andr s e azp rua imv2020 internet censorship dns
play

Andrs E. Azprua #imv2020 Internet Censorship, DNS poisoning and - PowerPoint PPT Presentation

Oct 28, 2023 •271 likes •833 views

Andrs E. Azprua #imv2020 Internet Censorship, DNS poisoning and Phishing in Venezuela Measuring from censorship to state-sponsored attacks Andrs E. Azprua #imv2020 @VEsinFiltro VEsinFiltro.com VENEZUELAN CONTEXT Critical failure

  1. Andrés E. Azpúrua #imv2020

  2. Internet Censorship, DNS poisoning and Phishing in Venezuela Measuring from censorship to state-sponsored attacks Andrés E. Azpúrua #imv2020

  3. @VEsinFiltro VEsinFiltro.com

  4. VENEZUELAN CONTEXT

  5. Critical failure of public services https://rpp.pe/ mundo/actualidad/venezuela-venezolanos-recogen-agua-del-contaminado-rio-guaire-debido-a-la-escasez-por-apagon-caracas- noticia-1185399

  6. The state of the internet in Venezuela Average download speeds: • 2.8 Mbps – SpeedTest State ISP dominant share of • residential internet access 1.5 Mbps – M_Lab Decreasing residential ~46% have residential • • internet access (OVSP) internet penetration Three mobile operators Fragile infrastructure and • • frequent blackouts

  7. Persecution of online speech

  8. INTERNET CENSORSHIP

  9. Clari fi cations Case One or more related sites or service being blocked for a speci fi c reason Event Continuous block of a target by an ISP

  10. Inde fi nite Blocks Long lasting, some 6+ years Telecom regulator orders On all/most mayor ISPs Big and small sites No clear end

  11. Tactical Inde fi nite Blocks Blocks Long lasting, some 6+ years As short as possible Telecom regulator orders Just in time to silence an event On all/most mayor ISPs Tries to balance the political cost Big and small sites of blocking high-tra ffi c sites and services No clear end Seen only at state ISP CANTV,

  12. How we measure A mixture of: • O ff the shell probes with custom settings • OONI (legacy CLI) • Custom scripts • OONI-run links with custom links • Occasionally RIPE ATLAS

  13. run.ooni.io links Fundamental to quickly get • multiple measurements fast Critical for unexpected incidents • Key to bridge any gaps • Faster turnaround of • measurements

  14. Measuring probes Guaranteed more data points of whole list • Increased test frequency based on URL importance • Alternative tests: • High intensity dns, tcp, fi ltering by http host and SNI • Block rate when needed • Currently migrating versions, to be released •

  15. ATLAS probes Alternative way to get di ff erent • kinds of measurements Record changes •

  16. 1.2.3.4 1.1.1.10 ¿ dominio.com ? dominio.com dominio.com: 1.2.3.4 Servidor DNS ISP

  17. DNS Blocks 1.2.3.4 1.1.1.10 ¿ dominio.com ? dominio.com dominio.com: … Servidor DNS ISP

  18. DNS Blocks On all mainstream ISPs CANTV, supercable, Domain Typical awnser Inter Digitel, Movistar no answer 104.28.8.75, (server 127.0.0.1 ntn24.com 104.28.9.75 failure)

  19. TCP blocks 1.2.3.4 Hello 1.1.1.10 1.1.1.10 dominio.com Address 1.1.1.10

  20. TCP blocks Was largely deprecated until • 2019 Mostly used to block Youtube • Evidence of miscon fi guration •

  21. HTTP blocks 1.2.3.4 Hello 1.1.1.10 : 1.1.1.10 I want dominio.com dominio.com Asking for domonio.com

  22. HTTP blocks (http host and SNI fi ltering) Higher value sites with inde fi nite • blocks Social media and streaming • platforms except YouTube most of the time Mostly used by CANTV •

  23. Evolution 2013 - 2018 Censorship moving depending on the priorities of the moment Focused on sites publishing black market exchange rates And News media around speci fi c events, specially protests Few large scale network shudowns

  24. Evolution 2018 Start of DPI blocking Mayor mainstream news targeted Block of Tor

  25. Evolution 2018 2019 Start of signi fi cant Dramatic increase of censorship to DPI blocking news Mayor mainstream Widespread use of SNI-Filtering news targeted Mayor internet platforms blocked Block of Tor Start of Tactical blocks

