– Advertisement –
Anonymous and other global hacking groups are engaged in a multi-pronged cyberattack on Iran, joining battles with protesters on the ground protesting the country’s strict hijab laws.
– Advertisement –
Thousands of amateur hackers have organized online to carry out cyberattacks on Iranian officials and institutions, as well as share tips on how to curb Internet access using privacy-enhancing tools.
Internet access in Iran has been severely limited in recent weeks following protests over the death of 22-year-old Kurdish Iranian woman Mahsa Amini.
– Advertisement –
Amini died in a hospital in Tehran under suspicious circumstances on 16 September after being detained by Iran’s so-called “ethics police” for allegedly violating the country’s strict Islamic dress code by wearing a hijab.
Eyewitnesses say that Amini was beaten up by the police. Iranian officials denied any wrongdoing and claimed that Amini died of a heart attack.
The Iranian Foreign Ministry did not respond to CNBC’s request for comment. On Monday, Iran’s supreme leader, Ayatollah Ali Khamenei, made his first public remarks on the protests, backing police and blaming the unrest on “foreign interference” from the US and Israel.
Doxing and DDoS attacks
On 25 September, the international hacktivist collective, Anonymous, claimed to have breached the Iranian parliament’s database to obtain personal information of lawmakers.
A YouTube account claiming to be affiliated with the group said the Iranian assembly had been hacked.
“The Iranian parliament supports the dictator when it should support the people, so we are releasing the personal information of all of them,” he said, turning his voice like a cyber gang.
On the messaging app Telegram, another hacking group, Atlas Intelligence Group, says it leaked the phone numbers and email addresses of Iranian officials and celebrities, a tactic known as “doxing”.
According to Check Point, it also offered to sell explicit location data on the Islamic Revolutionary Guard Corps, an arm of Iran’s armed forces that has been documenting hacktivists’ efforts in Iran.
Anonymous-affiliated groups say they released data coming from various government services, ministries and agencies as well as a university and claimed responsibility for the hacks on the Iranian presidency, central bank and state media.
Although the hackers’ claims are difficult to verify, cyber security experts said they have seen several signs of disruption in Iran from vigilante hackers.
“We’ve seen some signs of government websites being taken offline by hackers,” Liad Mizrachi, a security expert at Check Point Research, told CNBC. “Primarily we’ve seen this done through Distributed Denial of Service (DDoS) attacks.”
In a DDoS attack, hackers overload a website with a large amount of traffic to make it inaccessible.
“Mandient can confirm that many services that claim to be disrupted have gone offline at various points in time, and in some cases are unavailable,” intelligence analyst Emil Heghebert at the cybersecurity company told CNBC.
“Overall, these DDoS and doxing operations could increase pressure on the Iranian government to pursue policy changes,” he said.
On Anonymous’s involvement, Heghebert said it was “in line with the activity” previously credited to the organization’s associates. Earlier this year, Anonymous conducted several cyberattacks on Russian entities in response to Moscow’s unprovoked invasion of Ukraine.
bypass internet restrictions
Hacking groups are encouraging Iranian citizens to bypass Tehran’s internet blockade by using VPNs (virtual private networks), proxy servers and the dark web – techniques that allow users to hide their online identities So that they cannot be tracked by Internet Service Providers (ISPs). ,
On the messaging app Telegram, a group with 5,000 members shared details about open VPN servers to help citizens bypass Tehran’s internet blockade, according to cybersecurity firm Check Point, which is part of hacktivists’ efforts in Iran. Doing documentation.
A separate group, with 4,000 members, distributes links to educational resources on the use of proxy servers, which tunnel traffic through an ever-changing community of computers run by volunteers making it difficult for governance to restrict access.
As discontent grew in the Islamic Republic, the government began to block internet connectivity and access to social media services such as WhatsApp and Instagram, in an apparent attempt to stop footage of police brutality being shared online.
As of Sunday, at least 154 people have been killed in the Iranian government’s crackdown. According to the independent and non-governmental Iran human rights group, The government has reported 41 deaths.
Web security firm Cloudflare and Internet monitoring group Netblox have documented Different Example Due to the disruption of the telecommunications network in Iran.
“It’s really hard to keep in touch with friends and family outside of Iran,” a young professional in Tehran told CNBC via Instagram message, requesting anonymity due to fear. The internet is messed up here, so sometimes We can’t communicate for days.” his security.
“I have limited access to Instagram so I use it at the moment,” he told Contact People, adding that he and his friends rely on VPNs to access the social media platform.
It is considered one of the worst internet blackouts in Iran since November 2019, when the government restricted citizens’ access to the web amid widespread protests over a hike in fuel prices.
“They are shutting down the internet to hide the killing. Be our voice,” read several videos and posts widely shared by Iranian activists on social media, along with footage of street protests and police violence.
Digital freedom activists are trying to teach Iranians how to use the Tor browser, which lets users anonymously connect to common websites so that their ISPs can’t tell what they’re browsing. Tor is often used to access the “dark web”, a hidden part of the Internet that can only be accessed using specialized software.
“This is not the first time we see actors involved in Iranian affairs,” Amin Hasbini, director of global research and analysis at cybersecurity firm Kaspersky, told CNBC.
For example, the anti-Iranian hacking group Lab Dukhtegan has been known to leak data related to Iranian cyber-espionage operations on Telegram. a report good Last year, Check Point detailed how Iranian hacking groups were targeting dissidents with malware to monitor them.