Who are the 'Iranian Cyber Army'?
GVF -- In recent months, the so-called “Iranian Cyber Army” has been the focus of attention of both Iranian and even international media. They were first suspected of being connected to the government after hacking into certain Green Movement websites and posting threatening messages aimed at the Movement. Although there is no admitted and proven link between the group and Iranian authorities the scale and nature of their activities rules out the possibility that it is run by a group of zealous “Ahmadinejad loyalists.” The websites that the Army chooses to hack, in addition to the messages posted on the websites’ homepages strengthens the idea that other hidden hands are also involved in attacking the Green Movements’ websites.
The impetus for further look into the group and its origins wasthe political nature of the messages posted by the group as well as a statement by an official from the country’s aviation industry which actually rose to defend the actions of the Iranian Cyber Army that some say consists of Russian hackers based outside Iran.
But who are Iranian Cyber Army and what is their origin? Before going further, let's take a closer look at some details of the recent events:
Twitter Under Attack
On December 17, when Twitter became inaccessible in some countries, users were redirected to an English webpage which contained the following message:
Iranian Cyber Army
THIS SITE HAS BEEN HACKED BY IRANIAN CYBER ARMY
iRANiAN.CYBER.ARMY@GMAIL.COM
U.S.A. Think They Controlling And Managing Internet By Their Access, But THey Don’t, We Control And Manage Internet By Our Power, So Do Not Try To Stimulation Iranian Peoples To….
NOW WHICH COUNTRY IN EMBARGO LIST? IRAN? USA?
WE PUSH THEM IN EMBARGO LIST
Take Care.
Attacking Baidu
When Baidu, the biggest Chinese search engine and Google’s most important competitor, was hacked on 11 January, a message read “This site has been hacked by [the] Iranian Cyber Army." Below, in Persian, it said:
"Iranian Cyber Army has been established to fight back against Zionist and pro-democracy websites."
This unleashed a cyber war between Iran and China and led to several official Iranian websites including official websites of Iranian leader and president being hacked by The Honker Union, a Chinese hacking group.
Attacking Radio Zamaneh
Late night on Friday 29 January, the website of Radio Zamaneh a Dutch-financed opposition radio in Persian was attacked by The Iranian Cyber Army. The attackers placed their signature on our main webpage with an Iran flag and warning message in Persian: “you who betray your country are not safe even when you are with your masters.”
Attaching Amirkabir University News
A support of the Green Movement, Amirkabir University news website was hacked on 6 February by the Iranian Cyber army with a series of religious slogans following a note indicating their absolute obedience to the supreme leader: “We will attack at the Leader's orders and put our lives on the line for him.”
Attacking Jaras
Jaras News, an important source of information for the supporters of the Green Movement, was hacked on February 12 followed by this message:
In respect to the referendum which took place on 22 Bahman (February 11, 1979), and people who voted, and in respect to the great nation called Iran.
Don’t be ‘tools’ for those individuals who safely live in America and use you as their ‘tools’.
Children of Iran
Tormenting the “Iranian Cyber Army”
On 5 February, the Khodnevis website published a satiric article in its "false news" column by Nikahang Kowsar: "Iranian Cyber Army has surprisingly hacked the Mehrabad [Tehran’s international airport] portal in a such way that the users who are actually the airport staff were redirected to the RAJA Railways Company. This was done in the early hours of the night and if continued till Saturday morning would have caused a serious disaster such as several simultaneous aircraft accidents ... Even though experts believe that the hacking took place by accident, and the problem was resolved after an hour.”
Even though the article was published as satire at a time when Radio Zamaneh had been hacked by the Iranian Cyber Army, a rumour spread in the Iranian media in a matter of hours and the Iranian Cyber Army had become the main theme of a joke among Iranian news websites and many had even published it as actual news.
