Guy Taylor, The Washington Times, 15 February 2018
Iran’s intelligence services have “significantly accelerated” spying on their own citizens in the wake of the recent anti-regime protests that rocked the nation, according to a extensive new investigation being released Thursday by a leading Iranian exile dissident group.
The Paris-based National Council of Resistance of Iran (NCRI) claims the country’s Islamic Revolutionary Guard Corps and Ministry of Intelligence and Security are engaging in “mass surveillance” of protesters and dissidents, employing a web of state-produced mobile phone applications.
The report by NCRI, which fiercely opposed the regime in Tehran but has a record of exposing military and other internal workings of the government, contends that the Islamic Revolutionary Guard Corps (IRGC) has spread its spyware so successfully that “millions of users” outside Iran could be exposed to it.
Thursday’s report claimed an “internal network” of sources tied to the People’s Mojahedin Organization of Iran or MEK — the principal member of the NCRI — has uncovered the regime’s use of “mass surveillance through malicious codes embedded in IRGC mobile apps to actively disrupt the communication of protesters and dissidents.”
“IRGC front companies are developing spyware-enabled apps for cyber-surveillance and repression,” the report said. Some of the apps have succeeded in penetrating platforms promoted by Google and Apple, and are tied to Telegram — the globally popular, cloud-based instant messaging service that was heavily used by demonstrators in the recent round of street protests.
“Through front companies, such as Hanista, the IRGC has created apps such as Mobogram, an unofficial Telegram fork,” the report claimed. “Ironically, some of these spyware-enabled apps are available on Google Play, Apple Store, and GitHub, potentially exposing millions of users worldwide to the IRGC’s spyware and surveillance activities.”
“The IRGC has weaponized western cyber technology to target its own people,” said Alireza Jafarzadeh, the deputy director of the NCRI’s Washington office. “The organization that’s developing these apps is also responsible for the regime’s cyberwarfare against the United States.”
“What the regime is doing is testing the success of these apps on the people of Iran first,” he said. “If not confronted, the next victims will be the people of other nations, and that’s why its so important to react and do something.”
Telegram CEO Pavel Durov has already been on the record warning people about Monogram, asserting via Twitter last July that the app is “an outdated and potentially insecure fork of Telegram from Iran,” and telling followers: “I don’t advise to use it.”
But Mr. Jafarzadeh said Thursday that such warnings are “not enough” and that Telegram should “deny license to those developers who are IRGC people.”
“The ordinary person in Iran doesn’t know any of these things,” Mr. Jafarzadeh said. “They don’t have the tools and can easily fall into this trap.”
He added that the U.S. government should do more to pressure American companies, including Google and Apple from making apps tied to the IRGC available on their platforms.
The NCRI’s claims comes on the same week that the U.S. intelligence community asserted in a new global survey that Iran, along with Russia, China and North Korea, will “pose the greatest cyber threats to the United States during the next year.”
“We assess that Iran will continue working to penetrate U.S. and allied networks for espionage and to position itself for potential future cyber attacks,” said the “Worldwide Threat Assessment” that Director of National Intelligence Dan Coats delivered to Congress on Tuesday, although the primary focus of Tehran cyber attacks will be regional adversaries such as Saudi Arabia and Israel.
The NCRI report said a wave of sometimes violent anti-regime demonstrations that occurred in cities across the country late last year and in early January “sent shockwaves inside the regime.”
With some 48 million of Iran’s 80 million citizens estimated to own smartphones, the report said “mobile devices and social messaging platforms played a significant role in helping the protesters to organize, exchange information between different locales, and get their message out to the rest of the world.”
“The protesters’ use of cyber technology proved to be the regime’s Achilles’ Heel since it could not, despite a huge show of force, stop the expansion of protests,” the report said, forcing the regime to step up its domestic cyberwarfare efforts. Iranian universities have become “a recruiting ground for IRGC cyberwarfare personnel,” the dissident group claimed, with recruits are hired through front companies that “often engage in ‘research’ activities with a few of the IRGC’s ‘handpicked professors.’ “