TACTICAL CYBER INTELLIGENCE REPORT
Actor Type: N/A
Countries: US, SB, IR, SY
Report Date: 20180105
Iranian Protests: Communication Bans & Targeting of Protestors
Wapack Labs has been monitoring the developing Iran protests. By Day 9, Wapack analysts observed an uptick in Internet and communication restrictions, including social media platforms, phone applications, encrypted/secure messaging, and Virtual Private Network (VPN) services, and other platforms.
Formerly accepted by the Iranian government, the Instant Messaging Service ‘Telegram’, which had tremendous activity on Day 2 of the protests, is now disabled. At the moment, Google is preventing Iranians from using the Google Search Engine and from using ‘Signal’, an end-to-end encryption messenger that circumnavigates government filtering. To date, ProtonMail’s free VPN service for Android phones, is the only means of providing anonymity for Iranian citizens.
As the Iranian government continues to disrupt communications, they are implementing scare tactics to persuade protestors to stop the movement. Irancell, a mobile network service provider, is tracking down its’ users - who have posted videos and pictures online - and sending them text notifications, warning them that they have been participating in illegal protests. Additionally, the Twitter account of the Tasnim News Agency (@Tasnimnews_Fa) is posting pictures of protestors, asking followers to identify protestors and report them to Iranian security forces.
The current climate in Iran may give way to another wave of Iranian cyber hacktivists targeting the anti-regime demonstrators. Wapack Lab continues to monitor the situation.