In January, a number of disruptions by the Telecommunication Infrastructure Company (TIC) caused various provinces across Iran to go offline for short periods. Meanwhile, an alleged hacking incident on Iran’s state TV was followed by an internet outage on the internet provider dedicated to the state broadcaster, the Islamic Republic of Iran Broadcasting (IRIB). It’s not clear if the outage was a result of hacking or if it was a step taken to protect the IRIB network.
On January 25 and 26, some TIC users experienced a near total internet shutdown for brief periods. The incident was pre-planned and some users had been informed in advance via text message. During the shutdown, however, some Iran-based sites, apps, and services appeared to largely be online according to some social media users, revealing an advanced local network totally separated from the internet. This bifurcation reaffirms Iran’s ability to shutdown international traffic during periods of political unrest and maintenance alike. Something that we already observed during the nationwide internet shutdown in November 2019 and for the first time we are seeing it for more regular disruptions.
Regional Outages
Chahar Mahall and Bakhtiari, Semnan, Ghazvin, Qom, Hamedan, Mazandaran, and Markazi provinces went offline in January. According to information received by Filterwatch from local sources, the disruption was pre-planned by the Telecommunication Infrastructure Company (TIC), and users were notified via text messages the day before the disruption took place.
In January, two major incidents were observed that caused near total internet shutdowns. In some cases, local internet users reported that they were not able to access the internet and their connection was limited to local network and National Information Network (NIN) services:
- This impacted the provinces of Ilam, Golestan, Yazd, Bushehr, Chahar Mahall and Bakhtiari, Kohgiluyeh and Buyer Ahmad, Kermanshah, East Azarbaijan, and Lorestan from 16 to 18 January.
Among them Chahar Mahall and Bakhtiari province went almost entirely offline from around 10am UTC until 2:30pm UTC on 15 January.
2. Between 22 to 25 January in the provinces of Mazandaran, Markazi, Semnan, Qazvin, Qom, Hamadan, South Khorasan, Alborz, Sistan and Baluchestan went offline for periods of time.
Among them, Semnan, Qazvin, Qom, Hamedan, Mazandaran and Markazi went almost entirely offline due to major disruption on the Telecommunication Company of Iran (TCI).
Based on Filterwatch investigations, the disruption was pre-planned and users were via text messages the day before.
The text message read: “Dear subscriber, following a notification from the Telecommunication Infrastructure Company, there is a possibility of disruption on all internet services between 2am-6am on Wednesday 26 January.”
According to a tweet by an internet user in Iran on 26 January “the internet was cut off for two hours and then only domestic applications were available (Filimo, Snap, etc.)” but international services such as WhatsApp and Instagram could not be reached.
However, based on IODA data, the disruption took place between 25 and 26 January on the TCI network.
-
Provider Outages
AS50810 – MobinNet are a “wireless broadband network operator in Iran, providing high-speed LTE internet, connectivity solutions, dedicated bandwidth, data center, and digital services”. MobinNet went entirely offline on AS50810 from 9pm UTC on 21 January until 6am the next day.
AS202391 – Afra Rasa is a network operator and was experiencing disruptions on AS202391 on 18 January. This affected users in Golestan, Fars, Razavi Khorasan, Tehran provinces.
- AS44400 – Ertebatat Sabet Parsian Co: a private sector consortium consisting of a total of 140 shareholders, who are among the leading individuals and companies providing communication and telecommunication services nationwide. Disruptions on AS31549 affected users Ilam, Fars, Razavi Khorasan, Khuzestan, Tehran.
- AS43343 – Tose’h Fanavari Ertebabat Pasargad Arian Co: This is one of Iran’s largest ICT consortiums, known as Fanap Telecom. Fanap provides internet services and network solutions. Disruptions on AS43343 affected users Ilam and Tehran.
AS58224 – Telecommunication Company of Iran (TCI): The TCI is one of Iran’s main internet providers, this disruption cause internet outage in Golestan, Ilam, Chahar Mahall and Bakhtiari, Yazd, Bushehr, Kohgiluyeh and Buyer Ahmad, Kermanshah, East Azarbaijan, Lorestan, Esfahan.
- AS49832 – Rikeza Ltd: is Internet Exchange Point (IXP). Disruptions on AS49832 affected users in Tehran.
- AS49103 – Asr-e Enteghal-e Dadeha Company: is a local ISP in Tehran. The disruptions on their network affected users in Tehran. According to IODA data, this ISP went completely offline on 18 January at 5pm UTC.
- AS43754 – Asiatech Data Transmission company: Asiatech is a nationwide data center and cloud provider. The disruptions on their network affected users in Razavi Khorasan and Tehran.
- AS42586 – IRIB (Islamic Republic of Iran Broadcasting): This is a dedicated internet provider for Islamic Republic of Iran Broadcasting (IRIB). The disruptions on their network affected users in Tehran.
Notably, the IRIB provider went offline on 27 January at 2pm UTC. This happened at the same time and day where following an alleged hacking of some IRIB channels “pictures of Mujahedin-e-Khalq (MEK) leaders Maryam and Masoud Rajavi appeared on state TV and a man’s voice could be heard chanting “Salute to Rajavi, death to (Iranian Supreme Leader) Khamenei!” were shown on national TV for around 10 seconds, according to videos posted on social media.”
The internet disruption may have been in reaction, or a protective measure following the hacking.
