By Farvartish Rezvaniyeh,
During the past few months, the activities of Iran's Cyber Army have been noted
by the Iranian and even the international media. The theory that these hacker
groups are connected to the Iranian government was strengthened when, after
several sites were hacked, they issued warnings to the Green Movement. The scope
of the measures taken by the Cyber Army discredits the theory that a group of
Ahmandinejad's admirers spontaneously carried out such acts. These messages and
the nature of the sites chosen for attack indicate that there are hidden hands
which support the Cyber Army.
A review of the political messages published by this group in recent months and
the official statements of a government administrator of Iran's aviation
industry in defense of the Cyber Army provide a reason for a closer examination
of Iran's Cyber Army, research about which had heretofore claimed was composed
of Russian hackers whose base was outside of Iran. But what is the Iranian Cyber
Army and where is it based? Before considering these details, a few
preliminaries are necessary.
Attack on Twitter
On the morning of Friday, 28 Azar 1388 [December 19, 2009], connections with the
website Twitter was cut in some parts of the world and those who tried to access
it were transferred to a message in English which read:
U.S.A. Think They Controlling and Managing Internet By Their Access, But They
Don't, We Control And Manage Internet By Our Power, So Do Not Try To Stimulation
Iranian Peoples To....
NOW WHICH COUNTRY IN EMBARGO LIST? IRAN? USA?
WE PUSH THEM IN EMBARGO LIST
Attack on Baidu
On the morning of Tuesday, 22 Dey 1388 [January 12, 2010], the website Baidu,
the largest Chinese search engine, was hacked. In a message on it, it was
written: "The Iranian Cyber army has been launched in protest against
intervention by foreign and Zionist sites in our country's domestic affairs and
the spreading of lying and divisive news."
These measures concluded in a cyber war between Iran and China and groups of
Chinese hackers, called the Honker Union for China, hacked official internet
bases of the Iranian government, including the president's official website and
that of the Leader.
Attack on Radio Zamaneh
On 10 Bahman 1388 [January 30, 2010], The Iranian Cyber Army hacked the website
of Radio Zamaneh, changing its front page to a picture of the Islamic Republic
of Iran's flag and the slogans "Ya Hosein (aleihum salam)" and "Persian Gulf",
under which it was written,
If the Leader commands, we attack
If he asks, we sacrifice ourselves
If he wants us to be patient and steadfast
We will sit down and take it in stride.
On 23 Bahman 1388 [February 12, 2010], those who tried to access the site of
Jaras News, which publishes news of the Green Movement, were faced with this
message from the Iranian Cyber Army on its front page:
Out of respect for the referendum which was held on 22 Bahman [February 11,
2010] and the people who voted and out of respect for the great nation and
country named Iran ... do not be a tool of those who live safe and sound in
America and are using you as a tool.
A Prank on the Iranian Cyber Army
On 16 Bahman 1388 [February 5, 2010], the website
Khodnevis, which is
administered by Nikahang Kosar, wrote in the satirical column "False News":
In an amazing and unprecedented step, the Iranian Cyber Army hacked the Mehrabad
Airport portal so that those who try to access this site, namely airport
workers, are directed to the Raja Rail Company when they type in its URL. It is
said that the attack occurred in the early hours of the night and continued into
Saturday, facing the airport with a serious crisis. The sudden occurrence of
dozens of air accidents in the skies over Tehran as a result of the tower's air
traffic control communications systems' failure was considered the most
important danger which followed this attack, threatening the capital of Iran.
Although experts believe that this attack was done by mistake and the technical
difficulties were fixed an hour later, the Iranian Cyber Army, after hacking the
Mehrabad portal, placed a flag of the Islamic Republic of Iran with a blue color
[instead of the green color, which is the at the top of the tricolored flag],
along with a message reading, "The Iranian Cyber Army warns all mercenaries who
would sell-out their country that they will not be safe even in the skies."
This satire, which was based on an altered version of part of the real message
of the Iranian Cyber Army when it hacked Radio Zamaneh, was quickly reflected on
Iranian news sites. A few hours later, the rumor spread of a mistaken attack by
the Iranian Cyber Army on a government website became a means of ridiculing this
group. Although a few hours later, these sites wiped this news from the various
sites on which it had appeared, the rumor continued to spread, to the point that
some large companies immediately signed multi-year contracts with internet
security groups to strengthen the firewalls of their websites.
