Politically motivated cyberattacks launched by Iranian opposition groups are on the rise. The attacks expose Iran’s vulnerability to hackers, represent a major breach of its security and intelligence apparatuses, and embarrass its government which tries to keep a tight lid on information leakages.
Iran’s online petrol distribution network was hacked last year, paralyzing fuel stations across the country. Other cyberattacks have targeted Iran’s railway networks, and hackers leaked video footage showing how prison guards had tortured and mistreated inmates.
On January 27, Iran’s government was caught off guard when state-controlled television channels broadcasted dissident calls for Supreme Leader Ayatollah Ali Khamenei’s death and showed images of dissident leaders Masoud and Maryam Rajavi. Both are leaders of the exiled opposition group, the Mujahedin Khalq Organization (MKO).
Similar hacking incidents this year involved the streaming of videos into the Tehran and Mashhad bazaars in support of MKO. In the Mashhad bazaar, the videos featured chants calling for Khamenei’s death and curses against Khomeini.
In March, the Iranian disciplinary police force said it had identified individuals who had helped the MKO stream anti-regime propaganda that called for Khamenei’s death through loudspeakers in Shahriar, a semi-rural community on the outskirts of Tehran. According to the police, plans were also underway to stream similar messages across Shahriar.
Tehran blamed dissidents backed by hostile foreign governments for the cyberattacks. But MKO leaders denied hacking for 10 seconds state-run television programs, although they confirmed that MKO supporters inside Iran may have carried out the hacks.
Clearly, Iran’s outdated software and hardware systems are increasingly vulnerable to hacking. But to rub salt into the wound, the US-Israeli cyber security provider Check Point revealed the technical details regarding the hacking of Iranian infrastructure since last year. It said the hacking was done using relatively low quality tools, and suggested that insider help enabled the hacks.
In response to increased opposition propaganda, Iran advanced a bill to monitor and control the internet. A draft bill was in fact first proposed in 2018 but faced domestic opposition which delayed its ratification. Internationally, UN human rights experts issued a statement demanding Iran not to pass the bill, given the fact that there is concern that if passed, the government will launch a mass crackdown on opposition groups and protestors as it did during the nationwide anti-government protests between 2017 and 2019. Moreover, these experts fear that the bill, if implemented, will weaken oversees monitoring of any abuses taking place against opposition groups and protesters.
Iran’s Parliament finally ratified the general framework of the bill recently and labeled it the “Plan to Protect the Virtual Space” But given the national opposition to the bill, it was sent back to the Parliament for a second review. Over a million signatures were collected inside Iran last year to reverse the bill. The ratification was nullified, despite the insistence by parliamentarians to implement the bill to preempt future nationwide protests.
Then on March 4, the internet was disrupted in Tehran and its surrounding areas once again. The government blamed the disruptions on fires and technical problems. Many in Iran saw the problem resulting from the steps to control cyberspace. A new parliamentary draft bill now threatens to limit access to social media in Iran, including platforms with large numbers of users such as WhatsApp and Instagram. The bill will also limit business transactions through apps with foreign financial or banking entities.
Most Iranians complain that substitute apps set up by national companies in Iran are of poor quality and service, and hardly user friendly. Internet speeds are also slow across the country, leading to protests in recent months, with Iranians demanding quicker access. In fact, bandwidths are unbelievably underdeveloped in Iran on purpose to slow down Iranian access to international sources of information.
As fears grow in Iran about a cyberwar with the ever more vocal anti-regime opposition abroad, along with the hacking of vital Iranian infrastructure, Tehran is busy setting up new cyberwarfare units to collect data and intelligence. In 2021, the Quds Force set up a cyberwarfare unit for its ally Hezbollah to spy on Lebanese citizens opposed to the group’s activities.
Microsoft has already released a statement warning governments and private entities of the growing activities carried out by Iranian hackers around the world. But Iran itself is falling victim to a hacking spree by opposition groups that are politically motivated and have insider information of how to hack to the country’s vital assets and infrastructure. This new era of cyber conflicts is likely to continue and grow in potency and adds an important dimension to opposition groups’ toolkit in their fight against the Iranian establishment. Without updating its technology, Iran is likely to face further cyberattacks, which might threaten the survival of the system, particularly if they take out critical infrastructure and paralyze vital state organs.