Farsi Version
Download PDF
Accessibility
Text Size
100%

Next-Generation Filtering; Phishing with Governable Templates Analytical 

Filterwatch’s research indicates that the “next-generation proxy,” a topic of discussion among Iranian authorities, is a multifaceted initiative. It is not only a part of the Supreme Council of Cyberspace’s resolutions aimed at boosting domestic internet traffic and enhancing censorship measures but also builds upon a foundation laid by previous technical projects.

This approach essentially consists of replicating a non-Iranian service or website by establishing a counterfeit version. This is done through an intermediary that receives user requests, inspects them, and if necessary, censors them before sending them to the original service. It then delivers the possibly censored response back to the user.

Such methods not only facilitate extensive spying on users but also effectively represent the implementation of phishing on a large scale.

Phishing is a type of social engineering attack that is typically carried out via email with the goal of stealing login credentials. It involves creating a fake and copied version of the desired service or website to deceive users and gather their sensitive information.

Therefore, this new method not only jeopardizes the security and privacy of citizens but also represents a new form of censorship. 

Resolution on strategies to increase the share of domestic traffic and counter circumvention tools

The approval of the resolution (Alternate link), officially titled “Strategies to Increase the Share of Domestic Traffic and Counter Circumvention Tools,” on February 18, 2024, marked a major development in Iran’s internet access policy landscape this February. The resolution, which bans VPNs and mandates the use of native shells for accessing services of filtered platforms, gained significant attention. According to Article 4 of the resolution, Iranian users must access services from well-known foreign platforms via “governable platforms.”

About a month after the resolution was passed, Mohammadamin Aghamiri, the Secretary of the Supreme Council of Cyberspace, informed the IRIB News Agency on March 17, 2024, that foreign services would be provided “through technical tools”, where filtered platforms will be accessible on domestic platforms ‘in accordance with Iranian laws and regulations

While public demonstrations of such tools have yet to be seen, within the disclosed emails from the Working Group for Identifying Examples of Criminal Content overseen by the Prosecutor’s Office, a notable proposal exists. This proposal, known by its trade name as the Next Generation Proxy, was put forth in a confidential letter by ‘Yaftar Research Pioneers in Computing’ on August 12, 2020, to the Prosecutor’s Office. The disclosure of these emails was made by the hacker group “Anonymous” in November 2022.

In this proposed plan, the platform Pinterest, which is an American image-sharing social network, is examined as an example. The introduction of the plan states that this system ‘is capable of replacing one website or web service with another under a different name and address.’

Various sections of the Yaftar Company’s proxy system – Source: Hacked documents from the Prosecutor’s Office.

Such projects have also been implemented in the past. For example, the application “Golden Telegram” (Telegram talai) developed by the company “Rahkar Sarzamin Houshmand”, as an alternative to Telegram, under the supervision of the Ministry of Intelligence in 2018, was removed from Google Play in May 2019 after multiple reports of security breaches and privacy violations were published. 

How does the Yaftar’s Next Generation Proxy system work?

According to the plan, the user first connects to a similar Iranian domain of the original service. For example, instead of connecting to https://www.pinterest.com, they are redirected to https://www.pinterest.ir. The Yaftar’s Next Generation Proxy system replaces the user requests with the original domain, i.e., .com, and sends it to the original domain. It receives the response from https://www.pinterest.com, filters it, and then sends it to the user at https://www.pinterest.ir.

Architecture of the Yaftar Company’s Next Generation Proxy system.

Management Module: Access to User Traffic Statistics 

The interface module receives information about the system and its functions and displays it for human operators. Information such as statistical reports on request rates, the number of packets received and sent, and the volume of data exchanged can be analyzed in this module. Filtering policy rules are also reviewed and applied through this module.

Hardware and Requirements for Project Implementation 

For the implementation of the pilot version of this project, which can serve 100 users, one hundred valid IPs, the required bandwidth, and seven virtual machines have been specified.

About “Yaftar Pajouhan Pishtaz Rayanesh” company 

Yaftar Research Pioneers in Computing (Yaftar Pajouhan Pishtaz Rayanesh), also known simply as Yaftar, was established in 2013 and shortly thereafter, in 2014, it started projects such as monitoring “indecency and unveiledness (lack of hijab)” on the internet and has become one of the contractors for internet filtering in Iran. In the hacked documents from the Prosecutor’s Office, there is a directive dated November 3, 2022, issued by the Working Group for Identifying Examples of Criminal Content, or the Filtering Committee, emphasizing the use of filtering contractor companies (Yaftar Research Pioneers in Computing and Dowran Data Processing) for blocking VPNs.

A Plan for the Islamic Republic, Contrary to the Laws of the Islamic Republic 

In Yaftar’s proposal, the proxy system accesses user information without their consent or knowledge, and the system intermediary is also facilitated to store, process, and use this information. Meanwhile, unauthorized eavesdropping on people’s communications content and storing it without the permission and knowledge of the users is considered a crime according to Articles 730 and 740 of the Islamic Penal Code (Alternate link).

According to the principles of protecting personal data, any access, use, collection, storage, and processing of users’ personal data must occur with their knowledge and permission

The executive directive for improving the protection of users’ privacy, which was approved (alternate Link) in December 2023 by the Supreme Council of Cyberspace ,also states that domestic online platforms and service providers must collect user information with their consent. Any new use of data that has been previously collected also requires renewed permission from the user. 

Based on what is evident in this proposal, the Yaftar filtering system even contradicts the laws of the Islamic Republic itself.

author avatar
Louis Shakibi
Text Size
100%