Online Tyranny: Revolutionary Guards hunting Iran Internet users

Iran Internet users

Online Tyranny: Revolutionary Guards hunting Iran Internet users

Iranians are considered one of the most vibrant populations using the internet. More than half of the 80 million Iranians, especially the youth, use the internet to share news and information, debating in private, and conducting business.

Iranian regime however, has used the internet to suppress its own people. This practice has been on the uptick ever since the recent protest movement began in Iran in December 2016.

Since then the authorities have focused on political activists in particular with the officials demanding to impose greater restrictions on the Internet and tighter controls over social media.

Comments made by high-level officials, appointments to top positions, and actions taken by legislative and executive branches are all signs that the regime is moving toward imposing tighter restrictions on online activities and the Internet users.

On January 17, 2019, the Assembly of Experts issued a statement saying that “the Ministry of Communications, the High Council of Cyberspace, and all related institutions should actively engage in establishing order in the cyberspace and confront the unethical issues and psychological warfare by the enemy, and take serious steps in monitoring and confronting the opposition and unethical networks.”

Meantime, expanding the role of the military and the IRGC in cyber affairs has alarmed defenders of Internet freedom and human rights organizations.

In April 2019, Khamenei appointed the former commander-in-chief of the Islamic Revolutionary Guard Corps (IRGC), Mohammad Ali Jafari, to head the IRGC’s Baghiyatollah Cultural and Social Headquarters (BCSH).

The BCSH’s significance stems from its cyber operations. Their role is to help the country address the so-called “soft war” that the West is allegedly waging against Iran on the internet. The fact that its head was directly appointed by Khamenei for the first time is an indication of the importance Iran’s ruling establishment attaches to the “soft war” on the Internet, a topic frequently addressed by Jafari.

“Given your interest in being present in cultural fields and having a role in the soft war… I appoint you to head the BCSH,” Iran’s supreme leader said in his order.

Restricting Internet access

The ruling regime has always been trying to impose heavy restrictions on access to foreign media and social networks for the Iranian Internet users.

The internet and social media apps in the country, as well as online user activity, are heavily censored and monitored by the regime.

As an example university students could be punished for engaging in online activities deemed by the government as “unethical” following the passage of an amendment to the Islamic Republic’s academic disciplinary regulations.

“Publishing unethical photos or committing immoral acts in cyberspace and on information-sharing networks will result in disciplinary action against students,” said Jamasb Nozari, director of the state-run Academic Affairs Organization, in an interview with the state-funded Iranian Students News Agency (ISNA) on April 26, 2019.

The amendment was passed by the Supreme Cultural Revolution Council’s Committee for the Islamization of Universities on April 21, 2019.

The new rule does not define what is and isn’t “unethical,” giving the authorities free rein to make arbitrary decisions.

Another example is that when a subscriber of Iran’s Hamrah Aval mobile phone company tries to access Telegram app channels without an SSL protocol (http://t.me), which enable encrypted data transfers, they will be redirected to the 87.98.254.38 website.

Then a message will appear on their screen, such as, “By the order of the Prosecutor General, accessing this content is prohibited and in violation of the laws of the Islamic Republic of Iran. Your device specifications and internet identification have been recorded.”

On January 21, Iranian regime president Hassan Rouhani admitted to Tehran’s attempts in filtering the cyberspace.  He did not even get close to criticizing the filtering efforts in their merits. He just said that they were not successful:

“Well, we were unsuccessful in some of our efforts in recent years,” he said. “We thought it is under our control. We thought it would be filtered if we just ordered so…. What should we do with VPNs?”

Rouhani was not the only official speaking of the regime’s efforts against free flow of information in cyberspace. Four days earlier, Ahmad Khatami, the spokesman for the board of directors of Assembly of Experts, said that in their latest session, “everyone agreed that the damages inflicted by the cyberspace was serious.”

Given the Iranian regime’s terrible track record, it is very meaningful when its officials talk about failure in blocking or controlling the cyberspace. This is not a failure in the first battle. It is the end of a series of expensive endeavors. So as much as it is some good news, it alarms us to try and identify, expose, and counter new tactics by the regime.

