How ‘Anonymous’ and other hacking groups are aiding protests in Iran

Anonymous and other global hacker groups are involved in a multi-pronged cyberattack on Iran, joining the fight with local protesters to oppose the country’s strict hijab laws.

Thousands of amateur hackers have organized online to orchestrate cyberattacks on Iranian officials and institutions and offer tips on how to use privacy-enhancing tools to circumvent internet access restrictions.

Internet access in Iran has been severely restricted in recent weeks after protests erupted over the death of Mahsa Amini, a 22-year-old Kurdish woman from Iran.

Amini died in hospital in Tehran on September 16 under suspicious circumstances after being arrested by Iran’s so-called “morality police” for allegedly violating the country’s strict Islamic dress code by wearing her hijab too loosely.

Eyewitnesses say Amini was beaten by the police. Iranian authorities have denied any wrongdoing and claim that Amini died of a heart attack.

Iran’s foreign ministry did not respond to a CNBC request for comment. On Monday, Iran’s Supreme Leader, Ayatollah Ali Khamenei, made his first public statements on the protests, endorsing the police and blaming “foreign interference” from the US and Israel for the unrest.

On September 25, Anonymous, the international hacktivist collective, claimed to have broken into the Iranian parliament’s database to obtain lawmakers’ personal information.

A YouTube account allegedly linked to the group said the Iranian congregation was hacked.

“Iran’s parliament supports the dictator when it should support the people, so we’re releasing everyone’s personal information,” they said, their voice changing in a manner typical of the cyber gang.

On the messaging app Telegram, another hacking group, Atlas Intelligence Group, says it has leaked phone numbers and email addresses of Iranian officials and celebrities, a tactic known as “doxing.”

It also offered to sell apparent location data of the Islamic Revolutionary Guard Corps, a branch of Iran’s armed forces, according to Check Point, which documents hacktivist efforts in Iran.

Anonymous affiliated groups say they also released data purportedly from various government services, ministries and agencies — as well as a university — and claimed responsibility for hacks at Iran’s presidency, central bank and state media.

While it’s difficult to verify the hackers’ claims, cybersecurity experts said they’ve seen numerous signs of vigilante hackers disrupting Iran.

“We’ve observed some signs of government websites being taken offline by hackers,” Liad Mizrachi, security researcher at Check Point Research, told CNBC. “Predominantly we’ve seen this happen through Distributed Denial of Service (DDoS) attacks.”

In a DDoS attack, hackers overload a high-traffic website to make it inaccessible.

“Mandiant can confirm that several of the alleged disrupted services were offline at various times and in some cases remain unavailable,” Emiel Haeghebaert, a threat intelligence analyst at the cybersecurity firm, told CNBC.

“Taken together, these DDoS and doxing operations could increase pressure on the Iranian government to make policy changes,” he said.

Regarding Anonymous’ involvement, Haeghebaert noted that it “consistent with activities” previously credited to affiliates of the organization. Earlier this year, Anonymous launched a series of cyberattacks on Russian companies in response to Moscow’s unprovoked invasion of Ukraine.

Hacker groups are encouraging Iranian citizens to bypass Tehran’s internet blockade by using VPNs (Virtual Private Networks), proxies, and the dark web – techniques that allow users to disguise their online identities so that they cannot be accessed by internet service providers ( ISPs) can be traced. .

On the messaging app Telegram, a 5,000-member group is sharing details about open VPN servers to help citizens bypass Tehran’s internet blockade, according to cybersecurity firm Check Point, which documents hacktivist efforts in Iran.

A separate 4,000-member group distributes links to educational resources about the use of proxy servers, which tunnel traffic through an ever-changing community of computers run by volunteers to make it difficult for regimes to restrict access.

As dissent grew in the Islamic Republic, the government quickly moved to throttle internet connections and block access to social media services like WhatsApp and Instagram in an apparent effort to prevent footage of police brutality from being shared online will.

At least 154 people have been killed in Iranian government raids as of Sunday, according to the independent and non-governmental Iran Human Rights Group. The government has reported 41 deaths.

Web security company Cloudflare and internet surveillance group NetBlocks have documented several examples of telecommunications network disruptions in Iran.

“It was really difficult to keep in touch with friends and family outside of Iran. The internet is messed up here so sometimes we can’t communicate for days,” a young professional in Tehran told CNBC via an Instagram message, pleading for his security for fear of anonymity.

“I have limited access to Instagram so I’m using that for now” to contact people, he said, adding that he and his friends rely on VPNs to access social media platforms.

It is believed to be one of Iran’s worst internet outages since November 2019, when the government restricted citizens’ access to the internet amid widespread protests over fuel price hikes.

“THEY SHUT DOWN THE INTERNET TO HIDE THE KILLING. BE OUR VOICE,” read several videos and posts widely shared by Iranian activists on social media, along with footage of street protests and police violence.

Digital freedom activists are also trying to teach Iranians how to access the Tor browser, which allows users to connect to regular websites anonymously so their ISPs can’t tell what they’re browsing. Tor is often used to access the “dark web,” a hidden part of the internet that can only be accessed with specialized software.

“It’s not the first time we’ve seen actors involved in Iranian affairs,” Amin Hasbini, director of global research and analysis at cybersecurity firm Kaspersky, told CNBC.

Lab Dookhtegan, an anti-Iran hacking group, is known for leaking data allegedly related to Iranian cyber espionage operations on Telegram, for example. A Check Point report last year detailed how Iranian hacker groups used malware to target dissidents to monitor them.