  26. Evolution 2018 2019 2020 Blocking of opposition Dramatic increase of Start of signi fi cant COVID-19 initiatives censorship to news DPI blocking Seemingly degraded DPI Widespread use of SNI-Filtering Mayor mainstream blocking capacity news targeted Mayor internet platforms Continuation of Tactical blocked Block of Tor blocks of mayor social media Start of Tactical blocks New blocks to news media

  27. Censorship of news media 12 news media sites just in the fi rst 3 • months of 2019 Over 25 news media sites blocked • International during 2019 36% National 64% 4 News sites newly blocked in 2020 • Severely limits access to • information

  28. Tactical blocks in 2019 Al least 64 Tactical blocks events • facebook 31 for YouTube 9% • instagram 13% Some times more than one in a • youtube 48% day twitter 13% AVG: 3h 08 min • periscope 17% MIN: 20min MAX: 24h

  29. ¿Damaged capacity? On 2020-04-06 a fi re disrupted a CANTV facility in Caracas • Multiple blocked sites became unblocked • Later Tactical blocks used DNS https://www.elnacional.com/venezuela/bomberos-controlaron-incendio-en-la-sede-de-cantv-del-municipio-chacao/

  30. Covid-19 blocks Dominio CANTV Movistar Digitel Supercable Inter Site Coronavirus Venezuela coronavirusvenezuela.info ACCESIBLE BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS ACCESIBLE Heroes de la Salud apoyosaludve.com BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS Heroes de la Salud heroesdesaludve.org * BLOQUEO DNS * BLOQUEO DNS * BLOQUEO DNS * BLOQUEO DNS BLOQUEO DNS Heroes de la Salud heroesdesaludve.info * BLOQUEO DNS * BLOQUEO DNS * BLOQUEO DNS * BLOQUEO DNS BLOQUEO DNS Heroes de la Salud porlasaludve.com BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS Heroes de la Salud saludvzla.com * BLOQUEO DNS * BLOQUEO DNS * BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS Heroes de la Salud apoyoheroesaludve.com BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS Teleconsulta COVID-19 teleconsulta.presidenciave.org ACCESIBLE BLOQUEO DNS BLOQUEO DNS ACCESIBLE ACCESIBLE Teleconsulta COVID-19 medicos.presidenciave.or ACCESIBLE BLOQUEO DNS ACCESIBLE ACCESIBLE ACCESIBLE Presidencia VE (J. Guaidó) presidenciave.com BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS ACCESIBLE Presidencia VE (J. Guaidó) presidenciave.org ACCESIBLE BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS Presidencia VE (J. Guaidó) pvenezuela.com BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS Presidencia VE (J. Guaidó) vepresidencia.com BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS Not current snapshot

  31. DNS MANIPULATION AND STATE-SPONSORED PHISHING

  32. Case: Voluntarios x Venezuela.com

  34. Vectors Malicious links to • voluntariovenezuela.com Visits to • voluntariosxvenezuela.com With poisoned / manipulated DNS responses

  35. First iteration Original: voluntarios x venezuela .com AWS Dominio en PublicDomainRegistry Malicioso: voluntariovenezuela .com 159.65.65.194 Digital Ocean Dominio registrado en GoDaddy

  36. Malicious links Twitter: Links to fake domain • being shared since 2019-02-11 Fake twitter accounts Twitter : • @voluntariosvene, vs @voluntariosxve Other channels •

  37. Malicious links Twitter: Promoción de links al • dominio falso desde la tarde del 11 de febrero Gente compartiendo el link falso • por distintos medios. Advertencias del navegador • reenforzaron el uso de links maliciosos

  38. DNS manipulation 1.2.3.4 1.1.1.10 ¿ dominio.com ? dominio.com dominio.com: 1.2.3.4 Middleboxes Servidor DNS

  39. DNS manipulation 1.1.1.10 1.2.3.4 Hello domino.com dominio.com dominio.com: 1.2.3.4 ISP Middleboxes Servidor DNS

  40. DNS manipulation 1.1.1.10 1.2.3.4 ¿ dominio.com ? dominio.com Middleboxes 8.8.8.8 Google’s Public DNS Servidor DNS

  41. DNS manipulation 1.1.1.10 1.2.3.4 ¿ dominio.com ? dominio.com dominio.com: 1.2.3.4 Middleboxes 8.8.8.8 Google’s Public DNS Servidor DNS

