The Strange Death of an Iranian IRGC Cyber Commander

Funeral reception of Mohammad Hussein Tajik

News of the assassination of an Iranian Cyber manager has recently been released. Mohammad Hussein Tajik, the cyber manager of the Iranian Revolutionary Guards Corp (IRGC), was assassinated in his home in July 2016. His torture and death seem strange…read on.

History

Mohammad Hussein Tajik was an accomplished mathematician (having being a Silver medalist at a Mathematical Olympiad, which is a great award in Iran and opens many doors).Tajik’s career up to March 2013 involved:

  • Technical office at MOIS (Iranian Ministry of Intelligence)
  • IRGC Sarollah Headquarters (responsible for the security of Tehran and the surrounding province)
  • Deputy Head of the Kheybar Corps (responsible for stopping religious or civil disorder)
  • IRGC Quds Force (Special operations unit that operates abroad)

Arrest & Detention

In March or April of 2013, Tajik was arrested on charges of spying and he was then taken to the MOIS detention center at Hejrat. A court summons for Tajik was issued on 13th July 2013. After that, Tajik was taken in August or September 2013 to the 209 Wing of Evin prison.

Court summons for Mohammad Hussein Tajik


Interrogation & Torture

According to the Christian website vocir.org, Tajik was tortured and his confession was extracted by means of having boiling water poured on his penis and being held for 6 months in a deep pit (or “grave”) with a bright light shone on him constantly.

The Death of Tajik

After Tajik’s release, it was reported that he was, sometime in early July 2016 (believed to be the 7th of July), talking on the telephone to a “news source” when his father (a MOIS operative), along with another MOIS operative, entered his home and at that point Tajik had told the “news source” that he would call him back in an hour. Tajik never called back because he had been murdered by his own father and other MOIS operative.

It was reported that Mohammad Hussein Tajik’s body was very bloody (indicating a violent death) and that his body was covered in plastic bags before being covered in a burial shroud, to prevent the blood showing. It is stated that MOIS demanded that no autopsy be carried out, obviously to try and cover up the murder.

An unconvincing forgery

As if it were not odd enough that a MOIS operative would kill his own son (MOIS and IRGC do not get on), but killing your own son is extreme, even for MOIS… the official letter (see below) concerning Tajik’s case looks like a forgery or is the work of an intelligence agency? You decide. The document looks odd because we’ve all seen leaked official documentation and this does not look genuine. Why?:

  1. Where is the letterhead in such an “official” document?.
  2. There are multiple spelling mistakes. 
  3. For an official document, the writing style is too informal.
  4. Why can we not see the document reference number or the signature?.


Letter informing the court of witnesses who are linked with the case

References:

  

Iran Cyber Attack Feared Soon

Fears are growing that Iran will release cyber warfare on US companies if negotiators fail to reach a nuclear deal by Monday that would require Iran limits its nuclear program.
Cyber-attacks from Tehran dropped after the US, Iran and other countries agreed an interim nuclear deal in 2013, but if discussions in Vienna failed before a November. 24 deadline, observers expect a new series of attacks.
American financial companies, oil and gas companies and water filtration systems could be among the targeted companies. 
 
The US has not yet faced the full force of Iran’s rapidly developing cyber capabilities. Iran initially increased its cyber efforts in 2010 and launched a barrage of simplistic attacks on the US financial sector in 2012. Detecting such relatively harmless attacks was easy.  
Over the last two years, Iran has formed a Supreme Council of Cyberspace that meets once a month and includes President Hassan Rouhani.
Iranian officials also strengthened cybersecurity research partnerships with Russia and Iran has gone from a nascent to a burgeoning cyber power.
Security company FireEye described that one popular Iranian hacking group went from website defacements in 2010 to “malware-based espionage” in just four years.
It is reported that Iranian hackers attacked oil giant Saudi Aramco, the world’s most valuable company, and deleted the contents of 30,000 computers. The same virus also hit Qatar-based liquid petroleum gas firm RasGas.
While the US is bombarded with cyber attacks, it has never been the subject of a large-scale destructive attack. So far Tehran’s hackers are mostly suspected of probing around US infrastructure networks to understand their designs.
But if the nuclear talks fell apart that could change. And this time an Iranian attack could be more advanced.