New cyber revelations from the People’s Mujahedeen of Iran (MEK), the Iranian opposition movement, about the scope of mass surveillance by the Iranian regime are significant. Why? They show the desperation of the Iranian regime in confronting the uprising that began nationwide last December and has continued to this day.
Anti-government protesters chanted slogans indicative of a revolution: “Death to the dictator,” “Death to (Supreme Leader) Khamenei”, “Death to (Hassan) Rouhani,” “Don’t be afraid, we are all together,” “Forget about Syria, think about us,” “Not Gaza, nor Lebanon, my life for Iran,” and “Reformer, Hardline, the Game Is Now Over.”
The fact that protests expanded to over 140 cities, by some estimates, constitutes an existential threat to the regime and an opportunity to use the people’s resentment as leverage against it. The Obama administration squandered valuable opportunities in the past — most notably during the 2009 anti-government protests in Iran.
Only when the Iranian regime employed cyber technology was it able to slow down the spread of the protests and wage large numbers of arrests.
Protesters’ Use of Cyber Technology
The latest popular uprising in Iran sent shockwaves inside the regime and around the world. Many specialists now view the uprisings as a landmark event. Protesters made use of game-changing cyber technology through mobile devices and social messaging platforms. Technology played a significant role in organizing, exchanging information between different locales, and getting their message out to the rest of the world.
Indeed, protesters’ use of cyber proved to be the regime’s Achilles heel: It could not, despite a show of force, stop the expansion of demonstrations. The protests expanded even as the regime desperately cut off access to the Internet and blocked key mobile apps, such as Telegram, at considerable cost and international embarrassment. A new wave of domestic cyber warfare, led by the Islamic Revolutionary Guard Corps (IRGC), in collaboration with the Ministry of Intelligence and Security (MOIS), accelerated significantly after the eruption of the nationwide protests.
The MEK established that the regime has focused on mass surveillance through malicious codes embedded in IRGC mobile apps. The goal was to monitor and disrupt the communication between protesters and dissidents.
The opposition movement argues that Iran’s domestic cyber warfare shifts focus from access control to “stateful endpoint” surveillance: In other words, with the recent uprising, the Iranian regime is now complementing its network shadowing with “stateful endpoint,” (mobile device) monitoring of content, context, and contacts to counter the expansion of the uprising and avert more protests. Café Bazaar, modeled after Google Play, is supervised by the IRGC and is its platform of choice to promote and distribute spyware enabled mobile apps.
Iran’s universities, according to the opposition group, are “a recruiting ground for IRGC cyber warfare personnel,” with recruits hired through front companies that “often engage in ‘research’ activities with a few of the IRGC’s ‘handpicked professors.’”
Tehran also apparently used foreign assistance to advance its cyber warfare. On Sep. 4, 2012, state-run Fars News Agency reported that the “signing of an agreement between Iran and North Korea to confront cyber-attacks has raised concerns in the west.”
The Way Forward
Access to free, safe and secure Internet is now a new battleground pitting the people against the regime. Data show nearly 48 million Iranians have smartphones and about 50 percent have access to the Internet. As the call for freedom and regime change grows louder in Iran, it is crucial to understand how the international community could stand on the side of the pro-democracy movement by implementing effective measures to curb and confront the regime’s cyberspace repression of the Iranian people. That outcome requires designation of all entities and individuals in Iran engaged in cyber warfare, including enforcing Executive Order 13606.
This order of President Obama’s from April 22, 2012, prohibits any entity to facilitate the Iranian regime in its “computer and network disruption, monitoring, and tracking” and “or otherwise provided, directly or indirectly, goods, services, or technology” that can be used to “enable serious human rights abuses by or on behalf of the Government of Iran.”
Successful cyber warfare against the Iranian regime requires a comprehensive and decisive policy to include the full implementation of the current sanctions against the IRGC and its front companies, as well as measures necessary to evict the IRGC from the regional countries, especially Syria. Finally, the resistance should be offered cyber technology from the West.