PhoenixFire

Immunicity Returns

On the 2nd of October the Government Intellectual Property Office and the City of London Police PIPCU posted to twitter about how they’d diverted 11 million views from ‘pirate’ websites since July 2014.

Unfortunately there’s a slight problem with their claim; some of the seized domains, such as immunicity.org, have been under the control of Brass Horn Communications for several months now, hundreds of thousands of those supposed diverts have actually been seeing the following page;

divert

Domain seizures are censorship and as we all know; the Net interprets censorship as damage and routes around it.

Hopefully PIPCU will concentrate on people actually committing crimes rather than those who are just routing packets.

safe

Introducing ASafe.Space

David Cameron recently said in a speech that he would deny potential Terrorists a safe space on the Internet to communicate;

The obvious problem here is that everyone is a potential Terrorist so what David Cameron is actually promising that he intends to legislate against anyone having a means of communication that is secure from Government interference.

We’ve seen that GCHQ and the Police have abused (or just plain broken) laws in order to spy on Journalists, Lawyers and other innocents, the Government can not be trusted with these powers.

In response ASafe.Space has been registered and will contain a few short guides on how to have a safe space to browse the Internet, communicate over Instant Messaging, Email or even Pen and Paper.

Evading censorship and surveillance are one and the same, if the censor doesn’t know what you are saying or what you are reading they can’t stop you nor can they hold it against you.

bg-telesales-signpost

Bypassing EE’s Content Lock system without a credit card or identifying yourself

When you buy a service from EE it will be filtered at their moderate level by default, the other options are Strict and Off.
Strict is designed to be safe for children and Off is for Adults.

Of course even if you were to request that all filtering to be turned off it is still possible that you’ll fall foul of an incorrect IWF filter and be presented with the following page;
ee-illegal

Putting the IWF and their secret blocklists aside there are many reasons you may not want to disclose information to EE or handover a credit card (you might not have one for instance) but still need to get past their filters that will block a female centric “adult” site that blogs about Censorship due to the content of the copy but will quite happily let you visit LiveLeak.com and watch people get killed.

The good news is that the EE Content Lock is quite easy to circumnavigate.

DNS Spoofing: No
MiTM SSL: No
Deep Packet Inspection: Yes
Destination IP Transit Interference: No
-
Unique Reason for Block: No
Categorised Block: No
Ability to report incorrect block: No

The goto advice is always to download Tor as it will not only bypass all filtering but it will also help mask those who need to use Tor to aid in protecting their privacy.

If you aren’t comfortable with installing software such as Tor then you could follow our guide on Creating a SOCKS5 Proxy which also works perfectly.

Finally the EE Content Lock system cannot MiTM SSL so even for blocked URLs such as http://reddit.com/r/nsfw (note that reddit.com isn’t blocked but /r/nsfw is!) can be accessed by using SSL.
Unfortunately reddit relies heavily on Akamai so the SSL certificate will be incorrect and you really shouldn’t get in the habit of accepting incorrect SSL.

Whilst this post proves it is trivial to bypass Government co-erced filtering it is likely that there will soon be a call to make filtering mandatory and criminalising attempts at bypassing them.

The best way to prevent this is to write to your MP and tell them that you don’t believe that any form of filtering has any place on the Internet.

ee_0

EE – Your Internet must be Filtered if *anyone* under 18 has access

So as an Adult it appears you are contractually obliged to be filtered if anyone under the age of 18 is going to “use” the SIM.

And yet EE still don’t tell you exactly what else it is that you’ll be blocked from seeing as their block lists aren’t public.

12217_large_neutral-bits

U.K. Government Willing To Block EU Net Neutrality Deal

BuzzFeed has reported that the Government is so intent on continuing to block online material, that it is willing to block the EU Internet Neutrality laws;

We wouldn’t support anything that restricted our ability to block illegal material.

We do not support any proposals that mean we cannot enforce our laws, including blocking child abuse images.Government spokesperson

Note that is no longer just about protecting children, it’s safe to say we’ll start to see the blocking of “extreme” material soon enough…

jquery

Sky Overblocks and takes out JQuery

ThinkBroadband (amongst others) has reported that Sky has yet again overblocked a website.

This time it was code.jquery.com which a lot of other websites rely on to serve the well know Javascript frameworks core files from.

Things like this are bound to happen, were predicted to happen and will continue to happen, causing untold damage to businesses and people.

JQuery was temporary blocked this morning having been misclassified. Our review process kicked in shortly afterwards and the site was unblocked just over an hour later.Sky

burning-book

From Mary Whitehouse to Book Burning in just one Year

A year ago today The Spectator ran an article in which Claire Perry said, in reference to online filters, that 

I’m in no way the Mary Whitehouse of thisClaire Perry

Well a year later and people are not only referring to her as that but putting her in the same category as the Stasi and book burners;


 

At one point the plan was for a filter that checks the age of the child browsing, rather than her original call for all users to opt-in to accessing adult content on their computer, which a government consultation rejected. Somehow, 12 months later, we have exactly that.

Despite criticism from the ISPs, celebrity advisors and the Internet at large Claire Perry is proud that the government is pushing ahead with these plans.

Regardless of what people tweet, history will look back at sources such as the BBC and Wikipedia where her name sits side by side with the words Internet Censorship.

