NCRI – The National Council of Resistance of Iran (NCRI) has published a new detailed intelligence report on the Iranian regime’s Cyber Army. The report is based on intelligence gathered by the sources of the main Iranian opposition group People’s Mojahedin Organization of Iran (PMOI or Mujahedin-e Khalq, MEK) inside the clerical regime including its Islamic Revolutionary Guards Corps (IRGC).
The report indicates that Tehran’s cyber army and the Iranian regime’s cyber warfare is directed by the IRGC top brass, in particular the IRGC commander in chief, Major General Mohammad-Ali Jafari. The decisions about cyber warfare and the conduct of the cyber army are made by the Supreme National Security Council (SNSC), the highest decision-making body of the regime on national security matters that is chaired by the President, Hassan Rouhani.
The report shows that Tehran’s cyber warfare is carried out by an elaborate state apparatus to pursue a malign and malicious state policy and that the Iranian regime has stepped up allocating resources and staff to this warfare in recent years.
Another interesting aspect of the report is that the mullahs’ cyber army boasts and brags about hacking other websites or attacking them. In one instance, one of their affiliates boasted that they have attacked 500 foreign sites and networks.
Report by the National Council of Resistance of Iran:
About the Iranian Regime’s Cyber Army
1. Formation of a cyber force in the IRGC
1.1 Since the involvement of the Islamic Revolutionary Guard Corps (IRGC) Cyber Force and Technology Department of the Ministry of Intelligence in censoring and guiding arrests during the 2009 uprisings in Iran, the need to strengthen the IRGC’s role in cyber space as a suppressive force in Iran and a disruptive force abroad has been under consideration.
1.2 In early December 2010, the Commander of the IRGC, Major General Mohammad-Ali Jafari, and the commander of the IRGC’s cyber force, Majid Sadeqian, met with other senior IRGC commanders at the central headquarters of the chiefs of staff of the regime’s armed forces. The participants all stressed the role of the IRGC’s cyber force in protecting and preserving the regime, which they said could be achieved through soft and hard means (censorship and arrests) within Iran and striking at “enemies” abroad. They added that the 2009 uprisings in Iran and the Stuxnet virus had clearly shown the need to strengthen the cyber force into a robust organization.
1.3 IRGC commander Mohammad-Ali Jafari has endorsed the plan to make the cyber force the IRGC’s sixth force, to work in Iran alongside the Bassij Force to suppress social protests and uprisings, while working with the extraterritorial Qods Force to interfere in other countries’ affairs to advance the regime’s objectives abroad. Others argue that the cyber force should be embedded within the IRGC Intelligence Organization and should not be a separate entity acting in the field.
1.4 Back in May 2001, the regime’s supreme leader Ali Khamenei personally intervened to confront the Iranian public’s growing awareness gained via the Internet. Under a plan called “Broad Policies for the World Wide Web,” he ordered that access to the Internet must only be allowed through permitted institutions.
1.5 Following this order, in October 2001, the Supreme Cultural Council of the Revolution chaired by then-president Mohammad Khatami, adopted a resolution for censorship called “Regulations and Rules Related to the World Wide Web,” which called for government control over Application Service Providers (ASP).
2. Organizations Controlling Cyber Space
2.1 In December 2002, the Committee to Prescribe Measures against Prohibited Internet Bases was formed, and included representatives from the Intelligence Ministry, Ministry of Islamic Guidance, Ministry of Communications and Technology, and the Judiciary. It determined criteria according to which, by March 2003 (in three months), over 15,000 websites were blacklisted and filtered.
2.2 In 2003, the Supreme Council for Information Sharing Security was formed in order to set cyber policies. Chaired by the vice president of the regime, its members include the secretary of the Supreme National Security Council, the chairman of the armed forces chiefs of staff, the intelligence minister, the minister of communication, and the minister of Islamic guidance. The presence of the secretary of the Supreme National Security Council and the intelligence minister indicates the focus on censorship, domestic suppression and foreign and domestic espionage. The involvement of the chairman of the joint chiefs is related to leveraging the cyber force for the regime’s military programs, especially missile and nuclear programs. The involvement of the Islamic guidance minister is related to exporting fundamentalism and interfering in other countries’ affairs.
