Internet censorship revealed through the haze of malware pollution

By By Jan Zverina | 09 Mar 2012

On a January evening in 2011, Egypt – with a population of 80 million, including 23 million internet users – vanished from cyberspace after its government ordered an Internet blackout amidst anti-government protests that led to the ouster of Egyptian President Hosni Mubarak. The following month, the Libyan government, also under siege, imposed an internet ''curfew'' before completely cutting off access for almost four days.

To help explain exactly how these governments disrupted the internet, a team of scientists led by the Cooperative Association for Internet Data Analysis (CAIDA) at the University of California, San Diego, conducted an analysis based largely on the drop in a specific subset of observable internet traffic that is a residual product of malware.

CAIDA is an independent analysis and research group based at the San Diego Supercomputer Center, at UC San Diego, dedicated to investigating both the practical and theoretical aspects of the internet, to promote a robust and scalable global internet infrastructure.

Many types of malicious software or network activity generate unsolicited traffic in attempting to compromise or infect vulnerable machines. This traffic ''pollution'' is commonly referred to as internet background radiation (IBR) and is ubiquitously observable on most publicly accessible internet links.

The analysis marks the first time that this malware-generated traffic pollution was used to analyse internet censorship and / or network outages, and the researchers believe this novel methodology could be adopted on a wider scale to create an automated early warning system to help detect such internet reachability problems in the future.

''We actually used something that's generally regarded as bad – traffic pollution due to malware – for a beneficial purpose, specifically to improve our understanding of geopolitical censorship behaviour,'' says K C Claffy, CAIDA's founder and principal investigator for the research, funded by the National Science Foundation (NSF) and the Department of Homeland Security (DHS).