Iranian Cyber Army

as a propaganada arm of the government

Ali Nikouei


Annenberg-Oxford Media Policy Institute

July 2016 - Oxford

This presentation is published with under

In The Memory of Iranian Bloggers

+300 ones have been Imprisoned, +2 have been killed and +1 is waiting for execution

( 81% • 11% • 8% )

Bloggers Faced Problem Freedom of Press (by Freedom House) Journalists' Prison Census (by CPJ)
Number of the Times that the Supreme Leader mentioned "soft War" in His Public Speeches

How Censorship in Iran Works

Supreme Council of Cyberspace (SCC) sets the internet policy in Iran which its members are mostly appointed by the supreme leader (10(7) out of 18). Determining Offensive Content Committee (DOCC) works under SCC and sets the internet regulations. 9(7) out of 13 members of this committee are also appointed by the supreme leader. DOCC sends its verdicts to the ICT ministry for applying.

Mobile Penetration Rate: 90%

Who Owns the Market?

The Constitution (Article 150) defines IRGC as the "guardian of the Revolution and its achievements". In Sep 2009, the government sold 51% of the shares of National Telecommunication Company to Etemad-e Mobin Consortium, a group affiliated with IRGC.

Iranian Cyber Army Structure

Iranian Cyber Army is split to two divisions, Soft War and Cyber Defense (including Hacking). The Soft War squad has three strategic responsibilities: Content creation, Filtering and Incarceration. The Cyber Defense squad is responsible for cyber security and defense against external attack.

How ICA Hacks!

  • Social Engineering
  • Phishing
  • Identity Theft
  • Remote Access (e.g. RAT)
  • Suspending Accounts (by reporting)
  • DDoS
  • Brute-force
  • Defacing
  • Person(man)-in-the-Middle
  • Session Hijacking

A sample; just one of millions

Balthasar Glättli, member of the National Council for The Green Party in Switzerland, has provided OpenDataCity with parts of his retained data of six month for this visualization.

Open Data City

Another one; profiling

IranSec profiled 20 accounts on Twitter in 2015 and through these accounts reached to 12000 possible ICA accounts. After filtering these 12k accounts, 300 accounts was profiled which probably work for ICA.

Phishing Campain Targeting ~2200 Icons

An Iranian hacking group targeted 2197 persons (216 successful attacks) of interest by means of malware infection, supported by phishing campaigns during May 2014 until Oct 2015.

Who Got Targeted?

high ranking defense officials embassies of target countries academic institutions and scholars Iranian researchers, human rights activists, media and journalists

In some cases the attackers tried to breach the account of a relative or colleague of the real target.

Check PointCitizen LabSkyClear Security Co.

IranSec; A Shield for Defenders

IranSec aims to increase the security and privacy of Iranian human rights defenders and helps them not to worry about the digital aspect of their activities. But (a very big one) we mind your security and privacy as well.

We Are Always Beside You! Just Ping Us by

Have Fun!

And, Let's Play