Iranian Government Spying in Social Networking Sites

No one can deny that these days millions of Iranians rely on Facebook. The high number of Facebook users in Iran, which is estimated to be anywhere between four million and five million people, makes this a social phenomena. Young Iranians are denied the most basic freedoms even in their private lives and without social liberties,what these users reflect on their Facebook pages is in effect how they would like to live.
Iranians use social networking sites among other things for political discussion, more open posting and publication of works of art and literature, the announcement of events that cannot be publicized on domestic newspapers and to find kindred spirits or like-minded people. But is it possible for Iranians appear in any arena without Islamic Republic officials cracking down on them?
In June 2014 three Ahvazi citizens were sentenced to three years in jail for creating certain Facebook pages, membership on Facebook carried a one-year sentence. Some people are arrested for crimes against morality and public decency on Facebook. In July 2014, a Revolutionary Court sentenced eight people to 127 years imprisonment in total for being active Facebook users. In another instance the Malayer Security chief announced the sentencing of 22 Facebook users, and this is a another long story.
Ali MirAhmadi, the deputy head of Iran Cyber Police has said: “The main objective of Iran’s Cyber Police is to promote cyber security through continuous observation and monitoring of cyber space. I advise all users to comply with the laws and regulations and avoid any form of offence within cyber space because the police have complete knowledge of it.”
In most cases as soon as someone is arrested for using Facebook, the Cyber Police regards him as either a spy, prostitute, enemy abettor or guilty of crimes against morals and public decency. The offences are considered to be proven in advance.
A lawyer says that judges often have no expertise in cyber technology and adds: “Judges have no expertise in computer technology and so everything goes back to the reports from the ministry of intelligence or the Cyber Police. The judge accepts these reports as expert opinions. Therefore, it is impossible to prove otherwise.”
An IT expert says the problem is that when an Iranian enters the World Wide Web, he must follow the model of use that suits his circumstances in Iran. “In our country, the internet and social networking sites are a venue for political activity. The government views this political activity as propaganda against the regime. Therefore, cyber space is under close scrutiny by the government.” The IT specialist goes on to conclude that for this reason, internet users in Iran must maintain different security criteria for themselves when they use the internet as opposed to people outside of Iran.

Serious Flaw: POODLE SSL 3.0

A bug has been found in the Secure Sockets Layer (SSL) 3.0 cryptography protocol (SSLv3) which could be exploited to intercept data that is supposed to be encrypted between computers and servers. Three Google security researchers discovered the flaw and detailed how it could be exploited through what they called a Padding Oracle On Downgraded Legacy Encryption (POODLE) attack (CVE-2014-3566). 
It is important to note that this is NOT a flaw in SSL certificates, their private keys or their design but in the old SSLv3 protocol. SSL Certificates are not affected and customers with certificates on servers supporting SSL 3.0 do not need to replace them.
This flaw is highly likely not to be as serious as the Heartbleed bug in OpenSSL, since the attacker needs to have a privileged position in the network to exploit the latest. The usage of Hotspots, public Wi-Fi, makes this attack a real problem. This type of attack is a “Man-in-the-middle” attack. 
  1. Check to see if SSL 3.0 is disabled on your browser (for example in Internet Explorer it is under Internet Options, Advanced Settings).
  2. Make sure “HTTPS” is always on the websites you visit to avoid MITM attacks.
  3. Monitor any notices from the vendors who you use regarding recommendations to update software or passwords.
  4. Avoid potential phishing emails from attackers who ask you to update your password. Stick with the official site domain to avoid going to an impersonated website.

Iranian cyber criminals target PayPal users with phishing attack

PayPal users were targets of a phishing attack in late 2014.This attack involved the perpetrators sending out spam emails that directed unsuspecting members of the public to follow a link that would take them through to web pages that looked similar to PayPal pages and when they were there customers personal details were collected.

A known Iranian cyber criminal who was involved in setting up the attack, first registered a number of web domains, one of which is that they used to host phishing sites. The false domains are designed to look like official PayPal money services sites and login screens that will then collect login details, passwords and credit card numbers.
This is a type of credential harvesting attack which is an example of serious cyber crime.

This attack captures account usernames and passwords and then gives them access to the PayPal account. It is best, to hover your mouse over a link or tap and hold it on a mobile device to see its destination. If you do click on such a link then one or more of the following points could happen:

  1. You will be directed to a spoof website that collects your personal data (as in the Iranian credential-harvesting attack above) 
  2. Install spyware on your system (it can monitor your actions using a keylogger to steal passwords and or credit card numbers you type online)
  3. Malware could be installed on your computer that could disable it

How to tell a fake PayPal site:

  • If it does not include the domain then it is not legitimate
  • Only enter password on site which starts with https
  • URLs:
    • If the alleged PayPal domain contains @ sign then it is fake
    • Only domain is legitimate (it could redirect to your country); examples of fake URLs are;; or in the case of Iranian attack