May 26, 2017

24 hours later: What we know about the blocking of Mada Masr’s website

Mirrored from www.madamasr.com now blocked in Egypt:
 
 
Access to Mada Masr’s website via most of Egypt’s internet service providers (ISPs) has been blocked since Wednesday evening.

The country’s official state news agency, MENA, quoted a high-level security source on Wednesday night as saying that access to 21 websites, which had disseminated “content that supports terrorism and extremism and deliberately spreads lies,” had been blocked in Egypt in accord with “relevant legal proceedings.”

Mada Masr has not been officially informed that any party has taken official or legal measures against it.

Several other websites have also been blocked, including two Egyptian publications: Masr al-Arabiya and the website of the print weekly Al-Mesryoon. The list also includes some Qatari or Qatar-funded news outlets that support or are managed by the Muslim Brotherhood, principal among them Al Jazeera and Huffington Post Arabic, in addition to the official website for Palestinian political movement Hamas.

The statement from the high-level security source was circulated to newspapers and wire services from the office of the presidency, Mada Masr has learned. Speaking on the condition of anonymity, Interior Ministry officials have told reporters that they had nothing to do with drafting or executing the decision to block the websites.

The move to block access to a range of websites affiliated with Qatar and the Muslim Brotherhood in Egypt happened in conjunction with Saudi Arabia and the United Arab Emirate’s decision to block many of the same sites. Egyptian authorities added Mada Masr to its list, however.

Mada Masr’s website is still accessible in Saudi Arabia and the UAE.

In response to Mada Masr’s inquiry into the restriction of access to its website, Supreme Media Regulatory Council Secretary General Ahmed Selim said that the council, formed in April, has yet to take over control of digital media outlets. He directed inquiries to the Communication and Information Technology Ministry.

Mada Masr attempted to contact National Telecom Regulatory Authority head and Communication and Information Technology Minister Yasser al-Qady. His secretary acknowledged receipt of the questions and said a further response would be pending. As of publication, Mada has yet to receive a reply.

Mada also contacted newly elected Journalists Syndicate head Abdel Mohsen Salama, who said he was monitoring the situation closely but was not aware that access to Egyptian websites had been blocked. He asked Mada to draft a memo detailing the circumstances of the incident, which he would then submit to the Supreme Media Regulatory Council.

Faced with an absence of information from official sources, Mada Masr turned to technical experts, who diagnosed an RST injection attack as the reason for the inability to access the website.

What is a RST injection attack?

The internet is a network made up of computers and the electronic messages and packets of IP (internet protocol) data that pass between them. The transmission of the information that constitutes this system is formalized in various systems called “protocols.”

IP is the most basic protocol used on the internet, and it is usually coupled with TCP (transmission control protocol), which is used for web browsing and email. Data on computers is broken down into a series of ones and zeros. Each zero or one represents the smallest data unit in the language of computer communication. Data packets sent via TCP contain a block of information called a TCP header, which includes details concerning the sending and receiving parties in the exchange. In normal communications, the TCP header’s bit is set to zero and has no effect on communication. If the value is changed to one, the computers party to the exchange are notified that they should stop using the TCP connection and should no longer send any more packets using the connection’s identifying numbers.

A third party can monitor TCP packets being sent from various points of a connection and then interject a forged packet containing a TCP reset command that will change the bit of the header from zero to one. The connection is interrupted with each attempt to complete the communication.
One of the most famous examples of a RST injection attack involves the firewall that China uses to censor and suspend access to a number of websites.

This is the type of interruption which has blocked access to Mada Masr’s website in Egypt.

Continuing attempts to control the internet

Attempts to open the sites that have been blocked in Egypt have yielded a range of behaviors across ISPs. For example, most sites can be accessed via Noor ADSL.

Mada Masr has received various reports from users, pointing to the fact that the block is not uniformly in force, varying across the same ISPs at different geographical locations and times. This suggests that the RST attack has been decentralized and enforced by individual ISPs.