  42. DNS manipulation 1.1.1.10 1.2.3.4 ¿ dominio.com ? dominio.com dominio.com: dominio.com: 1.2.3.4 1.1.1.10 Middleboxes 8.8.8.8 Google’s Public DNS Servidor DNS

  43. DNS manipulation 1.1.1.10 1.2.3.4 ¿ dominio.com ? dominio.com dominio.com: dominio.com: 1.1.1.10 1.2.3.4 Middleboxes 8.8.8.8 Google’s Public DNS Servidor DNS

  44. DNS manipulation 1.1.1.10 1.2.3.4 Hello domino.com dominio.com dominio.com: 1.2.3.4 Middleboxes 8.8.8.8 Google’s Public DNS Servidor DNS

  45. Fuel for fake news

  46. Personal information published

  47. Exposure for 5 thousand victims

  48. More domains • m.facebook.co.ve • outlook.live.web.ve • www.facebook.co.ve • live.web.ve • static.facebook.co.ve • www.live.web.ve • facebook.co.ve • login.live.web.ve • ssl.gmail.web.ve • twitter.info.ve • gmail.web.ve • mobile.twitter.info.ve • www.gmail.web.ve • api.twitter.info.ve • accounts.gmail.web.ve • abs.twitter.info.ve • linkedin.co.ve • www.voluntariovenezuela.com • www.linkedin.co.ve • voluntariovenezuela.com • account.live.web.ve

  49. Example: accounts.gmail.com source: checkphish.ai

  50. Inconsistent DNS responses documented OONI mobile app • run.ooni.io Package capture of manual • experiments

  51. Case: Héroes de la salud

  52. Case: Héroes de la salud

  53. Selectively (not) blocking 2020-04-30

  54. Similar M.O.

Recommend

Censored Planet Observatory Measuring Internet censorship globally, continuously, and remotely

Censored Planet Observatory Measuring Internet censorship globally, continuously, and remotely

Censored Planet Observatory Measuring Internet censorship globally, continuously, and remotely Internet Measurement Village 2020 Ram Sundara Raman June 26, 2020 Measuring Censorship is a Complex Problem! Internet censorship practices are

644 views • 52 slides
Your State is Not Mine: A Closer Look at Evading Stateful Internet Censorship Zhongjie Wang , Yue

Your State is Not Mine: A Closer Look at Evading Stateful Internet Censorship Zhongjie Wang , Yue

Your State is Not Mine: A Closer Look at Evading Stateful Internet Censorship Zhongjie Wang , Yue Cao, Zhiyun Qian, Chengyu Song, Srikanth V Krishnamurthy University of California, Riverside 1 Internet Censorship Key technology: Deep Packet

528 views • 33 slides
Measuring Internet Censorship Maria Xynou, 10th June 2020 Internet Measurement Village 2020

Measuring Internet Censorship Maria Xynou, 10th June 2020 Internet Measurement Village 2020

Measuring Internet Censorship Maria Xynou, 10th June 2020 Internet Measurement Village 2020 Its harder to notice the blocking of less popular sites & services Internet censorship often differs from network to network within a

602 views • 34 slides
Security and Internet Security Censorship Hacker Viruses Computer Literacy 1 Lecture

Security and Internet Security Censorship Hacker Viruses Computer Literacy 1 Lecture

Topics Security and Internet Security Censorship Hacker Viruses Computer Literacy 1 Lecture 24 Phishing 13/11/2008 Firewall Censorship of the Internet 2 Examples Hacking or Cracking Virus Cracking = Subverting

462 views • 6 slides
Internet censorship is everywhere Source:

Internet censorship is everywhere Source:

Internet censorship is everywhere Source: https://freedomhouse.org/report/freedom-net/freedom-net-2016 Commonly censored content Unapproved news (Fake News!!111) Wikipedia (usually partially) Facebook Google (all services), YouTube

539 views • 37 slides
Pushback vs Censorship Fighting Internet Shutdowns in Africa BEFORE WE DIVE INTO THE SUBJECT,

Pushback vs Censorship Fighting Internet Shutdowns in Africa BEFORE WE DIVE INTO THE SUBJECT,

