Desperate Iranian Ideas For Social Media Control

Mohammad-Ali Movahedi Kermani: not liking the Internet

In the latest desperate attempt to subvert the freedom of Iranian expression, the regime wants to enforce permits for foreign social network applications, such as Telegram and Instagram, with membership of 5000 or more users. The desire for such control also extends to other domestic platforms including Salam Up, Soroush, BisPhone, Cloob and Syna, along with advertising, news and entertainment channels on social media networks.

The cleric Mohammad-Ali Movahedi Kermani thinks that the Internet is a threat to Islam, because the Internet is full of rampant “tele-sex” and in his eyes is ultimately “immoral”. So concerned is Movahedi Kermani, that he puts the importance of subverting such “evil” as being above electoral issues or other pressing concerns, such as use of the Hijab.

 
Mahmoud Vaezi: deluded

Telecommunications Minister Mahmoud Vaezi thinks that channels with 5000 or more members should require permits so that the poor naive Iranian population can be assured such channels will not be fooling them with false information. Vaezi has been involved in Iran’s “filternet”, after Ahmadinejad‘s attempts in 2007 to “control” the Internet, and now the replacement “national-Internet” or Shoma, is vainly trying to do the same thing. Badly.


The Deputy Culture Minister for Communications Technology and Digital Media, Ali-Akbar Shirkavand, also wants a website that will soon be launched for administrators of such “channels” to register and continue their activities after authentication. The fear is, such controls by the regime could affect the opinions of journalists, artists and celebrities.

 
Cyber Police (FATA): Losing the plot
 

FATA chief, Brigadier General Kamal Hadianfar said that Telegram is the main platform for cybercrimes among mobile social networks. “The platform for 66% of the crimes is Telegram, while Instagram accounts for 20% and less than 2% is observed on WhatsApp,”  he said, without clarifying what “cybercrimes” were being committed via such applications… perhaps they include (according to Shirkavand anyway) copyright infringement and the sale of “immoral” goods on such channels. 

 
Kamal Hadianfar: battling the “evils” of social networks
A reality check: discord and feasibility
 
The regime’s desire to crack-down on Internet freedoms is at odds with an overtly more liberal stance on such technology by Hassan Rouhani; Rouhani calls for more freedom of expression, but everyone else wants to suppress it #awkward. For example, Attorney General Hojjatoleslam Mohammad-Jafar Montazeri wants to shut down what he calls “anti-religion” networks and said of them: “Down with the freedom that is destroying everything…this is absolute enslavement”.
 
There is also the minor issue (conveniently overlooked by the regime) of Iran’s inability to see the encrypted communications of platforms such as Telegram, and vain requests to get access to servers that must be placed in Iran are naive, at best. Also, what are the sentences to be expected by such “cybercriminals” who would dare to use such platforms? The whole thing is a joke and everyone knows it (even the regime).
  

Iran’s “National Internet” Project: Doomed to Fail.

The National Internet aka Intranet

Iran has rolled out the start of the “National Internet” Project for all Iranian citizens to “enjoy”. According to Tasnim news agency, the national internet operates independently of all others networks (in other words, the Internet we all know and love)and is designed to operate domestically.

The national internet was started in 2005(delayed by increased costs and delays)and the final two phases are due to be completed by 2017. The second phase will add cutting-edge content such as videos. Expect that in February 2017. The third and final phase will include among other things, services for Iranian business with international services. Err…

Filternet: it’s all over

The previous attempt by the Iranian regime known as the “filternet” or the “smart web” (designed to limit access to the evil parts of the existing internet), has failed miserably because it is easy for Iranians to use proxy servers or VPN connections to get around the “filters” put in place by the regime.  

Mahmoud Vaezi: filternet was all his fault


Iran‘s Communications and Information Technology minister Mahmoud Vaezi was behind the smart web filtering project, but he now says that the “filternet” is inefficient. So, he’s really saying it has not worked. And it’s all his fault. You can see here that Vaezi thought “filternet” was a great success, while hypocritically using foreign companies to help set it up. Confused? No doubt Vaezi will have to wipe the egg off his face when not only the “filternet” but also the national internet, fails to stop Iranians from accessing sites on the WWW.

