Over the past decade, the Islamic Republic of Iran has been targeted by continual intrusion campaigns from foreign actors that sought access to the country's nuclear facilities, economic infrastructure, military apparatus, and governmental institutions for the purpose of espionage and coercive diplomacy. Similarly, since the propagandic defacements of international communications platforms and political dissident sites conducted by an organization describing itself as the "Iranian Cyber Army" beginning in late 2009, Iranian actors have been attributed to a recurrent campaigns of intrusions and disruptions of private companies, foreign government entities, domestic opposition, regional adversaries and international critics. The intent of the CNO activities is not always discernable based on the tactics used or the data accessed, as the end implications of the disclosure of particular information is often distant and concealed. Where such intent is made evident, the reasons for Iranian intrusion campaigns range from retaliatory campaigns against adversaries, as a result of identifiable grievances, to surveillance of domestic opposition in support of the Islamic Republic establishment. Iranian intrusion campaigns have also reflected an interest in internal security operations against active political movements that have historically advocated for the secession of ethnic minority provinces or overthrow of the political establishment through violence. However, Iranian intrusion sets appear to be primarily interested in a broader field of challenges to the political and religious hegemony of the Islamic Republic. Previous reports on Iranian campaigns have referred to the targeting of Iranian dissident. However, in practice those targeted range from reformists operating within the establishment from inside of Iran to former political prisoners forced out of the country.
Across the records of hundreds of intrusion attempts of campaigns conducted by a distinct sets of actors, distinct patterns emerge in the types of individuals and organizations targeted by Iranian actors by internal security operations: high-profile individuals and organizations, such as journalists, human rights advocates or political figures, with extensive relationships and networks inside of Iran; members of the diplomatic establishment of Iran, and former governmental officials under previous administrations; adherents to non-Shia religions, participants in ethnic rights movements, or members of anti-Islamic Republic political organization; academics or public policy organizations critical of the Iranian government; cultural figures that promote values contrary to the interpretation of Islamic values promoted by the establishment; organizations fostering international collaboration and connections with the current Iranian administration; and international organizations conducting political programmes focused on Iran through funding by governmental agencies. In this presentation we will analyze in depth the results of several years of research and investigation on the intrusion activities of Iranian threat actors, particularly engaged in attacks against members of civil society.
Claudio Guarnieri is a security researcher mostly specialized in the analysisof malware, botnets and computer attacks in general. He's a core member of TheHoneynet Project as a research fellow at the Citizen Lab, University ofToronto. He created the open source malware analysis software Cuckoo Sandboxand Viper and runs the Malwr free service. He published abundant research onbotnets and targeted attacks and presented at conferences such as Hack In TheBox, BlackHat, Chaos Communication Congress and many more. In recent years hedevoted his attention especially to issues of privacy and surveillance andpublished numerous articles on surveillance vendors such as FinFisher andHackingTeam with the Citizen Lab as well as on NSA/GCHQ and Five Eyessurveillance capabilities with The Intercept and Der Spiegel. He has beenselected among the 50 persons of the year 2014 by Wired Italy, he receivedwith the Citizen Lab the EFF Pioneer Award 2015, and has been selected byForbes among the 30 Under 30 honorees for 2016. He continuously researches andwrites on government surveillance and threats to journalists and dissidentsworldwide and supports human rights organisations with operational securityand emergency response.
Collin Anderson is a Washington D.C.-based researcher focused on measurementand control on the Internet, including network ownership and accessrestrictions, with an emphasis on countries that restrict the free flow ofinformation. These efforts have focused on monitoring the international saleof censorship equipment, identifying harm in disputes between networkoperators, exploring alternative means of communications that bypass normalchannels of control, and applying open data to shed new light on increasinglysophisticated restrictions by repressive governments.