JULIE OWONO - JUNE 25, 2020 Pushback vs Censorship Fighting Internet Shutdowns in Africa BEFORE WE DIVE INTO THE SUBJECT, What is Internet Sans Frontires ? Its a French non-pro f it organization, and a network of local organizations in

125 views • 8 slides
Censored Planet: Measuring Internet Censorship Globally and Continuously Roya Ensafi AIMS 2018

Censored Planet: Measuring Internet Censorship Globally and Continuously Roya Ensafi AIMS 2018

Censored Planet: Measuring Internet Censorship Globally and Continuously Roya Ensafi AIMS 2018 1 Measuring Internet Censorship Globally PROBLEM: - How can we detect whether pairs of hosts around the world can talk to each other? user ?

780 views • 49 slides
The Collateral Damage of Internet Censorship by DNS Injection Anonymous

The Collateral Damage of Internet Censorship by DNS Injection Anonymous

The Collateral Damage of Internet Censorship by DNS Injection Anonymous <zion.vlab@gmail.com> presented by Philip Levis 1 Basic Summary Great Firewall of China injects DNS responses to restrict access to domain names This

574 views • 43 slides
Incentivizing Censorship Measurements via Circumvention Ihsan Ayyub Qazi Aqib Nisar* Zartash A.

Incentivizing Censorship Measurements via Circumvention Ihsan Ayyub Qazi Aqib Nisar* Zartash A.

Incentivizing Censorship Measurements via Circumvention Ihsan Ayyub Qazi Aqib Nisar* Zartash A. Uzmi Aqsa Kashaf** * Now at USC ** Now at CMU Internet censorship is pervasive! - Over 70 countries restrict Internet access Often due to

745 views • 39 slides
Chipping Away at Censorship with User-Generated Content Sam Burnett, Nick Feamster and Santosh

Chipping Away at Censorship with User-Generated Content Sam Burnett, Nick Feamster and Santosh

Chipping Away at Censorship with User-Generated Content Sam Burnett, Nick Feamster and Santosh Vempala Internet Censorship is a Problem 12 censors 11 monitors More on the way Some censors have fastest growth in Internet usage

626 views • 43 slides
How we tried to establish a nationwide internet censorship measurement system in Ukraine

How we tried to establish a nationwide internet censorship measurement system in Ukraine

How we tried to establish a nationwide internet censorship measurement system in Ukraine Methodology Measurements are conducted by monitors using their personal mobile devices (except for Donbas and Crimea) on public WiFi access points

280 views • 12 slides
Uncovering Internet Censorship International Journalism Festival, 6 th April 2017 Arturo Filast

Uncovering Internet Censorship International Journalism Festival, 6 th April 2017 Arturo Filast

Uncovering Internet Censorship International Journalism Festival, 6 th April 2017 Arturo Filast & Maria Xynou Free software project (under the Tor Project) aimed at empowering decentralized efforts in increasing transparency of Internet

452 views • 32 slides
Your state is not mine: a closer look at evading stateful internet censorship Zhongjie Wang, Yue

Your state is not mine: a closer look at evading stateful internet censorship Zhongjie Wang, Yue

Your state is not mine: a closer look at evading stateful internet censorship Zhongjie Wang, Yue Cao, Zhiyun Qian, Chengyu Song, Srikanth V Krishnamurthy University of California, Riverside Background The Great Fire Wall (GFW) A

322 views • 28 slides
Fighting Censorship with TunnelBear Internet Measurement Village - July 2, 2020 Mission driven

Fighting Censorship with TunnelBear Internet Measurement Village - July 2, 2020 Mission driven

Fighting Censorship with TunnelBear Internet Measurement Village - July 2, 2020 Mission driven development We think the Internet is a much better place when everyone can browse privately, and browse the same Internet as everyone else.

