By Jubin Katiraie
Numerous reports have been published in recent years which indicate that the regime in Iran is developing ever more sophisticated tactics of cyberespionage and cyber terrorism.
The regime’s hackers have yet to do any real, large-scale damage, but through years of practice, they have been able to gradually chip away at foreign adversaries online, gaining access to data and promoting confusion and uncertainty about essential aspects of Iranian affairs and Iran policy.
Most of Tehran’s known cyber activities consist of phishing schemes, in which messages are sent to targets under false pretenses, with the intention of tricking them into downloading malware or sharing information that allows hackers to gain access to their accounts. When they are successful, the hackers can then tap into the initial target’s contact lists, harvesting data along the way, and developing a broader understanding of professional and social networks that include Iranian activists and international policymakers who have taken a hardline with the clerical regime.
This knowledge alone may have a significant impact on the regime’s decisions about prospective targets for domestic repression and foreign terrorism, as well as about where and how its hackers might look for even more sensitive and difficult-to-access information. But even putting aside the potential snowball effect of Iranian cyber activities, recent events have demonstrated that the messages used in phishing schemes can have their own value to the regime’s fight against threats to its hold on power.
The National Council of Resistance of Iran recently identified a series of phishing messages that appeared to originate with Iran’s Ministry of Intelligence and Security. Many of these messages demonstrated a clear effort to capitalize on existing political support for the NCRI and its main constituent group the People’s Mojahedin Organization of Iran (PMOI-MEK). And while it goes without saying that part of the intent behind those messages was to assemble a fuller list of those groups’ actual and potential supporters, the NCRI also tied them to a larger scheme to spread disinformation about the MEK by impersonating its representatives online or recruiting disgraced former members.
This latter tactic factors into the regime’s efforts to manipulate traditional media in an effort to demonize or delegitimize Iran’s democratic Resistance movement. In just the past two years, multiple articles have found their way to publication in prominent legitimate outlets despite conveying talking points that were ultimately sourced from Iranian intelligence operatives. But several of these publications have met with successful legal challenges from the NCRI, including one that was decided in June by Hamburg Regional Court, against the German daily Frankfurter Allgemeiner Zeitung.
The article featured familiar rumors about the hierarchy and goings-on at a compound that now houses MEK members in Albania. Tehran had previously set its sights on the destruction of that community in Iraq and succeeded in killing several dozen residents. The relocation to Albania thus came to be viewed as a significant loss for the regime in its fight against the Resistance movement, for which regime has attempted to compensate in other ways.
As the MEK itself describes the situation, this is just the continuation of a longstanding pattern, whereby propaganda and disinformation have deployed as an alternative for multiple failed attempts to destroy the Resistance outright. In 1988, MEK affiliates comprised the overwhelming majority of the 30,000 political prisoners who were executed in a single summer, following a fatwa from Ayatollah Khomeini. And over the course of 30-some years, the organization’s list of martyrs grew to include more than 120,000 names as a result of the regime’s executions, terrorist attacks, targeted assassination, and assaults.
“In four decades of its rule, the regime has failed to physically annihilate” the opposition, said the MEK in a statement on its website responding to recent court victories and the underlying false reports in Western media. “Therefore it has resorted for over two decades to disinformation campaigns and spreading lies in order to mislead the public opinion on Iran’s democratic alternative.”
Despite the effectiveness of the NCRI’s recent and ongoing legal challenges, these campaigns appear to still be far away from being defeated altogether. It is therefore incumbent upon legitimate media outlets and the entire international community to be on guard against the types of false claims that have been retracted in accordance with court orders. Inevitably, some repetitions of the offending rumors will avoid such orders and will slip into the public consciousness unless they are actively countered by more accurate information.
This danger is made all the more prominent by the growing sophistication of Iranian hacking and cyberespionage. The regime is increasingly capable of sending messages directly to would-be supporters of the MEK, which either explicitly or subtly legitimize the false claims that have fueled Tehran’s campaigns for so long.
The NCRI’s report on recent Iranian phishing schemes notes that in at least one case, intelligence operatives sent a message impersonating the coalition’s president, Maryam Rajavi. The immediate purpose of the message seemed to be to exert pressure on government officials identified in it, forcing them to either reverse course on initiatives that were falsely associated with the MEK, or else face ouster from the regime on the basis of that invented affiliation.
It is easy to imagine how similar tactics could be used to manipulate public opinion throughout the world, as by creating false links between the MEK and other groups or individuals which might help to revive long-since debunked claims about terrorist operations having been directed by the Resistance.
Ironically, one of Tehran’s latest phishing messages effectively highlighted this fact when it attempted to attract attention from Resistance advocates with a headline about Free Iran “2020 Grand Gathering” in support of regime change and a Free Iran.
The event in question is the latest iteration of an international rally usually held near the NCRI’s headquarters in France. But this year, in consideration of the coronavirus pandemic, it will be held online, prioritizing remote access for anyone who wishes to participate or hear directly from Iranian dissidents and activists about their platform, their tactics, and the clerical regime’s history of repression and disinformation.
Any policymaker or reporter who has ever received unsolicited communications about the MEK may use this opportunity to check the content of those communications against the group’s own words and deeds. Such scrutiny is more important than ever because Iran is in a period of virtually unprecedented unrest. And with MEK “resistance units” having led that unrest at least since the start of a nationwide uprising in December 2017, the Iranian regime has enormous incentives to demonize the Resistance movement by any means necessary.