For years, the Iranian regime has been struggling to rein-in access to Internet services because it knows full-well providing unharnessed access to the Internet will defeat its censorship machine. The mullahs ruling Iran had a first-hand experience of what the Internet can do in 2009, when images and videos of the regime’s brutality toward peaceful protesters were broadcast worldwide on social media networks.
And with the advent of secure, encrypted messaging applications, keeping tabs on and monitoring Internet traffic has become even harder for the state.
A new report by the Iranian opposition coalition National Council of Resistance of Iran sheds light on the Iranian regime’s yearslong campaign to adapt its surveillance and censorship apparatus to the ubiquity of Internet connectivity.
Titled “Iran: Cyber Repression: How the IRGC Uses Cyberwarfare to Preserve the Theocracy,” the report unveils the regime’s covert and overt tactics to spy on citizens and spread propaganda across social media channels.
The NCRI has provided a list of customized variations of the popular social media and messaging application Telegram, developed by the Iranian regime’s front companies. Telegram has more than 40 million users in Iran and was widely used to spread the news of uprisings that erupted across the country at the turn of the year. The customized apps publicize themselves as Farsi versions of Telegram, but under the hood they contain malicious code that enables the regime to spy on communications, threaten activists and organizers of protests, and prevent users from accessing opposition channels.
The regime allegedly used the same apps to identify and arrest activists in the weeks following the recent nationwide protests.
The Iranian regime uses various methods to compel users to install the spyware-inflicted apps. This includes setting up local markets for mobile applications and a tech startup program controlled by the notorious Revolutionary Guards. The regime also blocks or slows down traffic on the original version of Telegram in order to force users to use its own malware-inflicted applications.
The regime has also pushed its malicious apps on popular app stores such as Google Play and Apple’s App Store, a clear violation of their terms of service. The most prominent is Mobogram, a Telegram fork developed by Hanista, a company that acts as a front for the guards, according to the NCRI report.
Apple bans developers from including any hidden or undocumented features in apps published in its App Store. Likewise, Google strictly prohibits apps that are “deceptive, malicious, or intended to abuse or misuse any network, device, or personal data” from being published on Google Play.
In an interview with Fox News, Alireza Jafarzadeh, the deputy director of the NCRI’s Washington office, said, “The Iranian regime is currently hard at work to test the success of these apps on the people of Iran first. If not confronted, its next victims will be the people of other nations.” Jafarzadeh also added that the Iranian intel unit responsible for this alleged surveillance is the same group tasked with cyberwarfare against the West.
The tech community has a clear responsibility to counter Iran’s efforts to stop the free flow of information in and out of Iran and to compromise the security of social media networks. The Iranian regime knows that imposing a total blackout on the Internet will come with severe repercussions for the country’s already bankrupt economy, which will threaten to trigger even social unrests. That’s why it is trying to maintain its control by poisoning the well.
Internet service companies can work with the Iranian resistance and their sources in order to identify the front companies and developers that are creating and distributing malicious applications on behalf of the Iranian regime.
Google has reportedly launched an investigation and removed some of the malware-inflicted apps exposed by the NCRI from its app store. Apple must take similar measures to prevent the Iranian regime from publishing counterfeit apps in its App Store. Telegram too should take action and revoke the access of the Iranian regime’s developers to its Application Programming Interfaces in order to prevent them from creating and publishing malware-infected versions of its mobile app. This will force the regime to release any block it imposes on the original versions of those applications.