234 views • 19 slides
Measuring and Circumventing Internet Censorship and Control Nick Feamster Georgia Tech

Measuring and Circumventing Internet Censorship and Control Nick Feamster Georgia Tech

Measuring and Circumventing Internet Censorship and Control Nick Feamster Georgia Tech http://www.cc.gatech.edu/~feamster/ Joint work with Sam Burnett, Santosh Vempala, Sathya Gunasekaran, Crisitan Lumezanu, Hans Klein, Wenke Lee, Phillipa

570 views • 38 slides
Censorship-Resistant Architectures Henry Tan Micah Sherr Georgetown University Georgetown

Censorship-Resistant Architectures Henry Tan Micah Sherr Georgetown University Georgetown

Censorship-Resistant Architectures Henry Tan Micah Sherr Georgetown University Georgetown University Censorship-Resistant Architectures 1 The Censorship Problem Internet censorship is a problem in certain areas of the world. In some cases,

260 views • 15 slides
Internet censorship in the Catalan referendum O v e r v i e w o f h o w t h e s t

Internet censorship in the Catalan referendum O v e r v i e w o f h o w t h e s t

Internet censorship in the Catalan referendum O v e r v i e w o f h o w t h e s t a t e c e n s o r e d a n d h o w i t g o t c i r c u m v e n t e d Disclaimer I m n o t a s e c

671 views • 56 slides
Regulation of Online Media: A Comparison Assumptions about censorship? What is censorship?

Regulation of Online Media: A Comparison Assumptions about censorship? What is censorship?

Regulation of Online Media: A Comparison Assumptions about censorship? What is censorship? History of Censorship Arguments for censorship Arguments against censorship What do we mean by media? AUSTRALIA Statutory Regulation Recent

566 views • 37 slides
TEST LISTS FOR MEASURING INTERNET CENSORSHIP APPLICABILITY, PROBLEMS & SOLUTIONS IMPROVING

TEST LISTS FOR MEASURING INTERNET CENSORSHIP APPLICABILITY, PROBLEMS & SOLUTIONS IMPROVING

TEST LISTS FOR MEASURING INTERNET CENSORSHIP APPLICABILITY, PROBLEMS & SOLUTIONS IMPROVING LISTS OF CENSORED ONLINE CONTENT Update test lists for 48 states in Latin America, Africa, MENA, Asia and CIS Develop methodology

444 views • 31 slides
Analysis of Country-wide Internet Outages Caused by Censorship Alberto Dainotti - alberto@unina.it

Analysis of Country-wide Internet Outages Caused by Censorship Alberto Dainotti - alberto@unina.it

CAIDA Workshop on BGP and Traceroute data August 22nd, 2011- San Diego (CA), USA Analysis of Country-wide Internet Outages Caused by Censorship Alberto Dainotti - alberto@unina.it University of Napoli Federico II These slides are based on

339 views • 18 slides
Censorship and Self-Censorship in Research on the Iraq War By Michael Spagat Department of

Censorship and Self-Censorship in Research on the Iraq War By Michael Spagat Department of

Censorship and Self-Censorship in Research on the Iraq War By Michael Spagat Department of Economics Royal Holloway, University of London Presentation given at the International Studies Association 57 th annual convention, Atlanta, GA, March

504 views • 24 slides
Freedom of Expression, Censorship, & The Internet Andrew Lewman andrew@torproject.org April

Freedom of Expression, Censorship, & The Internet Andrew Lewman andrew@torproject.org April

Freedom of Expression, Censorship, & The Internet Andrew Lewman andrew@torproject.org April 7, 2010 Universal Declaration of Human Rights Article 19 Everyone has the right to freedom of opinion and expression; this right includes freedom

745 views • 56 slides
Circumventing Internet censorship with Tor Philipp Winter The Tor Project What Tor Browser does

Circumventing Internet censorship with Tor Philipp Winter The Tor Project What Tor Browser does

Circumventing Internet censorship with Tor Philipp Winter The Tor Project What Tor Browser does Standard Tor is easy to block GetTor helps you get Tor Browser GetTor helps you get Tor Browser Tor Browser ships with default

567 views • 24 slides
CENSORSHIP RESISTANCE CMSC 414 APR 17 2018 CENSORSHIP COMES IN MANY FORMS DROPPING PACKETS

CENSORSHIP RESISTANCE CMSC 414 APR 17 2018 CENSORSHIP COMES IN MANY FORMS DROPPING PACKETS

CENSORSHIP RESISTANCE CMSC 414 APR 17 2018 CENSORSHIP COMES IN MANY FORMS DROPPING PACKETS Network operators : Block traffic in their own networks/countries Off-path attackers : Inject TCP RST packets (next week) Routing-capable adversaries

517 views • 23 slides

More recommend