Iran seems fine with the hypocrisy that use of a Californian company’s SmartFilter was used in the development of “filternet”…

Why bother?

To replace “filternet”, the national internet is deliberately meant to create an isolated domestic intranet for Islamic content and also attempt to improve cyber security (by not exposing Iranians to the evil Western Internet).

Well, Iran’s president Hassan Rouhani thinks it will magically strengthen the independence of the country. At a meeting of the Supreme Council of Cyberspace, according to the Iranian Republic News Agency (IRNA), Rouhani said that Iranian independence is increased by “not relying on external information networks for internal communications in today’s world”.

Hassan Rouhani: backing the National Internet

Rouhani vainly tries to convince Iranians (no one is falling for it), that they will play a more active role in furthering Iran’s role in the world if Iranians get access to a, “national, trustworthy, stable, high-quality and secure network” (cyber security in Iran is a bit of a hot topic in a post-Stuxnet world).

What this really means is that Iranians are meant to only be able to access content that is delivered from within Iran, with all servers being based in Iran.

Don’t panic

Like the failure of the existing “filternet”, the “National Internet” will NOT be able to control Iranian access to the wider, “unclean” Internet. Why not? Well, if filters can be easily bypassed, so can this. If Iran cannot control use of Telegram for example (Telegram has no servers in Iran), does she really think control can be made otherwise? 

Less computer-literate people may not normally be able to access sites such as Facebook, Twitter, Flickr, YouTube, etc. but such sites can still be accessible using means such as described above.

  

Iranian Cyber Police Arrest Three Telegram Channel Administrators

The Iranian Students News Agency (ISNA) reported on August 9 that the Cyber Police of Iran (FATA) have arrested some Telegram administrators.

According to FATA’s legal and international deputy, Hossein Ramazani, “Recently, the cyber police were informed of four Telegram channels that published insulting materials against religious topics. After liaison with Judiciary officials, measures were taken immediately to identify and arrest these people”.

On August 9, Ramazani continued, “The cyber police detectives found out that the administrators of these channels were in Iran. The four channels were immediately blocked, and the main administrator of the channels and one of his aides were arrested yesterday”.

Colonel Hossein Ramazani stated that three people were responsible for updating the Telegram channels and that the arrested administrators were from a city in Northern Iran.

FATA say that the administrators had published “blasphemous” pictures and materials against religious sacred things and leaders by using Photoshop or other editing softwares.

Cyber Police corruption

While it is possible that such blasphemy was committed, it is equally (and perhaps more so) likely that FATA had been monitoring accounts it previous gained access to (see my previous article here)and perhaps planted such blasphemy themselves to then use as evidence in the arrests? It would not be beyond them as they try in vain to control the youth of Iran. 

It is thankful that Telegram do not host their servers in Iran and my fellow Iranians can still use Telegram, much to FATA’s frustration. It is best to enable 2FA (Two factor authentication) for Telegram, and to have private, not public channels where possible which will help defeat FATA. Also, do not always trust who you are speaking with in channels: they may well be FATA…

  

Iran’s “Rocket Kitten” Group Claim Compromise of Iranian Telegram Accounts

Following on from my article here about the Iranian Cyber Police asking Iranians to stop using Telegram, it appears that the Iranian hacking group known as Rocket Kitten is behind a compromise of 15 million Telegram accounts used by Iranians.
 
Telegram is a very popular messaging app in Iran and almost 25% of the Iranian population are using the app every day.

