Exclusive High Quality Features from Israel and the Middle East

“A Kilobyte Is Stronger than a Megaton”: Iranian Hackers and the Cyber Realm of the Islamic Republic

The Near East - Israel's Middle East Magazine 

By Roy Cahanovitz

“The fourth biggest cyber power…”



Translated by Viktoria Lymar

Edited by Steven Stenzler


22 June 2015

Iran and its nuclear program have been the target of cyber attacks over recent years, some of which hit the Islamic Republic hard. Nonetheless, at the same time, Iran has been investing vast resources in developing advanced cyber capabilities, and sees this as an important arena in its struggle with the countries of the West. The Iranian regime even encourages hackers and independent students to break into websites associated with the West, and experts are warning of the danger inherent in Iran's advanced capabilities.

In the last few days, the media in Israel and the world has been busy with the affair of the deployment of the intelligence-gathering worm Duqu 2.0 in European hotels where the Iranian nuclear program talks took place between Iran and the Western powers, against the backdrop of probing by the Russian security company/lab, Kaspersky Lab. However, it should be noted that the fears of the Iranian negotiators of such a breach into their databases and the contents of the talks raised a demand on their part to move the venue of the negotiations to another place, even more so, to worry about the security arrangements of cyberspace as much as possible and as soon as possible. In addition, Iranian President Hassan Rouhani ordered the Iranian representatives at the negotiations to take caution and avoid using smartphones, since they can be tracked by hostile elements.

In general, cyber is that same (metaphorical) cyberspace of computer systems and computer networks in which electronic data is stored, and online and interactive communication is carried out, regardless of the geographical location of its users. A hacker (Hebrew: cracker), is the very person who specializes in bypassing boundaries in cyberspace, and thereby obtains them vital information about their targets. The hackers themselves are classified into three following levels expressed in three colors of hats. A "White-hat hacker" is a nickname for someone using their knowledge of computers to test the stability of software, computers or networks and the strength of their protection. "White hats" oftentimes work in the field of computer security, and are considered part of the establishment, and therefore, are mostly referred to as "ethical hackers."

A "Gray-hat hacker" is someone who uses their knowledge of computers in order to research and seek more knowledge in the field, or one whose intention is not necessarily clear; they are not interested in damaging the victim, but not interested in helping them either. A "Black-hat hacker" is somebody who uses their knowledge of computers to take down or compromise systems without permission and to glean personal data from there, or to modify data. Usually, their actions will be based on planting "worms" or ​​Trojan horses, and so will be considered a violation of the law.

Iran sees in the cyber world a real frontline and battlefield against the United States and its allies, as well as an excellent platform for distributing its extremist Islamic ideology. Cyber ​​experts say Iran has increased its investments in developing its cyber capabilities 12 times over the last few years, and therefore, in a few years, these capacities will become more worrisome than the nuclear program. Moreover, Mohammad Hossein Sepehr, deputy to the Supreme Leader’s representative of the IRGC [Revolutionary Guards] boasted in February 2013, saying  that Iran had “the fourth biggest cyber power among the world’s cyber armies.”*

Since 2009, the Iranian regime has been working more intensely on building cyber infrastructure, and trying to unfold it in three main stages:

Establishment of cyber institutions and cyber maneuvers: Beginning from 2009, Iran’s regime launched recruiting thousands of cyber warriors and experts, and in 2011, it already established the Cyber Headquarters of the Passive Defense Organization, which by virtue of its role coordinates the regime’s activities of defending the country's infrastructure, sets regulations in the name of safety in cyberspace, and performs cybernetic maneuvers integrated into almost every military exercise.

Recruitment of hackers (crackers) for activities within the framework of the regime: The government in Iran is carrying on its activities, and recruiting hackers for the Basij Cyber Council, and even widely using hackers from outside Iran’s borders. Perhaps the most important point is actually the development and training of skilled and high-quality manpower in the universities through opening cyber defense schools.

Attacks on websites outside of Iran under the auspices of the regime: In a direct continuation of the active recruitment and training of hackers, the Iranian regime is encouraging hackers and students to break into websites identified with the West, and even rewarding with prizes and grants the students who manage to hack websites that spread  ​​"immoral" values both in Iran and outside it.

One of the groups and perhaps, the best known of them, is the Ashiyane group led by Behrouz Kamalian, which operates under the patronage of the regime and on whose record are hacks into NASA, and others.


Hacking NASA’s website by the Iranian “Ashiyane” group


The Iranian regime sees the cyberspace as a real war zone, and therefore, in 2011, it also founded the Cyber ​​Army. This army of experts, concentrating within itself an emerging cyber power, is divided into four sub-departments. One department deals with defense against cyber attacks, and specializes primarily in surveillance, identification, and blocking attempts to penetrate Iran's computer system. The second department is engaged in the development of offensive tactics, such as improving abilities to damage energy and water companies and airports. The third one works on deciphering special electronic codes, and the fourth department is tasked with the takeover of satellite communication frequencies of television channels in the Middle East. The Iranian Cyber ​​Army has hit many different websites, including those of "Voice of America," the Israeli Foreign Ministry, and more.



Iranians hack into “Voice of America” website


In conclusion, one can say that Iran sees itself as a respected superpower developing and nurturing new capabilities in the cyber field. Iran and its decision-makers realized several years ago that cyberspace is its next frontier in light of the American-Israeli threat in this regard, and therefore, it invests and will continue to invest hefty sums in improving its capabilities and relevant technologies. The improvement of these capacities requires the serious attention of decision makers in the West towards the Iranian threat, and not necessarily the nuclear one.


Roy Cahanovitz is a doctoral student at the Department of Middle Eastern History at Haifa University and a researcher at the Ezri Center for Iran and Persian Gulf Studies.



Original Hebrew article: קילובייט חזק יותר ממגה טון: האקרים איראנים ומערך הסייבר של הרפובליקה האסלאמית

Image credit: Security Affairs, מגזין המזרח הקרוב