As they strive to control the flow of information in the Internet Age, Central Asian governments are moving away from a party-hack mentality and assuming the mindset of a hacker.
Two Harvard University researchers, Ethan Zuckerman and Hal Roberts, recently took a look at the evolution of censorship in the post-Soviet era. They found that during the early years of the Internet in the 1990s, regional governments tended to rely on heavy-handed methods, especially pulling the plug on Internet Service Providers, to keep the lid on free speech. As web users became more sophisticated, officials had to keep pace, and they began relying on filters to block content.
In recent years, some governments appear to be employing hacker techniques to stifle political opposition, in particular a tactic called 'distributed denial of service,’ or DDoS.
What makes a DDoS attack attractive to Central Asian leaders is its difficulty to trace. The method causes a targeted website to crash by overloading its server with fake requests for information. These bogus requests are sent by “botnets,” or collections of computers that are compromised by viruses or other malware. According to the researchers, the largest DDoS attacks are launched by botnets made up of to tens of thousands of computers.
In one case study, Zuckerman and Roberts examined the experience of an independent Kazakhstani news website, Zonakz.net. In 2009, the site, which is based in Almaty, Kazakhstan’s commercial capital, suffered what the researchers described as a “massive” DDoS attack that lasted over a week. The website had been blocked by the Kazakh government in 2007 after the site posted transcripts of phone conversations between Kazakh politicians, but during the episode two years later, the site was not just down inside Kazakhstan, it was inaccessible all over the world.
Unlike filtering, which renders blacklisted websites inaccessible to those using a certain service provider, usually within national boundaries, a DDoS attack completely shuts down the website for the duration of the assault.
DDoS continues to be a popular method of checking the free flow of information. Adil Soz, a Kazakhstani non-profit dedicated to promoting free speech, reported that this past July that a DDoS attack shut down guljan.org, an online news portal run by Gulzhan Ergalieva, the former editor of the Kazakhstani newspaper “Svoboda Slova.”
While President Nursultan Nazarbayev’s administration may seem like a prime suspect in such attacks, it is extremely difficult to pinpoint the origin of a DDoS blitz, Zuckerman and Roberts suggest. DDoS attacks can involve thousands of infected personal computers, so it is close to impossible to uncover an instigator. This makes DDoS an especially attractive method for quasi-liberal regimes that want to restrict political dissent while maintaining a façade of respect for free speech. Kazakhstan is far from the only country in Central Asia and the Caucasus in which seemingly politically motivated DDoS attacks have occurred: since 2008 opposition-oriented websites in Azerbaijan, Kyrgyzstan, and Georgia have all succumbed to suspicious information overloads.
Just as governments have refined methods of online censorship, free speech advocates, along with opposition political activists, have become more creative with blocking techniques. Programmers have developed DDoS detection/prevention software that can identify and purge malware. A DDoS prevention service has been developed by Kaspersky Lab, a Russian computer security company. Tengri News on October 11 reported that DDoS protection software will be available for purchase in Kazakhstan by 2012.
Zuckerman and Roberts identified another possible way for smaller, independently managed websites to guard against DDoS takedowns – moving to large media-hosting platforms, such as Google's Blogspot service. Google and other large web giants employ dozens of engineers to help fend off DDoS attacks. Zuckerman and Roberts examined Central Asia’s experience with online censorship at the request of the New York-based Open Society Foundations (OSF). [Editor’s Note: EurasiaNet.org operates under OSF’s auspices].
Even though larger hosts can make content less vulnerable to attack, there are no guaranteed safe havens on the World Wide Web. The August 2011 DDoS attack on the Kazakh internet forum “Center of Gravity,” along with sporadic attacks against Livejournal.com and Livejournal.ru prove that even the strongest roofs can develop holes.
The Internet has long been championed by free-speech advocates as a means for promoting global democratization. But the web can also be a tool used to reinforce authoritarian-style political systems. Highlighting this fact was a November 3 report compiled by various US intelligence agencies that showed how the governments of China and Russia were engaged in well-organized, state-supported efforts to use the Internet to systematically pilfer sensitive economic data. Such industrial espionage was intended to close design and production gaps.
Given the ever-changing nature of the web, it looks like there is no end in sight to the cat-and-mouse contest over censorship in Central Asia that pits governments against free-speech fans.