Iranian authorities have previously demanded that Telegram provide them with “spying and censorship tools”. Telegram ignored the request and was blocked in Iran for around two hours on October 20 2015. Telegram does not have any servers in Iran, making the Iranian regime’s job harder to try and censor Telegram. This compares to the regime “banning” Twitter and Facebook, even though Iranians can use Tor or anonymous VPNs to get around the Iranian Internet filters…

Rocket Kitten

Rocket Kitten refers to a cyber threat group that has been attacking various organizations, such as members of the Saudi royal family, Israeli nuclear scientists, NATO officials and Iranian dissidents.
Rocket Kitten has launched two known campaigns: a malware campaign that uses the GHOLE malware, and a targeted attack called “Operation Woolen-GoldFish” which is probably run by the Iranian regime. Rocket Kitten’s attacks were similar to ones attributed to the Iran’s Revolutionary Guards Corp (IRGC). You can read more about Rocket Kitten here


Telegram attack

Rocket Kitten managed to obtain public information and phone numbers from 15 million Iranian users of the Telegram messaging app, as well as the associated Telegram user IDs. They compromised over 12 Telegram accounts and jeopardized the communications of people including activists and journalists in sensitive positions within Iran.

Telegram responded by saying, “Certain people checked whether some Iranian numbers were registered on Telegram and were able to confirm this for 15 million accounts. As a result, only publicly available data was collected and the accounts themselves were not accessed.”

Importantly, Telegram have since changed their API so that similar mass checks on accounts should no longer be possible: Telegram 1, Iranian Regime 0!

The Telegram vulnerability involved sending authorization codes via SMS text messages to activate new devices and these could be intercepted by the phone company. So, this means a Man In The Middle (MITM) attack capability by a country that has access to telecommunications networks. This further implicates Rocket Kitten as being part of the Iranian regime.


A word from the Iranian Cyber Police

The Cyber Police of Iran (FATA) have transparently tried to un-link the association between Rocket Kitten and the Iranian government by blaming Telegram’s “weakness”. No one believes them…


The legal and international deputy of the Cyber Police, Colonel Hossein Ramazani, said that the hackers did not get access to personal details of victims and that, “What is clear to us is the vulnerability and weakness which always existed in the service because of its text message confirmation system, through which [hackers] have gained access to the users’ phone numbers. Then contents of people’s chats and personal details, however, have not been compromised” Well, he obviously is not going to admit the regime did it, is he?

Use 2FA!

Telegram supports the use of Two-Factor Authentication (2FA), but is not enabled by default. That means users of Telegram should setup 2FA if they have not already done so, to prevent interception of SMS-verification codes via cellular networks (even if Telegram claim the mass lookup interception loophole is fixed). Perhaps Telegram should start enabling 2FA by default!

  

Iran’s Cyber Police futile request for Iranians to stop using Telegram


The leader of Iran’s Cyber Police (FATA) , Brigadier-General Kamal Hadianfar has asked Iranian citizens to stop using the secure messaging application Telegram immediately!

Hadianfar says Iranians should stop using Telegram due to “security” reasons; what he really means is that FATA cannot control Telegram because servers are not hosted in Iran! Hadianfar said that, “People expressed concern over the usage presence of Telegram messaging app“. Presumably he means that FATA and the wider Iranian regime are more concerned! As an Iranian ex-patriate or as a citizen still living in Iran, I doubt I would find any Iranian citizen who would agree with Hadianfar.

Citizens may be perhaps more concerned that Telegram was written and is supported by the Russian Durov brothers and one may say (if paranoid) that perhaps the Russian state could be behind Telegram? Russia is *allegedly* helping Iranian cyber efforts anyway, so perhaps this is a disinformation campaign by FATA to actually encourage Iranians to keep using Telegram?! Perhaps I am giving too much credence to FATA; in reality they cannot control Iranians from using Telegram any more that Iran’s filternet stopped Iranians from accessing certain content on the Internet.

Brigadier-General Kamal Hadianfar looking concerned


The Brigadier-General, the man with the finger on the pulse of all things Iranian cyber in nature, went on to say that, “Foreigners take advantage of the information uploaded on this server. In fact, the main Telegram admin does not have a serious determination to confront social, cultural and moral crimes”.

Perhaps this says it all: FATA are having real problems trying to control the digital youth of Iran.


  

Iranian Hackers Find Security Bug in Telegram

The Iranian Young Journalists Club (YJC) report that the popular messaging application Telegram has a security hole which has been exposed by Iranian white-hat hackers (ethical hackers). The vulnerability could cause smartphones to crash.

