An online user purporting to be affiliated with Anonymous said the Iranian assembly had been hacked.
Jakub Porzycki | Nurphoto via Getty Images
Anonymous and other global hacking groups are engaged in a multipronged cyber assault on Iran, joining the fight with protesters on the bottom in resistance to the country’s strict hijab laws.
Hundreds of amateur hackers have organized online to orchestrate cyberattacks on Iranian officials and institutions, in addition to share tips about get around curbs on web access by utilizing privacy-enhancing tools.
Web access in Iran has been extremely limited in recent weeks after protests erupted over the death of Mahsa Amini, a 22-year-old Kurdish Iranian woman.
Amini died in hospital in Tehran under suspicious circumstances on Sept. 16 after being detained by Iran’s so-called “morality police” for allegedly violating the country’s strict Islamic dress code by wearing her hijab too loosely.
Eyewitnesses say Amini was beaten by the police. Iranian authorities denied any wrongdoing and claim Amini died of a heart attack.
The Iranian Foreign Ministry didn’t reply to a CNBC request for comment. On Monday, Iran’s supreme leader, Ayatollah Ali Khamenei, delivered his first public remarks on the protests, backing the police and blaming the unrest on “foreign interference” from the U.S. and Israel.
Doxing and DDoS attacks
On Sept. 25, Anonymous, the international hacktivist collective, claimed to have broken into the database of the Iranian Parliament, obtaining the private information of lawmakers.
A YouTube account purporting to be affiliated with the group said the Iranian assembly had been hacked.
“The Iranian parliament supports the dictator when it should support the people, so we’re releasing the private information of all of them,” they said, their voice altered in a way typical of the cyber gang.
On the messaging app Telegram, Atlas Intelligence Group, one other hacking group, says it leaked phone numbers and email addresses of Iranian officials and celebrities, a tactic often known as “doxing.”
It also offered to sell apparent location data on the Islamic Revolutionary Guard Corps, a branch of Iran’s armed forces, in response to Check Point, which has been documenting hacktivists’ efforts in Iran.
Anonymous-affiliated groups say in addition they released data presupposed to have come from various government services, ministries and agencies — in addition to a university — and claimed responsibility for hacks on the Iranian presidency, central bank and state media.
While it’s difficult to confirm the hackers’ claims, cybersecurity experts said they’ve seen quite a few signs of disruption to Iran from vigilante hackers.
“We’ve observed a couple of indications of presidency web sites being taken offline by hackers,” Liad Mizrachi, security expert at Check Point Research, told CNBC. “Predominantly we now have seen this being done through Distributed Denial of Service (DDoS) attacks.”
In a DDoS attack, hackers overload an internet site with large amounts of traffic to make it inaccessible.
“Mandiant can confirm that several of the services claimed to have been disrupted have been offline at various time limits, and in some cases, remain unavailable,” Emiel Haeghebaert, threat intelligence analyst on the cybersecurity company, told CNBC.
“Overall, these DDoS and doxing operations may add to the pressure on the Iranian government to pursue policy changes,” he said.
On Anonymous’ involvement, Haeghebaert noted it was “consistent with activity” previously credited to affiliates of the organization. Earlier this yr, Anonymous launched a slew of cyberattacks on Russian entities in response to Moscow’s unprovoked invasion of Ukraine.
Bypassing web restrictions
Hacking groups are encouraging Iranian residents to bypass Tehran’s web blockade by utilizing VPNs (virtual private network), proxy servers and the dark web — techniques that allow users to mask their online identity so that they cannot be tracked by web service providers (ISPs).
On the messaging app Telegram, a gaggle with 5,000 members shares details about open VPN servers to assist residents to bypass Tehran’s web blockade, in response to cybersecurity firm Check Point, which has been documenting hacktivists’ efforts in Iran.
A separate group, with 4,000 members, distributes links to educational resources on the usage of proxy servers, which tunnel traffic through a consistently changing community of computers run by volunteers to make it difficult for regimes to limit access.
As dissent grew within the Islamic republic, the federal government quickly moved to throttle web connectivity and block access to social media services like WhatsApp and Instagram, in an apparent effort to stop footage of police brutality being shared online.
No less than 154 people have been killed within the Iranian government’s crackdowns as of Sunday, in response to the independent and nongovernmental Iran Human Rights Group. The federal government has reported 41 deaths.
Web security firm Cloudflare and web monitoring group NetBlocks have documented multiple examples of disruptions to telecommunications networks in Iran.
“It has been really hard to be in contact with family and friends outside Iran. The web is tousled here so sometimes we won’t communicate for days,” one young skilled in Tehran told CNBC via Instagram message, requesting anonymity on account of fear for his safety.
“I even have limited access to Instagram so I exploit that in the meanwhile,” to contact people, he said, adding that he and his friends depend on VPNs to access social media platforms.
It’s believed to be one among the worst web blackouts in Iran since November 2019, when the federal government restricted residents’ access to the net amid widespread protests over fuel price hikes.
“THEY ARE SHUTTING THE INTERNET TO HIDE THE KILLING. BE OUR VOICE,” several videos and posts widely shared by Iranian activists on social media read, together with footage of street protests and police violence.
Digital freedom activists are also attempting to teach Iranians access the Tor browser, which lets users hook up with normal web sites anonymously in order that their ISPs cannot tell what they’re browsing. Tor is usually used to access the “dark web,” a hidden portion of the web that may only be accessed using special software.
“It shouldn’t be the primary time we see actors involved in Iranian affairs,” Amin Hasbini, director of world research and evaluation at cybersecurity firm Kaspersky, told CNBC.
Lab Dookhtegan, an anti-Iran hacking group, has been known to leak data claimed to belong to Iranian cyber-espionage operations on Telegram, for instance. A report from Check Point last yr detailed how Iranian hacking groups were targeting dissidents with malware to conduct surveillance on them.