by Staff writer, SF
After an extensive investigation, Paris-based National Council of Resistance of Iran, a leading Iranian exile dissident group released a report on Thursday saying that
Iran’s intelligence services have “significantly accelerated” spying on their own citizens in the wake of anti-regime protests that rocked the nation.
According to the group’s sources inside the government, the country’s Islamic Revolutionary Guard Corps and Ministry of Intelligence and Security are engaging in “mass surveillance” of protesters and dissidents using state-produced mobile phone apps.
The U.S. intelligence released its annual “Worldwide Threat Assessment” of increased cyberthreats emanating from Iran. Director of National Intelligence Dan Coats delivered this global survey to Congress on Tuesday, and it revealed that Iran, along with Russia, China and North Korea, will “pose the greatest cyber threats to the United States during the next year.”
“We assess that Iran will continue working to penetrate U.S. and allied networks for espionage and to position itself for potential future cyber attacks,” he said. The primary focus of Tehran’s cyber attacks, the report said, will not be the U.S. but regional adversaries such as Saudi Arabia and Israel.
Days later, the NCRI said the Islamic Revolutionary Guard Corps had deployed social media spyware. While not immediately verifiable, it is believed that this spyware is so successful that millions of users outside Iran might also be at risk.
An internal network of sources tied to the People’s Mujahedeen Organization of Iran or MEK, who is the principal member of the NCRI and is credited with exposing secret Iranian nuclear facilities in the early 2000s, has uncovered the regime’s use of “mass surveillance through malicious codes embedded in IRGC mobile apps to actively disrupt the communication of protesters and dissidents.” Further, the report said, “IRGC front companies are developing spyware-enabled apps for cyber-surveillance and repression.”
It is believed that the apps have penetrated platforms promoted by Google and Apple and are tied to Telegram, which is heavily used in Iran. “Ironically, some of these spyware-enabled apps are available on Google Play, Apple Store, and GitHub, potentially exposing millions of users worldwide to the IRGC’s spyware and surveillance activities,” the report said.
The deputy director of the NCRI’s Washington office, Alireza Jafarzadeh, said, “The IRGC has weaponized Western cyber technology to target its own people. The organization that’s developing these apps is also responsible for the regime’s cyber warfare against the United States.” He added, “What the regime is doing is testing the success of these apps on the people of Iran first. If not confronted, the next victims will be the people of other nations, and that’s why it’s so important to react and do something.”
Telegram CEO Pavel Durov has warned about the security weaknesses of Mobogram, a Persian-language “fork” that contains security “back doors” that can be easily hacked. Durov said on Twitter that the app is “an outdated and potentially insecure fork of Telegram from Iran” and told his followers, “I don’t advise to use it.”
Mr. Jafarzadeh ays these warnings are not enough and Telegram should “deny licenses to those developers who are IRGC people.” He continued, “The ordinary person in Iran doesn’t know any of these things. They don’t have the tools and can easily fall into this trap.” The NCRI deputy director would like the U.S. government to put more pressure on American companies like Google and Apple to discontinue allowing apps tied to the IRGC on their platforms.
An estimated 48 million of Iran’s 80 million citizens own smartphones. The report said that during the wave of anti-regime demonstrations in cities across the country late last year and in early January, “mobile devices and social messaging platforms played a significant role in helping the protesters to organize, exchange information between different locales, and get their message out to the rest of the world.” Further, “The protesters’ use of cyber technology proved to be the regime’s Achilles’ heel since it could not, despite a huge show of force, stop the expansion of protests,” the report said.
IRGC-led domestic cyber warfare is a violation of Article 19 of the United Nations-backed Universal Declaration of Human Rights, argues the NCRI. The dissident group also said that Iranian universities have become “a recruiting ground for IRGC cyber warfare personnel,” with recruits hired through front companies that “often engage in ‘research’ activities with a few of the IRGC’s ‘handpicked professors.’” Thursday’s report added that “many of these recruits leave once they discover the companies’ links to the IRGC.”