In 2019, Iranian media outlets began reporting on the sudden appearance of branch offices of a “Prosecutor General’s Cyber Division Rapid Reaction Center,” a new state agency that appears to be tasked with monitoring and censoring online content and activities.

The center reportedly has offices in Iranian cities including Mashhad, Ardabil, and Khorramabad, but no state official has publicly explained its existence.

In Iran, the government’s Working Group for Determining Instances of Criminal Content (WGDICC) is responsible for monitoring and censoring online content. However, Iranian courts have also ordered websites or apps to be blocked on several occasions.

The Prosecutor General’s Cyber Division Rapid Reaction Center could be the judiciary’s latest attempt to carry out these actions in a systematic way.

Spying on social media users

The regime’s massive cyberwar apparatus is run by the Revolutionary Guards and the Ministry of Intelligence (MOIS) which spend huge amounts of money from the assets of the Iranian people and employ thousands of IRGC members, Basijis and hackers affiliated to them. Their goal is to mislead, spread misinformation, and prevent the free flow of information.

The agents of the MOIS and the Quds Force abroad are a major part of this cyberwar apparatus for spreading lies and deception, and they pursue the regime’s objectives under various covers and titles, and sometimes under the guise of opponents of the regime, misusing internet and social networks and launching hundreds of websites in various languages.

The mullahs’ cyberwar machine has been organized in sets that are unrelated to each other and under different covers, so that the regime’s fingerprints are less visible.

The costs of running this network and its payments are made through complex ways and through non-Iranian intermediaries, or at least outside of Iran to circumvent international sanctions and restrictions. Recent research by international cyber security firms has shown that the source of all these covert accounts is Iran under the rule of the clerical regime.

In many cases, non-Iranian mercenaries of the Ministry of Intelligence and Quds Force, with a completely Western culture, misuse political or electoral rivalry in these countries to carry out the dictated instructions of Tehran.

On the other hand the Iranian regime has always sought to have access to sensitive private data and identify dissidents.

In this regard, it has filtered popular messaging apps, such as Telegram, forcing millions of users into indigenous platforms.

This is a grave security risk for millions of Iran Internet users, allowing authorities access to sensitive personal data and easily identify dissidents.

IRGC hunting Iran Internet users
Telegram Gold transmits the Iranian internet user data to intermediary servers inside Iran.

Such indigenous platforms allow Iranian authorities to receive copies of the Iranian Internet users’ information and get access to users’ devices.

IRGC hunting Iran Internet users
This is a list of the servers Telegram Gold is in contact with.

“Telegram Gold,” “Hotgram” and all indigenous apps are controlled by the Iranian regime, violating the users’ privacy and used to spy on their activities.

IRGC hunting Iran Internet users
This image shows Telegram Gold tracking & reporting the user’s location.
https://t.me/T_1O0/4941

Iran’s minister of Intelligence acknowledged in June 2018 that “Telegram Gold” is a regime-made app and legal.

While Telegram is blocked and illegal in Iran, “Telegram Gold” and “Hotgram” allow Iranian intelligence authorities to monitor message exchanges and provides access to users’ sensitive personal data.

IRGC hunting Iran Internet users
Without the user’s permission, Telegram Gold can: sign the user into a channel, -add a record to the user’s phonebook, exit a channel, open a certain URL, file a Report about a certain channel, …

It is interesting how back in August Iran’s Communications Minister Mohammad Javad Azari Jahromi denied any such ties.

Iranian MP Mojtaba Zolnouri had acknowledged in December 2018 that “Hotgram” and “Telegram Gold” were launched by a security entity inside Iran. As a result, a package of their information is “saved” inside the country.

Starting late April, Google has been warning users about two Iran-made apps by the names of Telegram Gold and Hotgram, advising people not to install these applications that contain spyware capabilities. Google is suggesting users uninstall these applications from their devices and a growing number of people in Iran are becoming aware of the threats posed in these apps that are affiliated directly to the Revolutionary Guards (IRGC).

These two apps have been launched by the IRGC with the intention to steal Iran internet users’ personal information. Prior to this, Telegram had warned the Iranian internet users about the dangers of using Telegram Gold and Hotgram, emphasizing their company takes no responsibility about the personal data of users who use these two apps.