Inside the negotiations of a sweeping government surveillance program in Iran
Iran has sought to develop an “unprecedented” mobile surveillance system, and discussed setting up the program with a pair of Western companies, according to research out Monday from the University of Toronto’s Citizen Lab.
Based on hacked documents that Citizen Lab verified were authentic, Iran’s ambitions focused on deeply integrating into mobile business systems. “The surveillance and censorship capabilities resulting from this level of integration with mobile service providers cannot be understated,” the report states.
The document trove, primarily covering a period that began in 2018 and goes through 2021, doesn’t definitively indicate whether Iran partially or fully implemented the system, although discussions “appear to have been well-advanced,” according to the researchers. But it does shed light on Iran’s goals against a backdrop of Iran and other oppressive regimes using strong-arm tactics to stifle protesters.
“These documents clearly do reflect an aspiration for an unprecedented surveillance architecture that would have — based on the Iranian regime’s history of suppressing dissent and human rights — led to further human rights violations,” the authors of the report read.
Research on the documents, which the Intercept provided to Citizen Lab, found that the system “would provide the Iranian government with comprehensive information about Iranian subscribers, including personal information of citizens and non-citizens at the time they purchase SIM cards.”
The amount of information Iranian authorities could collect from mobile service providers under the program is sweeping, the researchers found:
- “Who’s communicating with whom, for how long, how often, and where.”
- Internet usage history and phone call/text history.
- The use of phone numbers in specific geographical locations.
- Personally identifiable information like birth certificate and passport numbers.
Also unprecedented: The system would allow authorities to make changes to a user’s phone, such as forcing it onto a slower 2G network.
The primary source of the emails was Ariantel, an Iranian wireless communications services provider.
But the documents reveal negotiations between Iran and several foreign firms:
- PROTEI, a Russia-founded telecommunications vendor.
- Telinsol, a U.K.-based satellite communications consultancy.
- PortaOne, a Canada-based mobile business and support system firm.
Citizen Lab said the emails appeared “to show Telinsol facilitating purchases to support” Ariantel’s launch. A law firm responded to Citizen Lab’s request for comment by saying Telinsol “flatly denies the allegation that it has been involved in activities that would in any way help digital espionage against Iranian citizens” and threatened possible legal action.
PortaOne initially told Citizen Lab that it “does not provide any products or services to or for use in Iran, it has never done business with Iran, Telinsol or Ariantel.” It later said that it did business with an Ariantel-connected Portuguese company, but later canceled the contract and returned its payment.
Neither Telinsol nor PortaOne responded to my requests for comment.
“While businesses may argue that their services are innocuous and not specifically designed for legal interception, this does not absolve them of the responsibility to undertake a human rights due diligence process to identify, prevent, mitigate, and account for how they will address adverse human rights impacts in the context of a potential client,” Citizen Lab’s researchers wrote.
Iran has cracked down harshly on domestic protesters who demonstrated in response to the death of Mahsa Amini while she was in the custody of the nation’s Islamic morality police, who enforce the country’s dress code. Those protests began in September and continue.
Tehran said it will use facial recognition technology to identify women not wearing hijabs. It has stepped up internet censorship and blocked access to tech products like WhatsApp and Skype.
The government has been accessing the social media accounts of protesters it has detained, Katie Polglase and Gianluca Mezzofiore reported last month for CNN.
The trend of eavesdropping on protesters hasn’t been limited only to Iran. My colleagues Cate Cadell and Christian Sheppard detailed extensive surveillance of Chinese protesters objecting to that nation’s covid-19 policies in a story earlier this month.
“Dozens of people who took part in the protests have paid heavily for the dissent, subject to intense surveillance measures and aggressive interrogations in police custody, even as Beijing was shifting to unravel the policies,” the story reads. “Protesters in Beijing and Shanghai describe heightened digital surveillance, strip searches, threats against their families, and being forced into physical duress during interrogation.”
Israelis call for criminal investigation into spyware sold to Myanmar before coup
A complaint filed for more than 60 Israelis accused Cognyte and the Israeli officials who oversee defense technology deals of “aiding and abetting crimes against humanity in Myanmar,” Reuters’s Fanny Potkin and Poppy McPherson report. The complaint was led by lawyer Eitay Mack, who has long sued to decrease the proliferation of Israeli spyware.
“The documents about the deal, provided to Reuters and Mack by activist group Justice for Myanmar, are a January 2021 letter with attachments from Myanmar Posts and Telecommunications (MPT) to local regulators that list Cognyte as the winning vendor for intercept technology and note the purchase order was issued ‘by 30th Dec 2020,’” they write. “Intercept spyware can give authorities the power to listen in on calls, view text messages and web traffic including emails, and track the locations of users without the assistance of telecom and internet firms.”
Thousands have been injured in Myanmar since the country’s military took control in a coup in early 2021. Israel has claimed to have stopped the transfer of defense technologies to Myanmar in the wake of a 2017 ruling by Israel’s top court, according to the complaint.
Cognyte, Myanmar’s military government and the MPT didn’t respond to Reuters’s requests for comment. Israel’s Defense Ministry declined to comment to the outlet, while the country’s attorney general and Foreign Ministry didn’t respond to requests for comment.
North Korean hacking group moved part of its cryptocurrency haul
A cryptocurrency investigator said that the Lazarus Group moved around 41,000 ether ($63.5 million) that it stole during a June hack of blockchain bridge Horizon, CoinDesk’s Shaurya Malwa reports. The U.S. government has said the Lazarus Group is controlled by a North Korean intelligence agency. Blockchain analytics firms have linked the Horizon hack to the hackers.
“The attack drained the service, which enables crypto assets to be traded between the Harmony blockchain and other blockchains, of $100 million worth of crypto, including ether (ETH), tether (USDT) and wrapped bitcoin (wBTC) on the morning of June 24,” Malwa writes. “The Harmony Bridge hack is consistent with other hacks attributed to the Lazarus Group, including the $635 million Ronin Bridge hack in March, which is so far the largest hack in the history of decentralized finance.”
Binance and cryptocurrency exchange Huobi were able to recover 124 bitcoin ($2.6 million), Binance CEO Changpeng Zhao said in a tweet:
We detected Harmony One hacker fund movement. They previously tried to launder through Binance and we froze his accounts. This time he used Huobi. We assisted Huobi team to freeze his accounts. Together, 124 BTC have been recovered. CeFi helping to keep DeFi #SAFU! 🙏
— CZ 🔶 Binance (@cz_binance) January 16, 2023
Ransomware Diaries: Undercover with the leader of LockBit (The Record)
Lawmaker asks CISA to investigate air travel cyber risks following FAA system outage (FCW)
Hackers use fear of mobilization to target Russians with phishing attacks (the Record)
- Principal deputy national cyber adviser Kemba Eneas Walden, U.N. officials and cybersecurity executives are scheduled to speak at an event hosted by Israel’s U.N. mission and cyberdefense agency that starts today at noon.
- Deputy national security adviser Anne Neuberger speaks at the 91st Winter Meeting of The United States Conference of Mayors on Wednesday at 2:30 p.m.
- The ShmooCon hacking conference runs from Friday through Sunday in D.C.
Thanks for reading. See you tomorrow.