Register for an account

X

Enter your name and email address below.

Your email address is used to log in and will not be shared or sold. Read our privacy policy.

X

Website access code

Enter your access code into the form field below.

If you are a Zinio, Nook, Kindle, Apple, or Google Play subscriber, you can enter your website access code to gain subscriber access. Your website access code is located in the upper right corner of the Table of Contents page of your digital edition.

Technology

Software Meant to Protect Iranian Dissidents May Be Fatally Flawed

80beatsBy Andrew MosemanSeptember 15, 2010 9:36 PM
computer-security.jpg

Newsletter

Sign up for our email newsletter for the latest science news

The software tool called Haystack was supposed to protect dissidents in Iran who wanted to use the Internet free of the government's censorship. If third-party software testers are correct, though, flaws in the system meant to help those dissidents could have led authorities right to them. The Censorship Research Center, the San Francisco-based organization that created Haystack, has now pulled it back and asked users to destroy the existing copies.

"We have halted ongoing testing of Haystack in Iran pending a security review," HaystackNetwork.com said in a brief statement. "If you have a copy of the test program, please refrain from using it." [AFP]

Jacob Appelbaum, a security expert who volunteers with WikiLeaks

, sounded the alarm.

Appelbaum says that after hearing a description of how the tool functioned, he worried that it might not have been built correctly. But he became truly concerned once he tested it himself. Appelbaum and his colleagues broke the tool's privacy protections in less than six hours. Appelbaum says it would be easy for government authorities to do the same. [Technology Review]

Appelbaum went public with his criticisms in case people are still using Haystack, as the tool appears to be available on multiple websites.

Haystack is designed to encrypt a user’s traffic and also obfuscate it by using steganography-like techniques to hide it within innocuous or state-approved traffic, making it harder to filter and block the traffic. [Wired.com]

Appelbaum refused, however, to divulge the details of the problems he found with the software, fearing it would instruct the Iranian government and make it even easier for its officials to crack Haystack. Even with the recall, he says, Iranian activists are still in danger.

“The more I have learned about the system, the worse it has gotten,” Appelbaum said. “Even if they turn Haystack off, if people try to use it, it still presents a risk…. It would be possible for an adversary to specifically pinpoint individual users of Haystack.” [Wired.com]

Austin Heap, one of the two men behind the the Censorship Research Center, says that people knew there were risks when they signed up to use the software tool. The new version, he says, will be mostly open-source before the next release, giving security testers a chance to hunt through it for flaws. However, Heap's partner Daniel Colascione has now resigned

from the organization because of the controversy. Related Content: 80beats: Pakistan Bans Facebook & YouTube in “Draw Mohammad Day” Crackdown

80beats: Iran Blocks Gmail; Will Offer Surveillance-Friendly National Email Instead

80beats: Google to China: No More Internet Censorship, or We Leave

80beats: Report: Chinese Hackers Stole Indian Missile Secrets & the Dalai Lama’s Email

Image: iStockphoto

3 Free Articles Left

Want it all? Get unlimited access when you subscribe.

Subscribe

Already a subscriber? Register or Log In

Want unlimited access?

Subscribe today and save 70%

Subscribe

Already a subscriber? Register or Log In