Network Monitor

Network Monitor – December 2020

In December, significant Internet disruptions affected Instagram. Elsewhere, some web hosting companies experienced notable outages throughout the month.

In Iran, December 2020 was an ‘Instagram story’ of internet disruptions that largely seemed to affect the popular social media platform. Although the disruption of Iranian Instagram traffic isn’t uncommon, the Filterwatch team observed more significant service interruptions this month than in preceding months.

On the basis of the available evidence, it appears that misconfigured networks may have been to blame for the disruptions, which mostly affected MCI mobile data services. However, Filterwatch is unable to confirm that all of the issues identified in this report were caused by such misconfigurations.

Elsewhere, some web hosting companies experienced notable outages throughout the month of December. More details follow in the full report below.

December 17 – Probable network misconfiguration sparks fears of man-in-the-middle attacks on Instagram users

On December 17 a number of Iranian Twitter users announced that when they tried to open the Instagram website on their browser, they received a message stating that the website’s certificate was invalid. 

Such messages could indicate a man-in-the-middle attack against Instagram users, triggering concerns. Such worries would not be unfounded, in light of Iran’s history of using this method of attack against Google users back in 2011. As a result, a number of users expressed nervousness about using Instagram without enabling a safe and secure VPN.

Based on users’ reports, this issue was seen in relation to MCI mobile data services, with no reports of this error being encountered via other service providers. Since the news broke, no Iranian officials or MCI representatives have provided any explanation for the disruption.

The Iranian Twitter user Abraham Ghasemi documented and analysed the incident, and concluded that the disruption was more likely attributable to misconfigured networks than any other explanation.

Based on Ghasemi’s finding, MCI is returning 52.72.145.79 as the IP address of Instagram, which no longer belongs to Instagram. He concluded that the MCI DNS cache server was using out-of-date data.

December 18 – Shiraz-based hosting company experiences service outage

According to OIM data, the Shiraz-based web hosting company Rayaneh Asr-e Ertebatat Bam Technology and Engineering Cooperative Co (AS58331) was disconnected from the internet for approximately two hours. No explanation was offered by either the company, or ICT Ministry officials. 

December 19 – Disruptions on AFC Farsi account live broadcasting of a football match

The Asian Football Confederation (AFC) Champions League Final between Iran’s Persepolis FC and South Korea’s Ulsan Hyundai FC took place on December 19. AFC announced on its Persian-language Instagram account that Adel Ferdowsipour, a popular sports reporter who has been banned from appearing on IRIB, would commentate this match on a livestream on AFC’s Persian-language Instagram. AFC also announced that for Iran-based audiences, the match would only be officially broadcasted live on its Instagram account, rather than Iranian TV networks.

According to a source in Iran’s ICT Ministry, the IRIB-affiliated Audio and Video Regulatory Authority banned all live streaming websites from broadcasting from the AFC’s Persian-language Instagram account as a result of Ferdowsipour’s reporting.

During the game some IranCell and MCI reported that they are not able to watch the game through Instagram Live. However, other IranCell and MCI users reported watching the entire game without any problems. Furthermore, Filterwatch’s research showed that there was between 0.1-0.3% packet loss on Instagram traffic in Iran, which is not an unusual figure.


On December 22, the Reformist political activist Ali Akrami disclosed a letter from the ICT Ministry to the director of MCI. The letter referred to reports received from the Telecommunication Infrastructure Company (TIC) stating that there was a “serious disruption” of MCI mobile data exactly at the time of the AFC Champions League Final. 

In the letter, the ICT Ministry asked MCI to disclose the reasons for the disruption within 48 hours. However, in spite of this request, no public explanation was given.

December 20 – 21 – Another web hosting company experiences disruption

Based on OIM data, the hosting company Netmihan Communication Company Ltd (AS204213) was largely disconnected from the internet from around 19:00 on December 20 until roughly 01:00 on December 21.

December 31 – Iran’s domain name registry experiences further outage

Iran’s Research Center of Theoretical Physics & Mathematics (or IPM) (AS6736) was almost completely disconnected from the Internet on December 31 for a period of roughly two hours. 

This is the sixth time this year that IPM has experienced major disruption, following outages in March, June, July, August, October and November. It has failed to provide any explanations to the public, or its users.

IPM is responsible for handling Iran’s top-level domain, and provides Internet services for universities, educational institutions, and research centers, which also tend to experience disruptions as a result.

 

About the author

Amir Rashidi

Amir Rashidi

Filterwatch