Network data from the NetBlocks internet observatory confirm extensive disruption to telecommunication networks in Iran on the morning of Saturday, 8 February 2020 lasting several hours. Authorities have issued a preliminary statement that the internet shutdown is being implemented to repel a cyber-attack on the country’s infrastructure.
Confirmed: Internet partially shut down #Iran from 11:45 a.m. local time (08:15 UTC); real-time network data show national connectivity fall to 75% after authorities reportedly activated "Digital Fortress" isolation mechanism; incident ongoing ?
? https://t.co/Qb8bxYUT71 pic.twitter.com/bsETg1Sfxb
— NetBlocks (@netblocks) February 8, 2020
Network data show a distinct fall in connectivity with several of Iran’s leading network operators from approximately 11:45 a.m. local time (08:15 UTC) affecting cellular and fixed-line operators. Partial recovery was observed one hour after the initial shutdown but other networks returned some seven hours after the incident onset. National connectivity fell to a low point of 75% of ordinary levels for a period during the morning.
The outage had partial impact and was ongoing with some network operators at the time of initial reporting. ICT ministry officials state that the a Distributed Denial of Service (DDoS) attack attack was repelled by Iran’s Digital Fortress (Persian: Dejfa), and technical data confirm that networks were disabled during the same time window.
Little is known about the mechanism although similar patterns have been observed by NetBlocks during previous reported cyber-attacks.
#CyberAttack at 11:44 local time disrupted internet services in #Iran for an hour. The distributed denial-of-service (#DDoS) attack was repelled by Iran’s Digital Fortress (Dejfa in Persian): ICT ministry official. https://t.co/MCxkpngeC2
— Khosro Kalbasi Isfahani (@KhosroKalbasi) February 8, 2020
Observations are consistent with a targeted disruption and no technical faults are evident at the present time.
Background: Outages and shutdowns
Iran has faced series of network disruptions through recent months, with some attributed to external factors and others to state information controls to control public protests.
On December 19, Iran was one of several countries to be affected by an international network failure that also caused widespread disruption to Google services and sparked concerns about intentional blocking.
Update: Internet connectivity in #Iran restored to normal levels after major disruption. Timings match Google platform outages and partial disconnections in nearby countries (see report) pointing to international issue; incident duration ~2 hours ?
?https://t.co/FpDRXvB26Y pic.twitter.com/h7nHLXa3WI
— NetBlocks (@netblocks) December 19, 2019
In November, Iran deliberately shut down internet access amid widespread public protests.
Update: #Iran remains partially offline after reports of intermittent service followed by a sharp decline in connectivity at 21:15 UTC (12:45 am local time); impact visible at national scale affecting multiple networks; incident ongoing #IranProtests ?
?https://t.co/1Al0DT8an1 pic.twitter.com/dWKDgAco41
— NetBlocks (@netblocks) November 15, 2019
The November disruptions were introduced over a period of 24 hours culminating in a disconnection of all mobile networks followed by a near-total national internet blackout and partial shutdown of telephony services lasting several days.
During that period, access to limited national services became available for some users as part of the country’s national intranet, or National Information Network. Partial connectivity was restored a week after the first outages but mobile networks remained cut for longer and certain regions only regained connectivity weeks later.
Methodology
NetBlocks diffscans, which map the IP address space of a country in real time, show internet connectivity levels and corresponding outages. Purposeful internet outages may have a distinct network pattern used by NetBlocks to determine and attribute the root cause of an outage, a process known as attribution which follows detection and classification stages.
A summary of data visualizations used in this report:
- Network Connectivity (National): Internet providers and networks serving the affected region are visualized in a stacked time-series histogram to identify the start and end times of an internet shutdown event. Scales on the y-axis are adjusted to match localized maxima while minima indicate periods when networks became unreachable. The x-axis represents Universal Coordinated time (GMT+0).
- Standard: Connectivity levels on the y-axis correspond directly to the observed number of reachable connections, as with National Connectivity charts.
NetBlocks is an internet monitor working at the intersection of digital rights, cyber-security and internet governance. Independent and non-partisan, NetBlocks strives to deliver a fair and inclusive digital future for all.
[ press | contact ] Graphics and visualizations are provided for fair use in unaltered form reflecting the meaning and intent in which they were published, with clear credit and source attribution to NetBlocks. Intellectual property rights are protected including but not limited to key findings, facts and figures, trademarks, copyrights, and original reporting, are held by NetBlocks. Citation and source attribution are required at the point of use.