How Anonymous and other hacking groups are helping protests in Iran

One netizen, claiming to be affiliated with Anonymous, said the Iranian Council had been hacked.

Jacob Borzeki | Nurphoto via Getty Images

Anonymous and other global hacking groups are engaged in a multi-pronged cyber attack on Iran, and join the fight with protesters on the ground in resisting the country’s strict hijab laws.

Thousands of amateur hackers have organized online to organize cyber attacks on Iranian officials and institutions, as well as share tips on how to bypass restrictions on internet access using privacy-enhancing tools.

Internet access in Iran has been very limited in recent weeks after the protests arouse About the death of Mahsa Amini, a 22-year-old Iranian-Kurdish woman.

Amini died in a hospital in Tehran under suspicious circumstances on September 16 after being detained by Iran’s so-called “morality police” for allegedly violating the country’s strict Islamic dress code by wearing her headscarf too loosely.

Witnesses say that Amini was beaten by the police. The Iranian authorities denied any wrongdoing and claimed that Amini died of a heart attack.

The Iranian Foreign Ministry did not respond to CNBC’s request for comment. On Monday, Iran’s Supreme Leader, Ayatollah Ali Khamenei, made his first public comments about the protests, backing the police and blaming the unrest on “foreign interference” from the United States and Israel.

Doxing and DDoS attacks

On September 25, Anonymous International, an international hacking activist group, claimed to have broken into the Iranian parliament’s database, obtaining the lawmakers’ personal information.

A YouTube account claiming to be linked to the group said the Iranian council had been hacked.

“Iran’s parliament supports the dictator when he should support the people, so we are releasing personal information to all of them,” they said, changing their voice in a manner typical of the internet gang.

On the Telegram messaging app, Atlas Intelligence Group, another hacking group, says it leaked phone numbers and email addresses of Iranian officials and celebrities, a technique known as “doxing”.

It also offered to sell apparent location data to the Islamic Revolutionary Guard Corps, a branch of Iran’s armed forces, according to Check Point, which has been documenting hacking activists’ efforts in Iran.

Anonymous affiliated groups say it has also released data that allegedly came from various government services, ministries and agencies – as well as a university – and claimed responsibility for hacks of Iran’s presidency, central bank and state media.

While it is difficult to verify the hackers’ claims, cyber security experts said they have seen numerous signs of Iran’s disruption from guarded hackers.

“We’ve seen some indications that hackers are shutting down government websites,” Liad Mizrahi, a security expert at Check Point Research, told CNBC. “We’ve mostly seen this done through Distributed Denial of Service (DDoS) attacks.”

In a DDoS attack, hackers overload the website with large amounts of traffic to make it inaccessible.

“Mandiant can confirm that many of the services allegedly disrupted were offline at various points in time and, in some cases, still unavailable,” Emil Haigbert, a threat intelligence analyst at the cybersecurity firm, told CNBC.

“Overall, these DDoS and defamation operations may add to pressure on the Iranian government to pursue policy changes,” he said.

Regarding anonymous involvement, Hagbert noted that it was “consistent with activity” previously attributed to affiliates of the organization. Earlier this year, Anonymous Launched a large number of cyber-attacks on Russian entities In response to Moscow’s unprovoked invasion of Ukraine.

Bypass Internet Restrictions

Hacking groups encourage Iranian citizens to bypass Tehran’s internet ban by using VPNs (virtual private network), proxy servers, and the dark web – technologies that allow users to hide their identity online so they can’t be tracked by Internet Service Providers (ISPs).

On the messaging app Telegram, a group of 5,000 members is sharing details about VPN servers that are open to help citizens bypass internet bans in Tehran, according to cybersecurity firm Check Point, which has been documenting the efforts of hacking activists in Iran.

A separate group, with 4,000 members, distributes links to educational resources on the use of proxy servers, which funnel traffic through tunnels through an ever-changing community of volunteer-run computers to make it difficult for systems to restrict access.

With opposition growing in the Islamic Republic, the government quickly moved to throttle internet connectivity and block access to social media services like WhatsApp and Instagram, in an apparent attempt to stop footage of police brutality from being posted online.

At least 154 people have been killed in the crackdown launched by the Iranian government as of Sunday, According to the independent, non-governmental Iranian Human Rights Group. The government has reported 41 deaths.

Web security company Cloudflare and internet monitoring group NetBlocks are documented multiple Examples Disruptions of telecommunication networks in Iran.

A young professional in Tehran told CNBC via Instagram message, he asked not to be identified out of fear for his safety.

“I have limited access to Instagram, so I use that at the moment” to connect with people, he said, adding that he and his friends rely on VPNs to access social media platforms.

It is believed to be one of the worst internet outages in Iran Since November 2019when the government restricted citizens’ access to the internet amid widespread protests over high fuel prices.

“They shut down the internet to hide the killing. Be our voice,” several videos and posts widely shared by Iranian activists on social media were read, along with footage of street protests and police violence.

Digital freedom activists are also trying to teach Iranians how to access the Tor browser, which allows users to connect to regular websites anonymously so that ISPs can’t see what they’re browsing. Tor is often used to access the “dark web,” a hidden part of the internet that can only be accessed using special software.

“This isn’t the first time we’ve seen actors involved in Iranian affairs,” Amin Hasbini, director of global research and analysis at cybersecurity firm Kaspersky, told CNBC.

Lab Dookhtegan, an anti-Iranian hacking group, is known to leak data allegedly belonging to Iranian cyber espionage operations on Telegram, for example. a Report From Check Point last year, he detailed how Iranian hacking groups targeted dissidents with malware to conduct surveillance on them.

Leave a Comment