Telegram’s security claims challenge anyone to try and undermine its security. Two Iranian hackers have discovered a security hole in Telegram, in which it is possible to send files much larger that the existing permitted limit (set at 4,096 bytes).

The Iranian hackers uploaded a video to prove their exploit. In the video, they say that there are two responses from a recipient’s phone when Telegram messages larger than 4,096 bytes are sent. Firstly, the recipient’s internet bandwidth is accordingly reduced in relation to the size of the message until it finishes and secondly, the receiving device runs out of memory and then the application crashes the smartphone.

The hackers stated that the sender does not need to be in your contacts so you may never know the true attacker if they are using an additional SIM card, for example.

Telegram is very popular with over 25 million users in Iran and its popularity is mainly due to many rival applications being subject to Iran’s filtering restrictions.
Also, Iranians like Telegram because of the ability to create private or public “channels” and broadcast ideas through those.

However, can you really trust the encryption that Telegram uses, compared to applications like WhatsApp which use Signal standard end-to-end encryption? This article shows that maybe Iranians should think twice about using Telegram…

  

Ashiyane Security Team: agent of the Iranian regime

Ashiyane Security Group (officially Ashiyane Information and Communication Technology Company) is one of the oldest cyber security group in Iran (since around 2002).
Ashiyane started with the aim of teaching users and network administrators as well as improving the security level of the computer networks.
During the mass protest against the presidential election in 2009, Iran tried to control the protests in cyber space and since then Ashiyane Security Team trying to do so via hacking and identifying cyber activists which implied that Ashiyane cooperated with the Iranian Revolutionary Guards Corps (IRGC) and other security units leading many to believe that the “Iranian Cyber Army” group is actually also the Ashiyane group.

Before 2009 protests, Ashiyane was involved in activity for the state e.g. in response to the publication of cartoons depicting the Prophet Muhammad in Danish newspapers, over 1000 American, British and French websites were hacked by Ashiyane. News of Ashiyane activities was highly published by some news agencies such as Fars, IRNA and the newspapers such as Iran, Javan and Keyhan and was named as “Iran’s victories in cyber space”.

After changing the home page of this website, Ashiyane mostly displays a political message on the main page so that Behrouz Kamalian (team founder) said in an interview with Fars News Agency about this activity: “In response to the inhumane actions of the terrorism sponsors, headed by US and Britain, the new way of confronting is raised.”

Kamalian has also been quoted deflecting rumors about Ashiyane cooperating with the Islamic Republic Security System, “Ashiyane has also officially worked to improve the security of web sites and intranets and has served many governmental organizations, military and private companies. Unfortunately it has been announced that Ashiyane Group is affiliated to the government by many of the opposition websites with Iran’s government. I have said in my other interviews that our team is an independent group and is not affiliated with any other military or governmental organizations. We act spontaneously based on our bias and when we see a country insults our religion or our nationality, so we display our objection through penetrating into their sites and it does not mean that we have been ordered to do so. If Ashiyane was an affiliated group, it wouldn’t be able to easily interview with the media, and this freedom is a sign of our independency.”

Kamalian contradicted himself by also saying: “We get orders to hack different sites both from legal persons and individuals, but this is not part of our ordinary project and we reject many of these orders. We have never accepted to hack an internal websites to gain money. But there are websites that had insulted Quran and our religion. In these occasions we would also like to penetrate into these sites.”

Kamalian has also announced about the corporation of Ashiyane with Department of IRGC Cyber Defense: “We corporate with military organizations in the field of counselling and improving the security, but it is never in the way that we get order to work on their behalf.”

He created Alborz Hackers Group which was among the first groups of Iranian hackers in 2001 and met Mahdi Mirzaei there; this meeting caused the creation of a new group called Ashiyane Group in 2002.

This team started its activity by hacking the university’s websites in the country such as University of Science and Industry (Elm & Sanaat) and Amir Kabir University.

Hacking the Iranian sites would quickly lead the Ashiyane Group to get fame among those interested in Informatics Science and many security companies (in network and internet field) invited them to cooperate.

