Digital Resistance

Prologue: The beginning of the story

Image result for тупой осёлWe should never underestimate the stupidity of governmental institutes. The Russian government is not an exemption of this rule. Some time ago they started (and lost) the battle with internet messenger Telegram.
If you don’t know what Telegram is, it is just another messaging system like WhatsApp or WeChat. Just because it has been started after them, it has some improvements (bot API, seamless device switching, etc., etc.)
The Russian government found that some people accused of being involved in the terrorist act in Sankt-Peterburg used Telegram for communication. They asked Telegram Inc, to reveal their data and messages. That’s okay in my opinion, but immediately after this point the story will become dumb and dumber without any bottom, consider it as a warning and be ready.
Telegram owner Durov, an ex-Russian citizen, has his anti-Russian stance as a selling point for his company, so he tries hard to use any opportunity for boasting about the confrontation with the government. So instead of answering “we don’t have this data” which is possible if they use e2e cryptography (e2e=end-to-end mean the encryption done on client side and server never see open messages), he answered in a harsh way like “Never, under no circumstances, I would answer to those morons).
And we got two donkeys who are going to decide who is more stubborn.

Episode 1: Blocking
The Russian government has a department RosKomNadzor which is an abbreviation that means “departments of controlling communications.” They have a lot of errands such approving licenses for providers, controlling radio diapasons, and many others. Among others, they control the list of “banned resources” that usually contain “dark internet” with child porno and others. Created by good motifs hard to deny that it can be used for political censoring.
The essential part to understand the situation is the fact that RKN doesn’t have access to ISP (internet service provider) lines. RKN control that the isp downloads the list and ISP tries to block access to this resources.
But what is “block the resource” speaking technically. It’s not as easy as it seems. Technically any internet resource has DNS (domain name system) name like “fb.com” or “telegram.org”, which is resolved to IP address like (1.2.3.4 or 182.11.1.234) that is addressing a machine on the internet (now and after I simplify the mechanism, but trying to show the gist of the story).
Telegram (and other services) doesn’t use one or two computers for functioning. They use a bunch of them. They rent computers in big clouds like Amazon cloud or Google or Heroku (companies that have a lot of servers in their data centers), The process is dynamical the current amount of servers could be changing every minute. Services can migrate from one cloud to another, and their amount can be different.
RKN made a dumb solution to put all the IP addresses that were used by telegram to their “list-to-ban” and started to send it to ISPs. The process of sending is fully automated and it works without human participation, so it’s fast.
Telegram, as another donkey in this argument, started to change its servers very often. Start to migrate from one computer to another on a minute basis forcing RKN ban more and more, and try to put the situation to the absurd.
At this point, the situation stayed for a while. And list became to contain billions of IP addresses.
IT started to prevent normal functioning of Russian internet, and RKN began to be criticized publicly. Many companies had problems with their sites and services just because they had shared their IP diapasons with Telegram. The situation became worse and worse, and someone decided to “freeze” it. RKN didn’t clear the list, but it stopped to add more IPs.
Both donkeys were waiting.

Episode 2: Hackers
Many IT people were unhappy about the situation. Many of them are against any filtering, some of them suffer from that blocking with their services. At this point, RKN was a goal of many types of attacks. Not only memes (there were TONS of them) but real DDOS assaults to RKN servers.
And then one guy found a funny way to attack them.
There were many orphan domains in their list, that mean domain that is blocked, but wasn’t paid, and belongs to no one just now.

Episode 3: Figuring out the funniest way
A domain is just a name, and it can point to as many IP addresses as its owner wants. So a (few) jokers bought a few domain names from this list and started to point them to random IP addresses, and what RKN did? Yes, it blocked them by putting them into the list. So hackers got a way to ban any IP by RKN hands.
The next two weeks were weeks of practical jokes. Hackers have banned a lot of random sites, Russian railroads, banks, online markets, even RKN’s site itself. At some points it looked like the whole internet is broken, and only one thing continued to work flawless – Telegram.
People started to notice that and began to blame RKN. There were many petitions and sites online with different degrees of humor and anger about the situation. RKN became to be a synonym for dumbest.
But as time went it become to be boring and hackers stop this game.

Episode 4: Secret message

Because of all those events, there were some sites with infographics, like how much IPs are blocked by RKN. And one day people started to notices that the graph is starting to be very strange.
It was an intrigue for many days because it was a slow process of changing data for forming the graph.
But at one day it became clear, it’s a message written in Morse code.
The message itself was “Digital resistance.”

Conclusions
This story almost ended. Because it’s an old story and my article is kind of a retrospective for it we know many then and future facts. Some of them
– Telegram works still
– RKN was (quietly) reorganized to another structure, and its bosses lost their job.
– Hackers have shown how fragile is our current Internet implementation, how easy is abusing it
– A few months later Telegram provided data for the U.S. government during their request about another case. (Which mean that it has data and lied about this)
– It was another proof that you can’t win an argument with government by putting it “ad absurdum.”

4 comments

  1. Very interesting, Ivan!  I'm confused about the Morse code message though.  Are you saying the hackers who began "playing with RKN" were supplying specific numbers of IP addresses to be auto-blocked by RKN each time so that the infographics programs would count the number of blocked IP numbers per hour to produce this message?  If so, their ingenuity is almost unbelievable! (Which is proof to me that Russian hackers really DID tamper with our US elections.)

  2. Yeah, pretty complex but very tailored way to show a message.

    That graph was a big surprise, and I wonder how smart those persons are.

    I attached that infographic and their message as a last photo

  3. Very Interesting, Ivan.

    1. Do every website out there use dynamic IP addresses for their servers? Or just some selective websites?

    2. Do the IP addresses that the hackers decided to buy are static ones? 

    3. How could the hackers managed to deceive the RKN and blocked the bank, govt websites by using their own domain? Could you please explain? 🙂

Leave a Reply