Feeds

Hackers, bloggers 'bunged cash to spin for Iran 2.0'

Put in a good tweet for us, says Revolutionary Guard

Remote control for virtualized desktops

CyCon 2012 The Iranian government is investing heavily in hacking expertise and online propaganda in order to promote its way of life under the country's post-Islamic Revolution regime - as well as using its new resources to tighten up control and surveillance of its citizens.

This is according to Jeff Bardin, chief intelligence officer at Treadstone 71, a US-based intelligence analysis firm. He told delegates to the International Conference on Cyber Conflict (CyCon) in Tallinn, Estonia that intelligence divisions within the Iranian military are working together with former members of hacking groups to fight "Western cultural influences" and online dissidents as well as promoting Iranian foreign policy objectives.

Key groups in the move include the Islamic Revolutionary Guard Corps (IRGC), the paramilitary Basij militia and the hacker group Ashiyane, according to Bardin. Ashiyane, which maintains an active forum, denies any affiliation with the IRGC or the Iranian government. But Bardin claimed that, contrary to its denials, Ashiyane actually offers training courses in IT security to Iranian government organisations as a preferred supplier.

Bardin said he believes the core members of Ashiyane were drawn from a hacker group that cut its teeth defacing Western websites and running more elaborate hacks as the so-called Iranian Cyber Army.

The Iranian Cyber Army used a DNS attack to hijack Twitter in 2010 before using much the same techniques to redirect surfers towards a defaced version of the home page of Chinese search engine Baidu weeks later.

Ashiyane appears to have expertise in running DDoS attacks to knock websites offline, web page defacement, infiltration and credit card theft, says Bardin.

The IRGC is an overarching organisation whose role in Iranian society has expanded behind its origins as a type of national guard to become a huge business empire and lynchpin of President Mahmoud Ahmadinejad's administration.

Shortly after playing a key role in suppressing dissent following the disputed presidential election of June 2009, the IRGC, by way of a company it is tied to, acquired a majority $8bn stake in the Iran Telecommunications Company. By controlling the telecoms infrastructure, the IRGC can now apply even heavier censorship controls on Iranian web access.

The Revolutionary Guard was established in 1979 to suppress counter-revolutionary forces but it has become is similar to what it was created to eliminate: the Shah's Imperial Guards. Bardin described the organisation as employing a "communist-style model" featuring regular "purges" and constant-jockeying for position and favour, a process often affected by external events.

"The IRGC didn't foresee the power of social networking" in the run-up to the 2009 Iranian presidential elections but is now pushing heavily to promote a Web 2.0 version of its brand of Islam.

Bardin said that the IRGC is paying online activists and bloggers to promote the Islamic Republic in forums, Facebook pages and elsewhere online, an assessment shared by Israeli intelligence analysts - but they reckon reckon cyber workers are paid $4.30 (£2.70) an hour, which is higher than the average wage.

Iran is seeking to promote its version of Islamic Revolution to the Shia populations of neighbouring Gulf states, such as Bahrain, as well as influencing political groups in Syria, Lebanon and Palestine – including Hezbolah and Hamas.

IRGC is very capable and the West shouldn't "underestimate its adversary," Bardin concluded.

Other IRGC operations may have included planting a back door in a Trojanised version of the Simurgh privacy tool to spy on Iranian surfers and the infamous Diginotar and Comodo digital certificate hacks, Barbin suggested.

Bardin's well-attended talk limited itself to Iran's information warfare and propaganda capabilities and deliberately skirted any reference to the infamous Stuxnet worm or the recently uncovered Flame worm, aside from a brief reference to Iran's development of a home-grown anti-virus capability. Bardin said he didn't want to discuss (presumed) US or Western capabilities in cyber-espionage. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?