Iran's internet blackout is entering day 18, according to monitoring outfit NetBlocks, which says the vast majority of the country has been offline for more than 400 consecutive hours.
The Iranian government imposed domestic internet restrictions hours after the first US-Israel missile strikes against the country on February 28.
NetBlocks reported close to 100 percent internet uptime in the days preceding the strikes, but said it fell to just above 0 percent thereafter.
It said that "chosen users are granted privileged access," but the vast majority are left without any internet connectivity.
Alp Toker, director at NetBlocks, told The Register that some users can, in theory, gain access to the web, but only through channels not under state control, which are few and highly expensive. They are not available to the average person.
"Those who can pay have been more able to get online because they can buy contraband services that are risky to provide," he said. "That can be a VPN which distributes internet connectivity from a Starlink terminal, or a user at the border with another country running a bridge network between the two, which are both banned and not great to be caught operating.
"But most of those who have retained access aren't the contraband users, or even the rich and famous, but rather the communications experts and state-aligned media who have been selected to deliver on-message framing to the outside world. That also includes visiting foreign journalists who are there by permission and unlikely to deviate too far from permitted narratives."
Iran has a history of revoking internet access to citizens in times of crisis. It does so to both prevent information from leaving the country and to stop people from learning more about the situation than what the state is willing to share.
Toker added: "The risk of metadata and geolocation leaks will definitely have been a factor, and other countries in the region are struggling with the same challenge of geo leaks, but the selective mechanisms we're seeing in Iran point to the blackout foremost as a mechanism to shape narratives abroad and keep dissent in check at home."
Weeks before the US-Israel strikes, Iran implemented a lengthy internet and mobile connectivity blackout in January following civil unrest that broke out a month earlier, related to the collapse of the country's official currency, the rial.
The rial's value had roughly halved over the preceding six months, but its decline had been observed for years, owing to a range of factors, mainly inflation, which had risen to over 40 percent.
"What began as protests over currency inflation quickly evolved into an outcry against decades of repression, corruption, and systemic injustice, echoing previous waves of nationwide unrest," said digital rights organization Access Now at the time.
Most of those who have retained access aren't the contraband users, or even the rich and famous, but rather the communications experts and state-aligned media who have been selected to deliver on-message framing to the outside world
Of the latest blackout, the group stated: "Millions of people in Iran have been cut off from the global internet at a moment when access to communications and reliable information is most critical.
"The reported death toll in Iran has surpassed 1,000 people, and the military escalations continue to affect civilians across the Middle East, including the Gulf States and in Lebanon, where the ongoing Israeli attacks have reportedly killed over 500 people and displaced more than 500,000."
Civilians inside the country are not able to communicate via traditional VPNs since there is no access to the internet via telecoms operators, and Mahsa Alimardani, associate director at Witness, told AFP that while phone lines are operational, no one dares to discuss political matters due to surveillance fears.
Organizations like Amsterdam-based Radio Zamaneh are sending broadcasts to Iran over shortwave radio, which is difficult for the state to jam, but access to outside information beyond channels like these is rare.
Nathaniel Jones, vice president of security and AI strategy and field CISO at Darktrace, said that the blackout does not appear to be affecting Iran's offensive cyber groups.
"Seedworm, Homeland Justice, and Handala continue operating from external infrastructure with pre‑positioned access."
All three groups have suspected ties to the Iranian state and its intelligence service (MOIS), although Handala has arguably been the most talked about following its wiper attack on Stryker, which the medical device company said affected its Microsoft corporate environment.
Jones said he expects a continuation of Iran's destructive cyberattacks over the coming days, particularly against critical infrastructure organizations, followed in a few weeks by more sophisticated attacks on supply chains.
Security shop Akamai recently reported a 245 percent increase in cybercrime activity since the US and Israel started the war on Iran, although much of this stemmed from Russia and China rather than Iran itself. ®
Source: The register