Iranian Cyberspace: Domestic Suppression and International Aggression

Iranian Cyberspace: Domestic Suppression and International Aggression
Story Stream
recent articles


“Iran’s intelligence operations against the United States, including cyber capabilities, have dramatically increased in recent years in depth and complexity.”

These words of Director of National Intelligence James Clapper spoken at a Feb. 2012 congressional hearing should raise concern for the international community, but also the citizens of the Islamic Republic of Iran.  In recent years, Iran has become even more isolated from the international community, driven in large part by an uptick in sanctions.  Facing mounting socio-economic domestic turmoil and increasing international pressure against its alleged nuclear weapon ambitions – a charge that Tehran denies – Iran has actively engaged in a campaign against domestic and foreign adversaries alike to consolidate power by any means it deems necessary.  

Iranian Domestic Cyber Strategy

“Cyberspace,” says Homeland Security Policy Institute director Frank J. Cilluffo, “largely levels the playing field, allowing individuals and small groups to have disproportionate impact[s].” Such words accurately describe the way in which Iran currently operates.  In the aftermath of the 2009 Iranian Presidential elections and continuing until present, Tehran organized and carried out a successful domestic campaign to censor individuals and/or companies who promote internet freedom. 

In the lead up to parliamentary elections on Mar. 2, 2012, the regime implemented severe internet restrictions in an effort to fully dissuade any Iranian dissidents from participating in events similar to those that transpired during the previous election cycle. 

Iranian dissidents took to the streets on June 13, 2009 in protest of the presidential election results in which former Iranian President Mahmoud Ahmadinejad triumphed over the reformer and Green Movement candidate Mir Hussein Moussavi. Tehran responded by launching a massive crackdown in which thousands of individuals were threatened, jailed, tortured and even killed.

Journalists and social media users were also targeted.  Additionally, broadcasts in and out of the country were severely restricted, with additional jamming being conducted.  Activists utilized in 2009, and still continue to utilize today, computer technology to circumvent the government’s attempt to deny them the outside world.

Tehran has further heightened internet censorship procedures to deter a similar episode and to strengthen its control over citizens and nearly 45 million internet users. The regime has targeted Virtual Private Network (VPN) users, which provide a method for Iranian citizens to circumvent the censorship filters. Such techniques are heavily used in Iran even though they are considered to be illegal.  A survey published by the Iranian Ministry of Youth and Sports estimated that nearly 70 percent of young Iranians who surf the Internet do so by circumvention. While social media sites like Twitter, Facebook and Youtube remain blocked, among many other web sites, Iranian President Hassan Rouhani, specifically, and other high-ranking Iranian officials, remain some of the most active social media users.

Tehran also requires users of internet cafes to register using personal identification, including imputing their real address and family information.  The new regulation encourages “transparency and organization for internet businesses and offer[s] more protection against online abuse,” according to its wording.  While the ruling may provide such services, it may pose greater censorship issues since up to 60 percent of Iranian businesses and homes utilize the internet, thus providing another tracking method. Other monitoring equipment like surveillance cameras has also been installed to monitor and track users. 

In a move that further strengthened Tehran’s hold on the internet, the regime launched its “Cyber Army” in May 2010, according to Ebrahim Jabari, an Islamic Revolutionary Guard Corps official. These newly recruited members have reportedly been actively engaged in the increasingly prevalent censorship operation against its citizens while still serving to make Iran “immune” from cyber-attacks and launching offensive attacks, too. With America supporting individual rights of internet freedom to the amount of $70 million “in Iran and worldwide,” perhaps the Islamic Republic felt pressured.  America has acknowledged Iran and its cyber team to be quite savvy to the point where U.S. State Department Spokesperson Victoria Nuland called Iran, “more adept at blocking the free flow of information to its citizens than almost any other country in the world . . .”.

Many opposition supporters conversely believe that the formation of such an internet control system would serve only to disrupt any support of the Green Movement and its leaders Mousavi and Karoubi, both of whom have been placed under house arrest, without trail, since 2011.

If caught participating in such activities, individuals would likely face a severe penalty of possible imprisonment or death.  Internet screeners not only monitor Green Movement supporters, but also religious minorities, bloggers and reporters.  Perhaps their worries have justification.  A December 2014 Committee to Protect Journalists report named Iran to be the world’s second leading state for imprisoning journalists (at 30) to only China (at 44).

As Iran continues to push its censorship campaign, it need only to look to the surrounding region to understand the days of the Islamic Republic are limited.  Tehran is, therefore using all means necessary, including command of the Internet and its content, to firmly demonstrate superiority over its citizens. 