The recent interference intersects with the government’s decision to block The New Arab website last year. An October 2016 report on anomalies in Egypt’s online ecology conducted by the Open Observatory of Network Interference (OONI) — an international network operating under the Tor Project that monitors internet censorship, traffic manipulation and signs of surveillance — found that the injected RST packet observed to obstruct user-server communication with The New Arab website had the same “static IP identification (IP ID) value of 0x3412 as the injected RST packets” used in an attempt to interfere with Tor in Egypt. This similarity is significant, as The New Arab, which is Qatari funded and sympathetic to the Muslim Brotherhood, is known to be blocked by the Egyptian government, suggesting that a state agency using the same server location conducted the RST injection attacks on Tor.

The same technique was used in December to disrupt Signal, the messaging and voice calling application supported by Open Whisper Systems’ encryption protocol.

Much of this evidence suggests an image of the Egyptian government as directly involved in a practice of mass surveillance, as documented in a January report published by Mada Masr.
These events are part of a wider history of the state’s attempt to control the internet, a principal concern since the January 2011 revolution and one that has risen to the surface in numerous arrests made recently in connection with the administration of Facebook pages. The government is also currently preparing legislation to combat cybercrime.

In a joint policy report published in June 2016 under the title “Anti-Technology,” the Egyptian Initiative for Personal Rights (EIPR), Support for Information Technology Center, and the Association for Freedom of Thought and Expression (AFTE) wrote that the law “violates the principle of equality before the law and contains penalties regarding the use of information technology.”

In April 2016, sources with direct knowledge of discussions between Facebook and the Egyptian government told Reuters that Egypt had blocked Facebook’s Free Basics internet service at the end of 2015 after the US company refused to give the state the ability to monitor users.

A month earlier, in March, Google published a statement asserting that it had became “aware of unauthorized digital certificates for several Google domains” issued by an intermediate certificate authority held by Egyptian company MCS Holdings, which had been contracted by the China Internet Network Information Center (CNNIC) to issue certificates for domains they had registered.

“Rather than keep the private key in a suitable HSM, MCS installed it in a man-in-the-middle proxy,” the Google statement read. “These devices intercept secure connections by masquerading as the intended destination and are sometimes used by companies to intercept their employees’ secure traffic for monitoring or legal reasons.”

In a previous report, Mada Masr highlighted leaked documents that emerged after Cairo’s State Security headquarters was stormed by protesters in March 2011, which showed that MCS had been corresponding with Egypt’s State Security Investigation Service (SSIS) to obtain the FinFisher system, surveillance software offered by the British-German company Gamma International.

The move to block and shut down websites is a new step from these recent forms of interference. The government is turning from mass surveillance, to directly intervening to block access to the websites of Egyptian companies operating in Egypt, including Mada Masr and Masr al-Arabiya.

The legality of blocking access to websites

Access to websites in Egypt can be legally curtailed in two ways, says Amr Gharbeia, a technology and human rights researcher at the EIPR. The first is tied to the issuance of an order either by a prosecutor or investigating judge, or, during a state of emergency, when the president can move to block access in his capacity as military governor. President Abdel Fattah al-Sisi declared a three-month state of emergency on April 9.

The second mechanism concerns the anti-terrorism law, Article 29 of which stipulates a five-year prison term for anyone who “establishes a telecommunications or internet site to promote ideas or beliefs that encourage committing terrorist acts or to broadcast [information] to mislead security agencies or influence the course of justice with regard to a crime of terrorism.”

“If there is a website being investigated for one of the aforementioned crimes, Article 49 of the anti-terrorism law allows the public prosecutor or investigating judge to suspect or block the entire website or the content relevant to Article 29,” says Hassan al-Azhary, a lawyer with AFTE. Azhary says it is likely that the decision to block access to Mada Masr’s website comes in accord with an order emanating from Egypt’s judiciary.

Gharbeia points out that there may be a third option in play, which he says is more dangerous, namely that the government asked ISPs to block the websites in question, and that they complied in a manner outside of legal bounds.

If that is the case, there are two violations, according Gharbeia: one against freedom of expression and one against the sovereignty of law.

How to work around the block

The Electronic Federation Foundation has published is a simple guide detailing how to regain access to blocked websites and circumvent censorship.