The Reaction of a Government Administrator
On 18 Bahman 1388 [February 7, 2010], only two days after this rumor spread,
Morteza Dehqan, the acting manager of Tehran's Mehrabad Airport, in the process
of denying the attack on this airport's site in the course of a discussion with
a group of journalists, called it news blackmail, saying
When foreign agents failed to achieve their filthy ends after the elections,
they tried to concoct a conspiracy based on an attack on Tehran's international
airport in order to disrupt the country's security atmosphere, while no such
attack occurred on the airport's website's portal and this news is a pure lie
from start to finish. It is clear that the counter-revolutionary media has
discovered the Iranian Cyber Army's power and, out of fear of its power, wishes
to launch accusations through which it can divert public opinion.
Nikahang Kawsar, who had already stated on his site Khodnevis that this news was
a rumor, now, after the publication of the interview with the acting
administrator of Mehrabad Airport, wrote in part of his report about this event,
" ... When Mehrabad Airport's acting administrator denied the report about the
attack on that airport's website, he defended the Cyber Army's record, and we
realized that our fake news had done its job. An official officer of the Islamic
Republic defended the Cyber Army in such a way that it seems that this group is
led by the [Islamic Republican] system."
On Iranian Hacker Groups
During the past eight years, many groups of hackers were formed in Iran of which
the most famous are Ashianeh, Shabgard, and Simorgh. These groups freely
attacked various websites by taking advantage of the lack of implementing the
laws of punishment current in Iran, in order to win fame as well as out of
rivalry with other groups.
Following the rise in reports about unpermitted infiltrations into Iranian
government websites and the spread of news in this regard, intelligence agencies
became interested in the power of hacking tools and began their widespread
efforts to control and guide such attacks.
Security and intelligence organizations, inviting infiltration groups'
cooperation, got them to identify and counteract opponents in the internet and
form intelligence groups to control the flow of their information. Some time
later, these people also taught hacking techniques to military technicians.
The Formation of the Iranian Cyber Army
The group Ashiyaneh was one of the first to join the circle of government
infiltrators and set about wrecking the sites of the Islamic Republic's
opponents with the cooperation of the best hackers. Reports of this group's
activities were published in government media, such as Voice and Vision, Keyhan,
and IRNA and were noticed very soon.
Teaching the Military to Hack
Alongside the hacker group activities, supposedly private companies were
organized as well whose primary duty was to recruit infiltrating forces,
instruct military forces in cyber attacks, and prepare the necessary resources
for such attacks. These companies were charged with training infiltrators and
carrying out hacking projects for the Iranian Cyber Army. In the meantime, these
companies would import technology needed by Iran's security forces from Dubai.
Among the managers of these companies is the son of one of the senior security
officers who, utilizing his father's connections, has been busy for years
working with the military and security forces. After the formation of a company
through the military budget, he has been busy recruiting expert Iranian
infiltrators and, having formed a professional and firm group, has begun to
accept cyber control projects in Iran and infiltrators for the government.
How Group Members Are Chosen
The plan for the formation of an Iranian Cyber Army was raised in 1384  in
the Revolutionary Guards, but with the increase in propaganda against the ninth
government, its execution was sped up. A while later, a very broad group was
formed, the number of whose members reached more greater than a few. The Cyber
Army's unit for recruiting human resources works as follows: After recognizing a
professional hacker, it contacts him and threatens him that if he does not
cooperate, he will be sent off to prison.
Relationships and information of individuals are so controlled that even most of
the group members are not yet aware of their collaboration with the Cyber Army.
Considering the use of geniuses, the scientific level of the Cyber Army is very
high, and considering the high record of activities of the infiltrators in Iran
the power of this army in achieving its goal is comparable to similar groups
which operate in the American and Israeli intelligence agencies. It is worth
saying that the Center for Struggle with Organized Cyber Crime (the Sepah's
cyber troops) is composed of the same people.
In Ordibehesht 1388 [May 2009], Fars news service reported that the foundation
Defense Tech, which is an American military and security agency, called Iran one
of the five countries with the most powerful cyber forces, based on figures
received from the CIA. This foundation declared that the Iranian Cyber Army's
budget is 76 million dollars, emphasizing that it is monitored by a group from
the Revolutionary Guard's cyber supervision team.
A Short Time to Execute Instructions
Iran's Cyber Army has so far not been able to breach the servers of the websites
it is after, but has contented itself with simply stealing their domains. This
method indicates the temporal limitations of the group for executing its
infiltration operations. In the past few months, they have carried out orders
transmitted by their chief using methods which require less time. In their
attack on Twitter, they hacked the computer of one of the members of this
company with a Trojan horse and were able, by utilizing his email, to reset the
domain of his control panel. This was similar to the attack of 1383 tried by one
of the Iranian hacker groups on one of the NASA websites. In attacking Jaras and
other websites, the Cyber Army uses the technique of DNS Cache Spoofing which
changed the domain.
... Payvand News - 02/22/10 ... --