Iranian Cyber Defense Strategy

Tehran has thus far demonstrated an effective cyber strategy against its perceived domestic threat.  There also exists the ability of an individual or nation to wage war in cyberspace, presenting an alternative method to conduct warfare with the potential to effectively cripple a nation economically, militarily or perhaps both.

Targeting and disabling Iranian nuclear centrifuges, the Stuxnet virus identified in 2010, ushered in a new domain of warfare.  To this end, former CIA Director Michael Hayden told 60 Minutes, “[S]omeone has legitimized this kind of activity as acceptable international conduct”. Since its discovery, Tehran has proactively engaged in a series of countermeasures to guard against future cyberattacks.  But further complex attacks have been identified.  In April 2011, “Stars” targeted executive computer files, and “Duqu”, a virus similar to Stuxnet, gathered and relayed sensitive information to its creator. Lastly, “Flame” was acknowledged in May 2012 and is called by some the most sophisticated and complex cyber virus ever created. 

According to Iranian National CERT (Computer Emergency Response Team), the virus could turn on infected microphones to record conversations, copy computer screens and bypass antivirus software, among other tasks. By targeting areas like the centrifuges used to enrich uranium or machinery involved in the Iranian oil industry, such cyberattacks likely seek to significantly delay, if not terminate, what some Western countries perceive to be the desire to obtain nuclear weapons.  Iran has, however, implemented a strategy to defend against these threats and, if necessary, take the offensive.  These initiatives include:

·      Actively censoring the Internet to eventually develop a “clean national Internet”;

·      Launching a “cyber army” of reportedly 250,000 individuals, who defend against virtual attacks and monitor Internet content and opposition groups through online surveillance;  

·      Holding its first national cyber conference on cyber defense in March 2012 where Brigadier General Reza Jalali indicated that more emphasis would be placed on cyber capabilities “both offensive and defensive”;

·      Commissioning a ‘Supreme Council of Virtual Space’ in March 2012 by the Supreme Leader Ali Khamenei to be governed by then President Ahmadinejad, now President Rouhani, and key IRGC (Iranian Revolutionary Guard Members) members to implement Internet policy. 

Recent history illustrates that Tehran’s offensive cyber capabilities have dramatically evolved in sophistication and scope.  Although Iran still is engaged in an Internet censorship campaign highlighted by repeated virtual attacks targeting various foreign media outlets like BBC Persian and Voice of America, evidence suggests a dramatic shift in complexity and global focus of Iranian offensive cyber-related activities. 

Serious potential exists for Tehran to conduct bolder offensive cyber campaigns, as they have reportedly devoted $1 billion to cyber warfare training and operations. This money appears to be well-spent, as Iran has engaged in a series of offensive cyberattacks against foreign governments, oil and natural gas industries, financial institutions and other critical infrastructure throughout the world.  Notably, in March 2015, Clapper disclosed in congressional testimony that Iran launched a Distributed Denial of Service (DDOS) attack against financial institutions in 2013, and further engaged in another campaign against the Sands Casino in Las Vegas the preceding year.

Although virtual attacks do provide several advantages, such as user anonymity and the possibility to conduct potentially devastating virtual campaigns at distance, thus voiding conventional military engagement, private companies like Cylance Inc. continue to monitor and evaluate the increasing sophistication of the Iranian’s cyber capabilities. Addressing the cyber conference, Jalali remarked that the current reduction of the American military creates an even playing field in the virtual arena and it is one in which Iranians excel.  Jalali is not the only one who shares this point of view. 

Concern about Tehran’s maturing cyber capabilities are voiced throughout the U.S. government and private sector.  Former Google Executive Chairman Eric Schmitt explained in a CNN interview that Iranians are “extremely talented” in cyber warfare and brands them to be a “cyber security threat.” Clapper’s recent remarks only underscore the immediate cyber threat posed by Iran’s ever evolving cyber capabilities.  Although national intelligence assessments consider China and Russia to be the top tier cyber adversaries of the United States, a recent report by cybersecurity firm Cylance, characterized the Iranians’ cyber capabilities to be “the new China.” Given the sophistication by which the Iranian cyber army operates, both inside and outside Iran, as described in this report, serious attention should be awarded to this issue.

In conclusion, Iran has undoubtedly become bolder in its actions against its citizens, the United States and international interests abroad, and more desperate as it maneuvers through mounting economic and international pressure.  One need only remember the IRGC – the group that failed to assassinate the Saudi Ambassador in Oct. 2011 in Washington, D.C. – also controls Iran’s cyber army and thus has command of its offensive and defensive capabilities.  Washington should therefore ready its virtual defenses because cyber intrusions of all means and from all opponents are on its doorstep. 


Show commentsHide Comments