Foreign Policy Blogs

The Islamic Republic's Emerging Cyber War

The following piece was written by Reza Marashi, Director of Research at National Iranian American Council (NIAC) and a former Iran Desk Officer at the U.S. Department of StateThe Iran Working Paper Series is supported by the Rockefeller Brothers Fund, the Ploughshares Fund and the Norwegian Foreign Ministry.

The Islamic Republic's Emerging Cyber War

Against a backdrop of international internet freedom initiatives, and plans to create a “halal Internet,” the Islamic Republic is doubling down on its efforts to use computers and the Internet to beat back pressure from critics at home and abroad.  Conventional wisdom is that both the Iranian government and its population evade such controls with relative ease because of inherent limitations in policing the Internet.  To be sure, web attacks and filtering often can be circumvented.  But this overlooks the government’s long-term strategic vision: controlling the identity of the Internet inside Iran.  As a global system of interconnected computer networks, the Internet has come to represent a litmus test for freedom of expression.  To that end, Iranian decision-makers seek to increasingly quarantine their population by dividing this internationalsystem into a fragmented national network. And while foreign-inspired virus attacks command the attention of policymakers and pundits in the West, the Islamic Republic’s long-term strategy is slowly succeeding.

Iranian Government Capabilities and Strategies

Rather than prohibiting PCs, mobile phones and the internet in Iran, the government instead regulates how these communication tools can be used.  First, it controls Network Infrastructure in Iran – literally the “plumbing” that facilitates the existence of internet, mobile, and landline communication networks.  No less important is the government’s control over Network Carriers – mobile phone operators, internet service providers, global telecom carriers, and Iranian telecom companies that hook all the “plumbing” together to physically connect communication networks.  There are various players in each category, forcing the government to employ blocking and filtering techniques at the Network Infrastructure and Network Carrier levels.  This is the government’s control point.

Since 2009, the Iranian government has steadily advanced its aggressive filtering strategy and upgraded its control over the Internet.  By industry standards, Internet filtering in Iran is elementary.  State-of-the-art filtering technology is expensive and difficult to acquire due to sanctions.  The government has therefore developed indigenous filtering technology – Separ – that it continuously refines, while frequently changing its strategy for blocking Internet access.  At present, government filtering has reached its peak operating capacity, according to Tehran-based industry experts.  A more aggressive filtering operation would require an overhaul of Separ.  Until the government advances its technological capabilities, limited resources will force it to choose what and how to filter internet access – for example, Virtual Private Networks (VPNs) and other incoming connections are currently allowed into Iran, but outgoing connections from inside Iran to the outside world are frequently blocked.  This demonstrates that the government lacks a capacity to combat both, and is forced to develop a filtering strategy based on maximizing its existing capabilities.

Manifestation of Strategy: Iranian Cyber Army

Despite technological limitations, the government has dedicated manpower and resources toward developing a tech-savvy organization to implement its larger strategy.  With a multi-million dollar budget and cadre of thousands, the self-described “Iranian Cyber Army” (ICA) has used standard hacking techniques to wreak havoc on political opposition.  This was demonstrated when the ICA conducted social engineering attacks against prominent reformist websites.  By manipulating network service companies to perform actions and/or divulge information (e.g., obtaining passwords via forged identities), the ICA was able to gain access to DNS records – the Internet switchboard that directs web traffic to/from various data servers.  Hacking DNS records allowed the ICA to re-direct web traffic to mirror sites that are often identical in appearance, and subsequently collect personal information (logins, passwords, etc.) entered into these mirror sites for hacking into additional sites (email, IM, data storage, etc.).  The ramifications cannot be overstated: both rahesabz.net and kaleme.com – the largest opposition website and Mir-Hossein Mousavi’s official website, respectively – were hacked, providing the ICA with access to servers where data was stored; access to email accounts; and identities and personal information of users – no small feat for a government seeking to eliminate its opposition.

Looking Ahead

Industry experts have a solid understanding of the government’s filtering capabilities, but lack the formal support (legal, financial) needed to combat such efforts.  Since 2009, multiple reports indicate that Iran is working to upgrade its existing capabilities.  Its latest technology reportedly seeks to check each information packet that is sent and received via the Internet.  If successful, this would enable the government to block traditional circumvention mechanisms (such as VPNs) created to bypass filtering.  The government is also reportedly increasing “requests” that Iranian companies relocate websites to domestic data centers, and is examining the feasibility of creating a national email account.  Each of these steps demonstrate a larger strategy to create a national intranet – a “halal internet” – whereby the government can monitor, control and censor with greater ease, and external internet access will be significantly restricted.  Producing indigenous search engines and email accounts – tools that allow the Internet to function – will help the government control the physical infrastructure of the Internet itself.  By building filtration mechanisms into the infrastructure, the government will not only increase its control over the flow of information within Iran, but also information coming in and out.  Already restricted in its ability to communicate, this would be a huge – perhaps irreparable – blow to Iran’s internal opposition if the government’s plan succeeds.

Through efforts to create an intranet that does not threaten its monopoly on power, Iran is attempting to take another page from China’s playbook.  In the long run, however, Tehran is unlikely to successfully replicate Beijing’s model or enjoy the same degree of maneuverability.  As such, Tehran’s internet plans are more vulnerable to outside pressure.  Given what is known about this negative trajectory, the international community must re-evaluate its efforts to support Internet freedom in Iran.  Material assistance via e-learning programs will no longer suffice.  International efforts should be commensurate with the challenge: keeping Iranians connected to an unfiltered internet.