Over the weekend, Google reported that Turkey had intercepted traffic to its public domain name system (DNS) service—part of prime minister Recep Tayyip Erdogan’s increasingly draconian crackdown against the social media networks that are being used to distribute damaging information about him.
To understand why the DNS interception is so troubling, you have to understand how a DNS works: websites use a simple name, such as IBM.com, for the convenience of users. But then domain name systems have to translate those names into their computer-readable numeric form, such as 18.104.22.168.
When Turkey initially blocked Twitter and then YouTube last week, internet users fought back by using Google’s DNS—even spray-painting its numbers onto buildings and billboards in an attempt to spread the word. But now, to combat those guerilla tactics, Erdogan’s government and the country’s ISPs have taken a scary step that could affect all Turkish internet traffic—and even allow it to track down and punish users who try to evade the ban.
Renesys, which security experts consider a reliable source for information about the plumbing of the internet, says that other free DNS services have also been intercepted.
If blocking Twitter is like putting a single phone number out of service, intercepting the DNS is like giving users an entire, fraudulent new phone book—and it’s a troubling escalation against Turkish internet users. The ban began with Twitter, used largely for the discussion of news and politics, then expanded to YouTube, which is far more popular in Turkey because people use it for entertainment as well. A 2012 paper (pdf) estimates that a quarter of Turks over 18 had a YouTube account, compared to just a tenth for Twitter.
The government has also reportedly gone after users of Tor, a popular anonymity tool that saw its popularity in Turkey rocket since the first block 11 days ago. (It’s worth noting that the pre-crackdown baseline should be even lower, due to Tor receiving huge volumes of bot traffic last summer that never fully subsided.)
The truly scary thing about the DNS intercept is that it not only enables a more thorough online blockade, but it could actually be used to track down Turkish citizens who are trying to subvert it.
“Assuming Google’s report is correct, then I believe Turkey would in theory be able to identify the IP addresses attempting to use the DNS server, as long, of course, as these requests pass through the Turkish infrastructure,” says Dr Chris Mitchel, a professor of computer science in the information security group at London’s Royal Holloway University.
That means prime minister Erdogan, who has in the past shown no qualms about arresting journalists, could easily go after the troublemakers attempting to get around the Twitter block. After his party won a disputed local election this weekend, Erdogan vowed to “root out” his opponents, whom he compared to “medieval assassins.”
In the meanwhile, it is probably wise for Turkish internet users to switch away from well-known DNS providers. Robert Hansen of WhiteHat Security, an online security firm, says “diversifying DNS lookups is one way to make the Turkish government’s DNS blockade more difficult.”