Increasing economic activities of the group tend Kamalian to decide about registration the Ashiyane Group as an official and legal company and after the registration, in addition to providing network and servers’ security, consulting services and selling security softwares, also hold hacking, cracking and network and server and also security training.

The project of hacking a Persian website called “Balatarin” was one of the Ashiyane’s activities that raised the most negative reactions; Ashiyane declared the project with the cooperation of Virtual Jihad Group affiliated with Basij of Students, but after the negative reactions toward it Bahman Kamalian denied any involvement in the hacking.

Members


Except the name and the photo of the director of the group there isn’t complete information neither about identity and reality of Ashiyane Group nor about other certain photo of its members, although research has revealed the names & handles below:
 

  • Behrouz Kamalian (Director, handle: Behrouz_ice)
  • Nima Salehi (member/manager, handle: Q7X)
  • Mahdi Chinichi (member/manager, handle: Virangar)
  • Omid Norouzi (member/manager, handle: Sha2ow)
  • Farshid Sargheini (member/manager, handle: Azazel)
  • Hamid Norouzi (member/manager, handle: eychenz)
  • Iman Honarvar (member, handle: iman_taktaz)
  • Keyvan Sedaghati (member, handle: keivan)
  • Ali Seid Nejad (member, handle: Ali_Eagle)
  • Milad Bokharaei (member, handle: ®Maste)
  • Mohammad Tajik (member, handle: taghva)
  • Meghdad Mohammadi (member, handle: M3QD4D)
  • Erfan Zadpoor (member, handle: PrinceofHacking)
  • Mohammad Reza Dolati (member, handle: HIDDEN-HUNTER)
  • Kaveh Jasri (member, handle: root3r)
  • Navid Naghdi (member, handle: elvator)
  • Mohammad Hadi Nasiri (member, handle: unique2world) 
  • Amin Javid (member, handle: Gladiator)
  • Vahid Maani (member, handle: WAHID 2)
  • Sina Ahmadi Neshat (member, handle: Encoder)
  • Milad Mazaheri (member, handle: mmilad200)
  • Armin (member, handle: n3me3iz)
  • Mohammad Mohammadi (member, handle: Classic)
  • Mahdi K. (member, handle: r3d.z0nE)
  • Mohammad Reza (member, handle: iNJECTOR)
  • Mohammad Reza Ali Babaei (member, handle: mzhacker)
  • Ramin Baz Ghandi (member, handle: fr0nk)
  • Ashkan Hosseini (member, handle: Http://Askn)
  • Ali Hayati (member, handle: Zend)
  • Milad Jafari (member, handle: Milad-Bushehr)
  • Mehrab Akherati (member, handle: AliAkh)
  • Amir Hossein Tahmasebi (member, handle: __amir__)
  • Amin Bandali (member, handle: anti206)
  • Shahin Salak Tootonchi (member, handle: ruiner_blackhat)
  • Poorya Mohammadrezaei (member, handle: Hijacker)

Mission


Apart from the security and anti-security activities of Ashiyane, it has established its hosting company, believing about the provided services: “Communication and Information Company of Ashiyane has decided to enter the hosting field due to analyzing the present situation of web hosting in Iran and realizing the lack of security and knowledgeable people in this field; in order to gratify the shortage, Ashiyane Host Company is ready to present high quality and security services. 

Considering the strength of the Ashiyane’s security team in hacking and security, being aware of up-to-date methods of penetrating, having access to illegal hacker communities,as well as utilizing these methods, Ashiyane applies its knowledge in security and configuration of the servers so that the company is able to close the penetration ways one step ahead of others and bring satisfaction to the customers.

Despite the remarkable statement of Ashiyane about its ability, while earlier it was also claimed that Ashiyane had discovered the security hole in the Telegram software messenger and the news quickly found a wide reflection in the media close to the Islamic Republic, the website of Ashiyane Security Group was hacked on July 1, 2014 and there was a black page appeared written in English: “This site has been hacked by Iranian Black Hat hackers group:” when the site was visited.