Iranian hardliners are becoming more sophisticated and aggressive in how they use the internet, social media tools and applications to promote their agenda, and target activists and others who opposed them, according to two prominent international security researchers.
Presenting before an audience at the Black Hat USA conference in Las Vegas on “Iran and the Soft War for Internet Dominance,” Collin Anderson, a Washington D.C.-based computer scientist focused on internet controls and restrictions on communications, and Claudio Guarnieri, senior research fellow at Citizen Lab, discussed the research they are doing into how groups in Iran use social media and applications to wage its propaganda war, and attack opponents.
“The use of the internet [in the soft war] became publicly visible in Iran in 2009,” Anderson said. “Social networks were used to mobilize for the election, and the place where election results were disputed. The social media sphere was a place for the people who didn’t live in Iran to have their say and have presence in the country.”
While Anderson says that reports at the time were overly the focused on the role of Twitter alone, he adds that the Internet became “hyper-politicized in the country at this time.”
Since then, Anderson says the ground of the soft war has been more hotly contested in Iran as “the use of social media to build good will or have a foreign policy change accepted” has been steadily increasing. In one particularly high-profile event early on, the Iranian Cyber Army in December 2009 conducted a series of defacements and takeovers of online sites and blogs hosted by dissidents.
The researchers pointed up the September 2011 breach of Dutch certificate authority DigiNotar when 300,000 Gmail users in Iran were targeted in this hack and the subsequent man-in-the-middle-attacks that followed. It was believed the Iranian government was behind the attacks. After the fact, many Iranian dissidents were arrested. In addition, Iranian actors been involved in many campaigns of breaching private companies, foreign government entities, and critics.
Things stepped up recently with Iran’s 2013 election, Anderson said. “A lot of people thought the election would be boring and fixed,” he said. “But we saw many of the same things as before... in terms of Internet access and defacements and baiting targets.”
While the use of computer espionage, phishing, malware and site hacking is not uncommon anywhere in the world, Guarnieri and Anderson underscored that the ultimate goal of these hacks is often much darker. “This is affecting real people,” Anderson said. In recent phish scams, critics of the government are sent emails claiming to be the U.S. Central Intelligence Agency, often promising to let them “report terrorists anonymously and receive a reward.”
Attack vectors and approaches continue to shift here, as in other countries. But recently there is more focus on attacks through Facebook, malware, and phishing.