Iran’s Islamic Revolutionary Guard Corps (IRGC) has reportedly engaged in a series of coordinated cyber warfare tactics to spy on, police, and arrest the Iranian people to secure its theocracy.
On Thursday, the National Council of Resistance of Iran (NCRI) released a report titled, “Iran: Cyber Repression; How the IRGC Uses Cyberwarfare to Preserve the Theocracy.” The report details how the IRGC’s Ministry of Intelligence allegedly creates apps that are downloaded by or unwittingly installed onto Iranians phones and then used as tools to spy on them.
Cyber repression also occurred during the 2018 uprising, which began on December 28 and continues to this day.
“Some 142 cities were engulfed in the demonstrations that took place against Khamenei, Rouhani, and the reformers,” Alireza Jafarzadeh, NCRI’s deputy director said.
On Wednesday, Jafarzadeh presented a detailed report of the IRGC’s extensive infiltration into civil society through apps created by the regime to mimic Telegram and Instagram.
According to Jafarzadeh, there are 48 million mobile users in Iran; that figure is a 48,000-percent increase since 2009, when the so-called “Green Revolution” took place in reaction to Mahmoud Ahmadinejad’s fraudulent re-election to the office of the presidency.
Telegram is by far the most widely used and popular messaging platform for Iranians because it has encryption capabilities. Instagram is the second-most popular social media platform used by Iranians.
Mobile apps like Telegram and Instagram gave the protesters the ability to organize throughout various cities. The regime blocked those applications, forcing the Iranian people to use the Iranian regime’s alternate applications which allows them to spy on the people.
He said the regime launched an extensive cyber PSYOP and social engineering effort to lure users away from Telegram, spread fake news, and fake photos.
The regime reportedly has “close to 100 domestically designed apps, unofficial form versions of Telegram,” according to Jafarzadeh’s presentation.
Mobogram, Telegram Farsi, Hotgram, Wispi, Black Telegram, and Telegram Talayi are some of the names of these unofficial, knock-off versions of Telegram.
The regime also has a domestic app marketplace called Cafe Bazaar where users can buy programs and software.
According to the presentation, Cafe Bazaar is for Android and was cofounded by Hessam Mir Armandehi; a graduate of Sharif University of Technology.
At least two of the IRGC’s spyware apps, Mobogram and Wispi, are available for download from Apple, Inc. “This is a mobile app created by the IRGC to spy on and arrest protesters,” Jafarzadeh said.
The other IRGC apps include Hotgram, Telegram Farsi, Telegram Talayi (gold), and Telegram Black.
Jafarzadeh said the tactics of the IRGC are focused on mass surveillance using “malicious codes embedded in the IRGC mobile apps” which he said disrupts the communication of and between dissidents. These are closely monitored.
Jafarzadeh said Iran’s cyber warfare is a sign of weakness and not strength that stems from “fear and desperation.”
He also noted that Hanista is an IRGC front company introduced as a programming group which focuses on enabling Iran’s cyber commerce with mobile apps in Farsi. Hanista is controlled by the IRGC’s Intelligence organization.
Mobogram, an app developed by Hanista, is reportedly also presented as “an alternative to Telegram,” blocked by the regime at the onset of the recent protests. “It’s controlled environment lets the regime surveil users, identify and arrest protesters,” a slide during the presentation read. Mobogram is an unofficial Farsi-language version of the original Telegram app that was developed under the supervision of the IRGC and IRGC Intelligence units.
“Malware analysis of top 6 apps indicates consistent threat score of 100/100,” NCRI’s report notes. The report also notes that these apps have the ability to:
- execute code after reboot
- open an Internet connection
- dial a phone number
- record audio
- read device ID (IMEI or ESN)
- send an SMS
- have Spyware/Information Retrieval (found on Wispi app installs a monitor for incoming SMS)
- execute bot commands
- access external storage
- query the phone locations (GPS)
- find a reference to an external IP address lookup service
- antivirus detection – check for presence
- anti-reverse engineering to look for debuggers/analysis tools
- embedded IP address in binary/memory with a port assignment so user’s data can be sent bi-directionally
“There some reports from end users that these apps automatically remove telegram channels associated with opposition or uprising,” Jafarzadeh said. “There needs to be a concerted effort from the intentional community to address these issues.”
According to Thursday’s event, Mohammad-Javad Azari Jahromi, the Minister of Information and Communications Technology (ICT), worked in close collaboration with the head of IRGC’s Intelligence organization, Hossein Taeb. Jahromi. A key member of President Hassan Rouhani’s inner circle, he was also involved in shutting down Telegram.
Jafarzadeh said he was engaged in the design and deployment of Iran’s surveillance infrastructure, including filtering and blacklisting URLs, hosts and keywords. He said the regime acquired this technology from the West. “Ironically, they use western technology to their advantage. The regime has weaponized western technology against its own people,” Jafarzadeh said.
He added that Hojiat Al Islam Mehdi Taeb (head of Ammar Cyber Base) and his deputy is Hojjat Al Islam Alireza Panahian (Deputy for Ammar Cyber Base also known as Ammar Cultural Base) are focused solely on cyber operations.
During Thursday’s presser, Jafarzadeh said that the IRGC’s growing cyber warfare tactics violates Article 19 of the Universal Declaration of Human Rights.
He said the People’s Mojaheddin Organization of Iran (PMOI), through their MEK (Mojaheddin-e-Khalq) network in Iran, was able to access this information on the ground during the uprising.
Jafarzadeh explained that Iran’s cyber warfare program stems from Supreme Leader Ayatollah Ali Khamenei at the top. Jafarzadeh quoted Khamenei as having said that “cyberspace is as significant as the Islamic revolution” and, “If I wasn’t the leader of the revolution, I would definitely be in charge of the cyberspace of Iran
Asked by Breitbart News what steps can be taken to thwart the IRGC’s destructive behavior and continuous assault on the rights of its citizens, Jafarzadeh said:
There has to be a serious interest on behalf of the international community, especially the United States. I truly believe if there is a will there is a way. They can find ways to sabotage the IRGC in their cyber warfare, prevent them from what they’re doing and at the same time provide free access to free Internet for the rest of the population.