Network data from the NetBlocks internet observatory have identified a series of network outages in Iran from just after 8:00 p.m. local time (3:30 p.m. UTC) Wednesday 8 July 2020. The incident was ongoing as of 01:00 a.m. causing connectivity and platform reachability failures which some users experienced as port blocking or filtering.
Analysis of network data reveals how a series of unlikely events on Wednesday led to filternet-like internet outages that users could circumvent with a VPN 🔍
— NetBlocks (@netblocks) July 8, 2020
What caused Iran’s internet outage?
NetBlocks reported a preliminary diagnosis of international origin after identifying that concurrent disruptions had impacted other countries in the region.
Is there any reason to believe those ports were targeted specifically as opposed to a more general outage?
Here's Asiacell in Iraq experiencing a connectivity dip at the same time, for example.
Port blocking, DNS poisoning or DPI in Iran wouldn't cause international outages. pic.twitter.com/323H8Ppjvz
— NetBlocks (@netblocks) July 8, 2020
Shortly before widespread complaints started to emerge from Iran, investigations show that Armenian internet providers including Ucom suffered major outages attributed to power fluctuations, also impacting ATMs and other critical systems across Armenia. These failures continued through the evening into the night.
— Ruben Muradyan (@RubenMuradyan) July 8, 2020
Sadjad Bonabi from Iran’s Telecommunication Infrastructure Company (TIC) issued a statement claiming that Iran’s outages were due to technical difficulties from exchange points in the North.
These claims were disputed by users given the censorship-like characteristics exhibited by impacted networks. TIC operates Iran’s international gateways, IP capacity and connectivity services.
NetBlocks data corroborate the explanation supplied by TIC, indicating that there has been no intentional internet blackout but rather that the power-cut and outage in Armenia resulted in a knock-on loss of international connectivity in Iran.
Iranian operators depend on peering and transit arrangements with neighbors for international routing. In 2016, leaders from Iran and Armenia explored options to establish an Armenia-Iran free trade zone, a task that was subsequently delegated to the private sector. On 27 February 2019, Ucom co-founder Alexander Yesayan and CEO of Iranian Telecommunication Company Majid Sadri announced a partnership to share internet infrastructure between the two countries to create a transit route to Europe that bypasses Turkey and Azerbaijan.
Confirmed: Several networks in #Iran are experiencing partial outages from ~8:10 p.m. local time; real-time network data show impact to fixed-line and cellular internet services with indications of international incident origin 📉 pic.twitter.com/KVpvJlfE9u
— NetBlocks (@netblocks) July 8, 2020
Nevertheless, Iran’s centralization of internet gateways and resolvers is understood to have contributed to the severity of the disruption in this case, highlighting potential problems associated with filtering mechanisms beyond their immediate impact to freedom of expression.
How did VPN services remain effective?
VPN services are typically used to circumvent platform filters imposed by authorities in Iran. However, in this case a technical failure in neighboring Armenia had a knock-on impact on Iranian internet that indirectly caused disruptions with a similar effect to filtering.
Wednesday’s reported failures and network timings indicate that the outages impacted gateway networks that serve parts of Iran’s state filter or “filternet” causing DNS queries to fail as well as resulting in moderate impact to overall connectivity levels and manifesting in latency spikes on several ISPs for over five hours.
Hence, many users were able to regain connectivity via VPN tools during the outage. Despite recent restrictions, several of these services remain operational in Iran and have practical day-to-day uses beyond circumvention and online privacy.
Issue: Disruption in Public DNS over country(IR) (#22382)
There are some issues in Public DNS due to disruption allover country(Iran).https://t.co/7kvjj0VBNX
— Arvancloud Support (@ArvanSupport) July 8, 2020
Background: Outages and shutdowns
Iran has faced a series of network disruptions through recent months, with some attributed to external factors, and others to state information controls, or internet shutdowns, used to control public protests. NetBlocks investigations have helped identify the root causes of these network outages.
National connectivity remains at just 22% but real-time network data show coverage has increased 📈#Internet4Iran
— NetBlocks (@netblocks) November 23, 2019
On 8 February 2020 internet access was cut in Iran as a response to a cyber-attack after authorities activated the “Digital Fortress” isolation mechanism.
Confirmed: Internet partially shut down #Iran from 11:45 a.m. local time (08:15 UTC); real-time network data show national connectivity fall to 75% after authorities reportedly activated "Digital Fortress" isolation mechanism; incident ongoing 📉
— NetBlocks (@netblocks) February 8, 2020
On 19 December 2019, Iran was one of several countries to be affected by an international network failure that also caused widespread disruption to Google services and sparked concerns about intentional blocking. VPN services were effective in working around technical issues in this case.
In November, Iran deliberately shut down internet access amid widespread public protests. While the shutdown started as a total outage, users gradually regained access as connectivity was selectively brought back.
NetBlocks recommends against the use of network disruptions to limit the rights to free expression and free assembly.
NetBlocks diffscans, which map the IP address space of a country in real time, show internet connectivity levels and corresponding outages. Purposeful internet outages may have a distinct network pattern used by NetBlocks to determine and attribute the root cause of an outage, a process known as attribution which follows detection and classification stages.
A summary of data visualizations used in this report:
- Network Connectivity (National): Internet providers and networks serving the affected region are visualized in a stacked time-series histogram to identify the start and end times of an internet shutdown event. Scales on the y-axis are adjusted to match localized maxima while minima indicate periods when networks became unreachable. The x-axis represents Universal Coordinated time (GMT+0).
- Standard: Connectivity levels on the y-axis correspond directly to the observed number of reachable connections, as with National Connectivity charts.
NetBlocks is an internet monitor working at the intersection of digital rights, cyber-security and internet governance. Independent and non-partisan, NetBlocks strives to deliver a fair and inclusive digital future for all.
[ press | contact ] Graphics and visualizations are provided for fair use in unaltered form reflecting the meaning and intent in which they were published, with clear credit and source attribution to NetBlocks. Intellectual property rights are protected including but not limited to key findings, facts and figures, trademarks, copyrights, and original reporting, are held by NetBlocks. Citation and source attribution are required at the point of use.