Iran is rapidly emerging as the sixth member of the cyber superpower club. Denuded of its nuclear ambitions by the landmark deal struck last year to limit uranium and plutonium enrichment, some fear Tehran will wield its cyber arsenal as an equally long-range weapon with which to menace its adversaries, The FT’s Sam Jones reports:
In December 2014, Cylance, a US cyber security firm, informed its clients of the activities of Iranian hackers engaged in a project it called Operation Cleaver. Based on a forensic analysis of the hackers’ activities, Cylance pointed to a group that dubbed itself “Tarh Andishan” — “the thinkers” in Farsi — as being behind the action. Thanks to domains, IP and residential addresses used by the hackers in Tehran the research pointed to government-backed organisations as being ultimately responsible.
Cylance declared Iran “the new China” for its aggressive actions in cyber space. Its report detailed a sophisticated online campaign, tracked over two years, that was using custom-built malware to deliberately infect and gain access to sensitive industrial control systems and critical infrastructure in companies across the globe.
“Before the [nuclear] deal, cyber was just one option they used for leverage, but now, post deal, it is even more central to their toolkit,” says one senior Middle Eastern intelligence official. “Iran is poised to do something in cyber that will change the way the world looks at it . . . the US knows this. [The US] saw what they [Iran] did during the agreement and they know what they are doing after it.”
Much of Iran’s capability in cyber space stems from its efforts to control dissent and monitor émigrés in the wake of protests triggered by the flawed 2009 election and emergence of the Green movement, Jones adds:
The Basij militias (right) — the paramilitary, pro-regime forces under the direction of the IRGC — that were crucial in suppressing those protests are now a critical part of Iran’s cyber force… A Basij Cyber Council mobilises “hacktivists” within the Basij — often drawing from Iran’s large pool of young, computer-literate students — to further the Islamic Republic’s message both internally and externally. It is these groups that are responsible for much of the cruder and more belligerent activity in cyber space — defacing websites and attacking US, Saudi or Israeli companies with denial of service attacks, for example. While they are nurtured and encouraged by the IRGC, there is not necessarily a rigid command structure behind their activities. That makes them unpredictable — and difficult to deter.
“[Cyber] is folded into the larger context of political and military relationships that the [Iranian] leadership has to sit down and calculate, ‘When do I want to do this?’” says Jim Lewis, director of technology and public policy at the Washington-based Center for Strategic and International Studies.
One of the groups targeted by the regime’s ‘cyber army’ is Tavaana, a civic education project for Iran which engages many millions of Iranians inside Iran each week via social media, providing educational resources alongside updates on civic protests and dissident activities while also circulating info on the Iranian regime’s human rights violations.
Tavaana’s FB page has often been the leading Persian language FB page in terms of reach and engagement. The Iranian regime has employed all manner of digital attacks to harm Tavaana and stifle its impact. On FB, the regime has made strategic use of trolls, submitting reports to FB alleging that Tavaana is violating its terms of use. These reports have resulted in multiple warnings from Facebook to Tavaana, with one such instance made the subject of an open letter by the project’s founders to Mark Zuckerberg in the Wall Street Journal.
Recently, in the aftermath of the nuclear deal and as human rights violations have increased, Tavaana has received a mounting number of warnings from FB, with one report resulting in a ban on posting photos and videos for one week. FB told Tavaana that the problem was a video taken by an activist showing regime violence against peaceful protestors, claiming that the video violated FB’s terms of use.
Just after the ban was removed on Tavaana’s FB page, Tavaana posted an exclusive production, with a prominent satirist speaking about the jailing and torturing of physicist Omid Kobabi. Immediately the video was taken down by FB, again stating that Tavaana has violated its terms of use.
