Is the blackout over?
Getty
Iran’s near total blackout appears to be easing after 200 hours. We’re at the very early stages of any kind of return to normal. But early Saturday morning, NetBlocks reported “a very slight rise in internet connectivity,” albeit “overall connectivity remains at ~2% of ordinary levels and there is no indication of a significant return.”
It’s likely that this will continue through the weekend and service will begin to restore. Cyber investigator Nariman Gharib reports two carriers are now starting to reconnect. “It’s still unclear which cities have connectivity, but Tehran has been confirmed. It remains uncertain whether this restoration is permanent or temporary.”
ForbesGrok Has Taken Over Elon Musk’s X—One Click Stops ItBy Zak Doffman
As such, it’s still a little early for take-aways. But I’ll give you three to begin with. First, this Iranian shutdown could be a game-changer for Starlink, both how it operates in countries during anti-regime protests and the countermeasures deployed to stop it. It seems clear that Iran has leaned heavily on Russia, which has implications for Ukraine.
But the other take-aways put Iran’s offensive cyber capabilities — rather than its defensive countermeasures — under the spotlight.
Disinformation observers note supposedly unrelated social media accounts have paused during Iran’s shutdown. This will be explored in slower time. But we have seen the same before. “Dozens of Scottish independence X accounts ‘went dark,’” The Daily Telegraph reported after Israel’s summer air strikes. It has just happened again.
More seriously, Iran’s decision to maintain government internet and social media accounts through the shutdown — and other, less transparent government activity — has exposed these connections from within Iran for what they are. You can bet that the U.S. and Israel among others will have mapped and recorded all these beacons. These will include the offensive threat actors targeting Israel, the U.S. and others.
Even the restoration provides intel — albeit the value of that might be debatable. Somewhat surprisingly, Cloudflare CEO Matthew Prince points out that “Iran traffic still tiny (<1% of usual levels). Asked team to look what it’s accessing. In previous major Internet shutdowns (e.g., North Korea) the first thing to come back was traffic from gov’t buildings looking at porn. If that’s the case here it’ll be funny… and telling.”
ForbesGoogle’s Next Pixel Update Safely Leaves Android Phones BehindBy Zak Doffman
More tellingly, as CSO Online suggests, “Iran’s partial internet shutdown may be a windfall for cybersecurity intel.” The data will not all be obvious. But you don’t see 99% blackouts that persist this long from one of the world’s leading offensive cyber players.
“With only government agencies allowed internet access, the signal to noise ratio in that country is flipped, which could allow digital fingerprinting of the key paths that Iranian state actors use.” And you can bet all that data is now being analyzed bit by byte.