Claire Perry, you’ve made the world slightly worse.

nouveau-logo-league-of-legends

League of Legends patches intercepted by DPI / URL Filters

LazyGamer.net has reported that patches being rolled out for League Of Legends has been blocked due to incidental filenames.

If your patcher logs show many lines like this:

RADS::Common::HTTPConnection::GetFile: File not found

And that happens with files with a name similar to this:

VarusExpirationTimer.luaobj

XerathMageChainsExtended.luaobj

The cause is that your provider is blocking any URLs that contain any pornographic content. Apparently that includes cases like this. An other cause are Router protection settings, which may also block the word sex.

If you are experiencing this problem, you can try to get the whole LoL folder zipped from a friend every time you patch, or just call your ISP to lift the blockade.

Edit: This should only happen to people who switch or signup with new ISPs after a certain date (I’m assuming 1st Jan). The filter won’t be on by default to any existing customers, at least it won’t on BT, so most people will be unaffected. If the filter is on, all it takes is a call to your ISP and it’s off. (thanks to /u/mejti )

Edit2: Read this: http://www.huffingtonpost.com/2013/07/29/uk-internet-filter-block-more-than-porn_n_3670771.htmlhttp://www.reddit.com/user/LoLBoompje

What is obviously quite scary about this revelation is that it means that this might not just be a simple URL or DNS based block but could be indicative of the far more intrusive Deep Packet Inspection technology rolled out by China and TalkTalk.

It’s not a long shot to fear that games will start breaking or gamers will get accused of cheating by software such as Steams VAC if ISPs start blocking data (e.g. chat messages or server instructions) that contain naughty words.

Lord-Clement-Jones-_244642k

Lord asks “Shouldn’t Filters (that don’t work) be compulsory?”

On the same day that the BBC reports that “Children can turn off Net Filters” a LibDem Lord has asked whether the choice of filtering should be taken out of parents (read everyone’s) hands and be made compulsory

I also welcome the recognition by the Prime Minister and the Secretary of State for Culture, Media and Sport of the need for adequate filtering to protect young people from online abuse. However, as was discussed in this House only recently with the Online Safety Bill of the noble Baroness, Lady Howe, should we not be making filtering compulsory? Is it enough simply to leave it up to parents to make the choice about appropriate safety features?Lord Clement-Jones

Within weeks of the filters that everyone predicted would herald a slippery slope to mandatory filtering with ever encroaching levels of censorship going online we’ve already started to slide.

Now more than ever you need to start teaching your friends and family how to survive the Claire Perry Internet.

dns

Basic DNS Filter Evasion: HOSTS file

Background:

Various ISPs such as Sky and BT use DNS manipulation to spoof responses that forwards requests to their proxy server instead of the correct response.

Taking BT as an example a request for a blocked site has been seen to return an IP from within this netblock instead;

inetnum: 213.120.234.0 - 213.120.235.255
netname: BT-UKIP-IPV4-INFRASTRUCTURE
descr: POP
country: GB
admin-c: BS1474-RIPE
tech-c: BS1474-RIPE
status: ASSIGNED PA
remarks: Please send abuse notification to abuse@bt.net
remarks: New netname
mnt-by: BTNET-MNT
mnt-lower: BTNET-MNT
mnt-routes: BTNET-MNT
source: RIPE # Filtered

Sky commonly reports back with IPs from;

inetnum: 90.207.238.128 - 90.207.238.191
netname: SKY-IRONMAN-VIRTUALISATION-LAN
descr: Sky Network Services
country: GB
admin-c: BBH-RIPE
tech-c: BBH-RIPE
status: ASSIGNED PA
mnt-by: BSKYB-BROADBAND-MNT
source: RIPE # Filtered

Initial research indicates that even attempting to use 3rd Party DNS servers on some ISPs elicits a spoofed response which indicates that these ISPs are intercepting and monitoring ALL DNS queries you make. This presents a variety of concerns such as the accuracy of SPF, DNS-SEC or TXT responses but that’s a topic for another time.

Circumnavigation:

If you discover that you are getting faked responses and are unable to reach the correct webserver follow the steps below.

  • Get the A Record
    • Navigate to a website such as http://www.dnsstuff.com/tools
    • Look for the DNS Lookup tool
      dns_lookup
    • In the text box enter the URL you are trying to reach (e.g. www.google.com)
    • Select A from the record type
    • Submit the request and make a note of the IP address returned.
  • Edit the Hosts file
    • Windows
      • Start notepad.exe as an Administrator
      • Open C:\Widnows\System32\drivers\etc\hosts
      • Add the URL and the IP address in the format shown below;
        173.194.34.67 www.google.com
      • Save the file ensuring that a file suffix isn’t appended
    • Linux / Mac
      • Open /etc/hosts as the superuser with your editor of choice (vim!)
      • Add the URL and the IP address in the format shown below;
        173.194.34.67 www.google.com
      • Save the file ensuring that a file suffix isn’t appended
  • Testing
    • Load up a cmd prompt (Ctrl + R, type cmd, press return)
    • Type nslookup www.google.com
    • Ensure you receive the IP address you entered in the hosts file

 

If the ISP is using BGP filtering methods, Deep Packet Inspection (DPI) or a transparent proxy then this still may not work as they’ll detect traffic going to the blocked IP subnet and act accordingly.

Keep an eye on our How to Evade Blocks page and follow @STCPI on Twitter for more methods to discover and evade Internet censorship.