Iran’s civil war began in June at the ballot box Then it spread to the streets as reformists accused the Islamic republic’s administration of rigging the results.
Soon the civil war was being fought in online social media outlets, with debate over Iran’s future filling tens of thousands of blogs and twitter pages for months.
Finally, the battle came to Iran’s courts, with hundreds of reformist activists dragged before the Islamic republic’s judges and state TV outlets to confess their crimes or face judgment.
But as all these battlegrounds settle down, Iran’s civil war seems to have found a new home: a hacker’s den.
In January, the Iranian Cyber Army, said to be a collection of hackers volunteering their time in defense of their country, came close to causing a diplomatic spat with China when the ‘online soldiers’ successfully brought down Baidu, China’s largest online search engine in retaliation for an online campaign by Chinese activists supportive of Iran’s reformist movement.
The hackers redirected all Baidu traffic to a message reading “This site has been hacked by the Iranian Cyber Army.”
That led to a number of counterattacks by Chinese hackers on the websites of Iranian state institutions.
The group, which does not claim any direct link with the Iranian government, has launched attacks in retaliation for online activity critical of the administration of President Mahmoud Ahmadinejad.
But the Iranian Cyber Army’s war is not only with China, and its ‘soldiers’ have brought down the microblogging site Twitter and a number of popular Iranian opposition websites.
Now Iran’s ‘Green’ opposition movement has launched its own Green Cyber Army, whose hackers are set to go head to head with the Ahmadinejad-supporting cyber activists of the Iranian Cyber Army.
“There is not a lot of information about these two groups,” Hamid Tehrani, Iran editor of Global Voices Online told The Media Line. “We don’t really know where the people who are involved are based. There are rumors that they are not based in Iran but I have no evidence to back that up.”
“The Iranian Cyber Army has attacked Twitter, Iranian opposition sites and China’s main search engine Baidu, in revenge for Chinese attacks,” he said. “They have claimed to have nothing to do with the Iranian government but everything they do is in support of the government. The Green Cyber Army has targeted Iranian Islamic sites and pro-government militia sites, and define themselves as working against the Iranian Cyber Army.” “Basically there are three things going on in this online war,” Tehrani said. “The first trend is the amateur hacking war within Iran. The second trend is crowd sourcing: people taking pictures of reformist activists or members of militias supportive of the government, posting them online and asking people to identify who they are. The third trend is setting up organized hacking armies in which the Iranian virtual war has gone beyond Iran’s border. It is this last trend which is a very new phenomenon.”
Potkin Azarmehr, an Iranian blogger and founder of the Iranian Freedom Institute, said the online battles began well over a year ago.
“Ever since the beginning of this green movement there has been an ongoing war online that is just as important as the war on the streets,” he told The Media Line. “It’s a cat and mouse game – sometimes the government has the upper hand and sometimes the reformists have the upper hand.” “But even before the elections, Iran set up a cyber intelligence unit and started arresting people,” he said. “They knew that social media and cyberspace in general was very important to the Green movement and eventually the Iranian intelligence ministry announced a cyber police.”
Azarmehr argued that it was unlikely the Iranian Cyber Army was a group of citizens.
“Given the kinds of facilities you need to do the kinds of operations they are doing, this has to be supported by the state,” he claimed. “I think it’s very unlikely that these are just autonomous groups without any connection to the government.”
Iran’s 70 million citizens maintain an estimated 700,000 blogs, making Iran the third most active online country after the United States and China.
The Iranian government has taken extensive steps to curb online reformist activity, shutting down access to opposition websites, foreign news sources and detaining bloggers.
Pujan Ziaie, who worked as an IT strategist for the presidential campaign of Mehdi Karroubi, a leading opposition candidate, agreed with Azarmehr.
“It is an online war but I really doubt they have enough knowledge to be able to hack a site like Twitter,” he told The Media Line. “Most of the country’s elite support the opposition so there are not actually that many highly trained hackers that support the government.”
“They just use a lot of servers and attack one server and sometimes succeed in bringing it down,” Ziaie said. “But it’s not on the level of Chinese and American hackers.” “The level of IT knowledge among the Iranian authorities and their supporters is very low,” he said. “The Web sites of most of the Iranian ministries have no information on them and are not active at all. Even the [government] committee responsible for IT strategies in Iran was easily hacked for two weeks a year ago.” Internet security analysts say political cyber warfare is rare.
“Sometimes there are consolidated groups of hackers that try to show some muscle and impress with their abilities,” Bulent Teksoz, a Middle East security expert at Symantec, an international market leader in online security software and services, told The Media Line. “They will go to web pages and deface them or put their own logo on them, something like this.”
“At Symantec we focus on the statistics and the methods of the attacks, not the motives, but you don’t really see this kind of hacking activity much anymore,” he said. “The old days of hacking – five or six years ago – was just about fame and showing the world how smart you are. But today the vast amount of cyber crime and hacking activity is related to financial gain.”
“We look at hacking groups like any other company,” Teksoz said. “This underground warfare has emerged into a proper global economy, and the Middle East is getting into the international hacking business more and more. With broadband it doesn’t matter if you’re in the Middle East, the North Pole or the desert somewhere.”
Symantec’s Internet Security Threat Report 2009 found that countries
which introduced broadband Internet experience a dramatic increase in
online threat activity.
“Most recently this was noted in Egypt,
which in 2008 experienced the most malicious activity per broadband
user in the whole of Europe, the Middle East and Africa,” Peter Rae,
Symantec’s Senior Communications Manager for Emerging Markets told The
Media Line. “This shows that consumers and service providers lag in
ensuring their networks are secure before taking advantage of
newly-available broadband.”- The Media Line