Iranian Cyber Army

as a propaganada arm of the Iranian government

Ali Nikouei



October 2016 - Tunisia

This presentation is published with under

In The Memory of Iranian Bloggers

+300 ones have been Imprisoned, +2 have been killed and +1 is waiting for the execution

( 81% • 11% • 8% )

Bloggers Faced Problem Freedom of Press (by Freedom House) Journalists' Prison Census (by CPJ)
Number of the Times that the Supreme Leader mentioned "Soft War" in His Public Speeches

How Censorship in Iran Works

Supreme Council of Cyberspace (SCC) sets the internet policy in Iran which its members are mostly appointed by the supreme leader (10(7) out of 18). Determining Offensive Content Committee (DOCC) works under SCC and sets the internet regulations. 9(7) out of 13 members of this committee are also appointed by the supreme leader. DOCC sends its verdicts to the ICT ministry for applying.

Mobile Penetration Rate: 90%

Who Owns the Market?

The Constitution (Article 150) defines IRGC as the "guardian of the Revolution and its achievements". In September 2009, the government sold 51% of the shares of National Telecommunication Company to Etemad-e Mobin Consortium, a group affiliated with IRGC.

The Structure of Iranian Cyber Army

Iranian Cyber Army is split to two divisions, Soft War and Cyber Defense (including Hacking). The Soft War squad has three strategic responsibilities: Content creation, Filtering and Incarceration. The Cyber Defense squad is responsible for cyber security and defense against external attack.

How ICA Hacks!

  • Social Engineering
  • Phishing
  • Identity Theft
  • Remote Access (e.g. RAT)
  • Suspending Accounts (by reporting)
  • DDoS
  • Brute-force
  • Defacing
  • Person(man)-in-the-Middle
  • Session Hijacking

A sample; just one of millions

Balthasar Glättli, member of the National Council for The Green Party in Switzerland, has provided OpenDataCity with parts of his retained data of six month for this visualization.

Open Data City

Another one; profiling

IranSec profiled 20 accounts on Twitter in 2015 and through these accounts reached to 12000 possible ICA accounts. After filtering these 12k accounts, 300 accounts was profiled which probably work for ICA.

How Don Saadat Planed to Hack Saudi Arabia Air Force

I interviewed more than 20 hackers from noobs to professionals. One of the hackers who leads a team consist of 5 hackers let me be in their group chat for a month during the invasion of Saudi Arabia into Yeman. They were planing to hack the air force of Saudi Arabia in order to make a clash when the air crafts landing/taking-off or in the air. He didn't reveal the detail of his plan but he sent me some photo to publish them if he were successful.

Phishing Campain Targeting 2200 Icons

An Iranian hacking group targeted 2197 persons (216 successful attacks) of interest by means of malware infection, supported by phishing campaigns during May 2014 until Oct 2015.

Who Got Targeted?

high ranking defense officials embassies of target countries academic institutions and scholars Iranian researchers, human rights activists, media and journalists

In some cases the attackers tried to breach the account of a relative or colleague of the real target.

Check PointCitizen LabSkyClear Security Co.

IranSec; A Shield for Defenders

IranSec has been formed in 2012(2009) to increase the security and privacy of Iranian human rights defenders and help them not to worry about the digital aspect of their activities. But (a very big one) we mind your security and privacy as well.

We Are Always Beside You! Just Ping Us by

Have Fun!

And, Let's Play or Discuss