Two days after the rumour, Morteza Dehghan, president of Mehrabad Airport dismissed the rumours and linked the "unsuccessful" attempts by certain media that were against the Islamic Revolution. He also defended the performance of Iranian Cyber Army by saying "these rumours mean that they have realised the true power of Iranian Cyber Army". Nikahang Kowsar saw this as a clear indication of official government support for the activities of the Iranian Cyber Army.
Iranian hacker groups
There have been many hacker groups in Iran within the past eight years. Some of the most prominent ones are Ashiyaneh, Shabgard and Simorgh. In a country where cyber crimes are affectively non-existent, these groups can easily attack websites either for gaining recognition or simply as competition amongst themselves.
However, as attacks by these groups against the government increased, the interest of security and intelligence apparatus in Iran was aroused and they became interested in the power of hacker groups and in controlling them for their own interests. Hence, a campaign had started to direct these attacks towards the government's targets.
Many hacker groups were gathered by the intelligence bodies and cooperation began with the hackers in order to confront government opposition. After a while, these hackers would start training military technicians how to hack.
The Iranian Cyber Army
Ashiyaneh was one of the first groups to join the government’s group of hackers and was soon attacking opponents of Islamic Republic. News of their activity was actually reflected in the pro-government media: such as IRNA, Kayhan and IRIB.
Military personnel taught to hack
In parallel with the activities of the hacker groups, seemingly private companies were set up in order to find and employ professional hackers and use them to teach hacking methods to security forces and to provide their basic needs. These companies were responsible for instructing hackers and accomplishing Iranian Cyber Army projects. These companies are also involved in importing military technology for the Iranian armed forces. Among the names of the managers of these companies is the name of a high ranking security official’s son who has been using his father's relations for close collaboration with security and military forces to the best of his advantage. He also used military funding to establish the his company and hired a professional group of hackers and began carrying out projects for the state.
Group members
Establishing the Iranian Cyber Army was first proposed in 2005 by the Revolutionary guard (IRGC), but its implementation was accelerated as media attacks against the Ahmadineajd administration grew following his government's mismanagement of the country in all fields. Shortly afterwards, the group experienced a considerable expansion and its members were far more than just a few names. The group’s human resources department would find professional hackers, and blackmail them into cooperating with the group. In the case of refusal, the hackers would be threatened with imprisonment.
The level of control and security over the communication and links between the members is such that some of the hackers are not even aware of the fact that they’re working for the Iranian Cyber Army. Owing to the long history of hacker activity in Iran and the skilful members in the group, it is sometimes said that The Iranian Cyber Army’s performance is comparable at times to its counterparts in the United States and Israel. Its members are also put into use by the IRGC cyber division.
The semi-official Fars news agency reported in 2009 that one of the American security and military institutes, called Defense Tech, has included Iran among the top five in its list of the most powerful countries in terms of cyber force. This institute had also stated that the Iranian cyber Army was a subdivision of IRGC cyber team with an annual budget of 76 million US dollars.
The Army's time constraints
What is interesting about The Iranian Cyber Army is that it has actually not hacked the servers of the mentioned websites so far, but has only hijacked the domains of their cyber victims in the past few months. This is a sign of their limited time for accomplishing their designated tasks. For the infamous Twitter attack, they were able to hack one of the Twitter staffs’ computers and used his email to reset the control panel of the domain. A similar method was used previously by an Iranian hacker in 2005 to hack one of the websites belonging to NASA. In order to hack Jaras and other websites belonging to the reformist groups and the Green Movement, they adopt a technique called DNS catch spoofing which changes the domain destination.
- Amnesty International: 'Iran must release or try US hikers held without charge for a year'
- Journalist Issa Saharkhiz sentenced to 15 months in prison & barred from journalism
- Post-Election Protester’s Death Sentence Upheld; Re-Trial Denied By Supreme Court
- Abdolreza Tajik: Sexual assault in prison
- HRW: Release and Provide Urgent Medical Care to Jailed Activist
- Green Movement supporters among IRGC forces
- ETS Resumes TOEFL and GRE Registrations in Iran