Iranian News Agency Targeted By US Sanction Resorts To Hacking To Get Domain Back
By RFE RL
By Maryam Sinaiee
(RFE/RL) — The .com domain of Iran’s Fars News Agency affiliated with the Revolutionary Guard was blocked due to U.S. Treasury Department sanctions on January 25.
Fars said it had received an email from the server company informing it that the blockage was due to an order by Treasury’s Office of Foreign Assets Control (OFAC).
However, an official of a company owned by Iran’s Ministry of Telecommunications admitted Saturday that the company has restored the .com domain of Fars News Agency by resorting to DNS spoofing or hacking in simple terms. This is the first time in Iran’s Internet history that the regime has admitted DNS spoofing, experts say.
The admission to spoofing, also known as DNS cache poisoning, came on Saturday in a tweet by Sajad Bonabi, a member of the Board of Directors of Telecommunications Infrastructures Company owned by the Telecommunication Ministry.
In his tweet Bonabi said through measures taken [by the company] the problem that Fars News was facing had been resolved. He also advised the websites and companies “that suspect they would be targeted by the cowardly sanctions of the United States” could get in touch with the company to be informed of precautionary measures.
“For the first time in Iran’s Internet history, the Iranian regime has confirmed they have done DNS Spoofing. DNS Spoofing is a method used by hackers to redirect the traffic of a particular website to another destination,”. London-based digital security expert and hacker-hunter Amin Sabeti told Radio Farda.
In the case of Fars News, it means Iran has started to redirect the traffic of Farsnews.com to Farsnews.ir in the infrastructure level for viewers of the website in Iran. “We can call this, in simple terms, a ‘hack’,” Sabeti says.
For almost a day Farsnews.com visitors would see a message saying the IP address could not be found. Like most other websites Fars has alternative domain names, such as Farsnews.ir. Currently, anyone inside Iran who tries to access Farsnews.com is automatically redirected to Farsnews.ir, a national domain which cannot be affected by U.S. sanctions.
However, outside Iran, Farsnews.com cannot be reached unless Farsnews.ir was visited before and the IP address still exists in the browsing history of the device used to access the site.
Visitors inside Iran now have access to the website of Fars News Agency but losing the .com domain means the News Agency will lose its visibility in search engines and all the links to its website, at least for visitors from outside the country.
Fars News Agency publishes news in Persian, English, Arabic and Turkish so the loss of the .com domain will deprive it of the audience it has outside Iran.
In an earlier tweet on Friday evening Bonabi had said that his “colleagues” were offering advice to the companies affected by the U.S. sanctioning of .com domains used in Iran. “The infrastructure that exists in the National Information Network (NIN) resolves many such concerns about unfair sanctions,” he said in his tweet.
Bonabi also reassured Iranian website owners that the problem only affected .com domains sold by American domain registrars and .com domains could also be purchased from none-American registrars or they could simply use domains names with the national .ir ending.
NIN is an intranet and relies on the Internet to function. It is the tool that the regime is planning to use to censor the Internet because it provides access only to selected content and bars VPNs from being used for accessing the sites that the Iranian authorities have blocked.
