By Mohammad Sadat Khansari
Iranian hackers have gathered in shadowy online forums since at least 2002 in order to share their best tips for creating successful cyber attacks, according to a new report from a cyber security firm.
These illicit conversations have resulted in some of the most devastating cyber security incidents in the world including, but not limited to:
• The Saudi Aramco attack that wiped data from thousands of infected terminals in the Saudi state oil company and left a burning American flag on the screen
• Several attacks on the websites of large banks, which cost millions of dollars
• An espionage campaign on many Western targets
The report, released by cyber security intelligence firm Recorded Future, found that one particular forum with direct ties to Iran’s Islamic Revolutionary Guard Corps (IRGC) was the most popular among Iranian hackers, having around 20,000 users.
The Ashiyane forum, created by the cyber security company Ashiyane Digital Security Team, was a place for Iranian contractors to boast about their talents for carrying out successful offensive campaigns; almost like LinkedIn for hackers.
The hackers, most of whom term themselves “gray hats”, a term for hackers that take part in both legal and criminal cyber actions, would share information on how to carry out distributed denial of service (DDOS) attacks, which are used to push a website out of service by flooding them with information, as well as Android exploits and commonly used cyber attack techniques.
We can see the Ashiyane forum’s clear links to the Iranian Regime because it is one of few websites that remained in use during the Iranian green movement of 2009, when the Iranian people were protesting a rigged election, during a supposed government crackdown on these sites.
While the Ashiyane forum official shut down in 2018 for unknown reasons, Recorded Future was able to access the archive to expose this hacker meeting place. Recorded Future also said that the forums became involved in online gambling, which is banned in Iran, and that was the reason for the shutdown.
All of this information was revealed because Recorded Future wanted to conduct a research study on the history of Iran’s hacker culture, its close ties to the Iranian Regime, and the mistakes that the groups have made along the way.
What is not mentioned in the report is that the Iranian Regime is behind the hacking operations a way of attacking its enemies without getting caught, something that will not change so long as the Regime is in power.