of the passwords are still valid.
You should change your passwords now and ideally use 2-factor authentication for extra protection.