2.3 Supreme Council for Technological Innovation: This council, formed in 2005, is chaired by the regime’s president. It has 14 members, including ministers, deputy ministers and the head of the main state-run broadcaster. Its mandate is to set the strategic policies for technological advancement.
2.3.1 After the ascent of Mahmoud Ahmadinejad as president in June 2005, resulting in a closing of ranks by the regime, on the basis of the decisions by the Supreme Council for Technological Innovation, a mandate was given to the communications ministry to censor and suppress under the banner of “clearing out illegal content,” “identifying users that violate the law,” and “monitoring anti-regime websites.”
3. IRGC and cyber warfare
3.1 Since 2007, the IRGC has been actively involved in cyber warfare for domestic suppression and combating anti-fundamentalist sites, while supporting terrorism abroad.
3.2 The IRGC’s cyber warfare training states: The cultural war is a serious threat to the regime. Since the IRGC’s core responsibilities include confronting all enemy threats against the essence of the regime, the IRGC has a duty to intervene in this regard.
3.3 On November 21, 2010, on the occasion of Bassij week, Brigadier General Hossein Hamedani , the commander of the Mohammad Rasulollah base in Greater Tehran, announced: “The Bassij cyber council has trained over 1,500 cyber warriors who are now active.” He added that such activities would be stepped up soon.
3.4 The IRGC’s command center for cyberspace: The IRGC has a unit called the command center for cyberspace or “cyber defense.” The head of the unit’s technological department is Majid Sadeqian. Sadeqian has close contacts with Saeed Roghangarha, the deputy of the Intelligence Ministry’s technological innovation section, when it comes to identifying and suppressing the regime’s opponents in cyberspace.
3.5 The cyber army:
• The cyber army has been established under the command of IRGC commander Mohammad-Ali Jafari. The unit was placed under the IRGC’s Intelligence Organization, formed in 2009.
• The regime’s Supreme National Security Council has adopted decisions for the cyber army to confront and institute measures against websites abroad, and to monitor and act against Internet threats against the regime within Iran.
• On November 20, 2010, the cyber army exaggerated its actions, launching a wave of psychological warfare in IRGC-affiliated websites, claiming that it had hacked 500 sites simultaneously, while disrupting the intelligence networks and private websites of other counties.
Among its claims are the following:
On October 27, 2010, it claimed that hackers of the cyber army had sent disruptive emails and spread malware among the regime enemies’ computers.
The public relations office of the “Shabakeh Gostar” engineering company reported on November 2, 2010 that Iran’s Cyber Army had taken responsibility for attacks against Twitter and the Chinese search engine Baidu.
• Members of the clerical regime’s Majlis (parliament) openly support the illegal and inhumane actions of the Cyber Army. Fatemeh Alia, a member of the Majlis security committee, said on October 28, 2010: “When it comes to cyber warfare, in the current circumstances we need to allocate a budget sufficient to acquire the equipment needed for this kind of war, so we can dedicate it to cyber warfare and the cyber army.”
3.6 The Army of the Sun: A website called the Army of the Sun is among the affiliates of the IRGC cyber force. In its propaganda, the regime claims that the Army of the Sun has attacked 500 sites to undermine foreign sites, including Twitter, Facebook and others that encourage young Iranians to rise up against the regime. The group has an active website called the Hack and Security Website of the Sun, which was officially registered in early October 2010. Seyyed Mostafa Motaharian, the head of the board; Mehdi Arbabi, manager; Mohsen Nouri, Sajjad Pourali, Omid Ghaffari-nia, and Mohammad Sadeq Ahmadzadegan are members of this site.
3.7 The Defense Industries Organization, which is part of the Defense Ministry, has an organization called the “Iran Electronics Industries” (Sana-ey Electronik-e Iran) (aka Sa-Iran), which includes seven industrial groups. One of these groups, the Communications and Intelligence Innovation Group (Safava), deals with cyber space. The technology department of the Intelligence Ministry has a representative in Safava named Deldadeh.
3.8 The Technology Department has a unit called the “operational unit,” which tries to hack sites run by opponents, to control websites, to attack other networks, and to conduct electronic espionage abroad. The Intelligence Ministry uses stable IP addresses, which are directly connected to the Intelligence Ministry headquarters in Mehran Garden.