How Anonymous and other hacker groups are helping the protests in Iran

Anonymous and other global hacking groups are involved in a multi-pronged cyber attack on Iran, joining the fight with protesters on the ground to resist the country’s strict hijab laws.

Thousands of amateur hackers have organized online to orchestrate cyberattacks on Iranian officials and institutions, as well as share tips on how to overcome the limits of Internet access using privacy-enhancing tools.

Internet access in Iran has been extremely limited in recent weeks following protests that erupted over the death of Mahsa Amini, a 22-year-old Iranian Kurd.

Amini died in a Tehran hospital under suspicious circumstances on September 16 after she was arrested by Iran’s so-called “morality police” for allegedly violating the country’s strict Islamic dress code by wearing her hijab too loosely.

Eyewitnesses say Amini was beaten by the police. Iranian authorities denied any wrongdoing and claimed Amini died of a heart attack.

Iran’s foreign ministry did not respond to CNBC’s request for comment. On Monday, Iran’s Supreme Leader Ayatollah Ali Khamenei made his first public remarks on the protests, backing the police and blaming the riots on “foreign interference” from the US and Israel.

On September 25, Anonymous, the international hacktivist collective, claimed to have hacked into the Iranian parliament’s database, obtaining the personal information of lawmakers.

A YouTube account allegedly linked to the group said the Iranian assembly had been hacked.

“The Iranian parliament is supporting the dictator when it should be supporting the people, that’s why we’re releasing everyone’s personal information,” they said, their voices distorted in a manner typical of the cyber gang.

On the Telegram messaging app, Atlas Intelligence Group, another hacking group, says it leaked phone numbers and email addresses of Iranian officials and celebrities, a tactic known as “doxing.”

It also offered to sell apparent location data to the Islamic Revolutionary Guard Corps, a branch of Iran’s armed forces, according to Check Point, which documents hacktivist efforts in Iran.

Groups linked to Anonymous say they also released data purporting to come from various government agencies, ministries and agencies – as well as a university – and claimed responsibility for hacks on the Iranian presidency, central bank and state media.

While it is difficult to verify the hackers’ claims, cyber experts said they have seen many signs of disruption in Iran by vigilante hackers.

“We’ve seen some indications of government websites being taken offline by hackers,” Liad Mizrachi, a security expert at Check Point Research, told CNBC. “Primarily we’ve seen this done through distributed denial of service (DDoS) attacks.

In a DDoS attack, hackers overload a website with large amounts of traffic to make it inaccessible.

“Mandiant can confirm that several of the services claimed to be down were offline at various times and in some cases remain unavailable,” Emiel Haeghebaert, a threat intelligence analyst at the cybersecurity firm, told CNBC.

“Overall, these DDoS and Doxing operations may increase pressure on the Iranian government to pursue policy changes,” he said.

Regarding Anonymous’ involvement, Haeghebaert noted that it was “consistent with activity” previously attributed to affiliates of the organization. Earlier this year, Anonymous launched a series of cyberattacks on Russian entities in response to Moscow’s unprovoked invasion of Ukraine.

Hacking groups are encouraging Iranian citizens to bypass Tehran’s internet blockade by using VPNs (virtual private networks), proxy servers and the dark web — techniques that allow users to hide their online identities so they can’t be tracked by providers Internet Service Providers (ISPs). .

On messaging app Telegram, a group with 5,000 members is sharing details of open VPN servers to help citizens bypass Tehran’s internet blockade, according to cybersecurity firm Check Point, which has been documenting hacktivist efforts in Iran.

A separate group, with 4,000 members, distributes links to educational resources about using proxy servers, which funnel traffic through an ever-changing community of computers run by volunteers to make it harder for regimes to restrict access.

As dissent grew in the Islamic Republic, the government moved quickly to restrict internet connectivity and block access to social media services such as WhatsApp and Instagram, in an apparent attempt to stop videos of police brutality from being shared online.

At least 154 people have been killed in the Iranian government’s crackdown since Sunday, according to the independent and non-governmental Iran Human Rights Group. The government has reported 41 deaths.

Web security company Cloudflare and Internet monitoring group NetBlocks have documented several examples of outages in telecommunications networks in Iran.

“It’s been really hard to be in touch with friends and family outside of Iran. The internet is messed up here, so sometimes we can’t communicate for days,” a young professional in Tehran told CNBC via Instagram message, requesting anonymity due to fear for his safety.

“I have limited access to Instagram, so I’m using that for now” to communicate with people, he said, adding that he and his friends rely on VPNs to access social media platforms.

It is believed to be one of the worst blackouts in Iran since November 2019, when the government restricted citizens’ access to the internet amid widespread protests over fuel price hikes.

“THEY SHUT THE INTERNET TO HIDE THE KILLING. BE OUR VOICE,” read several videos and posts widely shared by Iranian activists on social media, along with footage of street protests and police violence.

Digital freedom activists are also trying to teach Iranians how to access the Tor browser, which allows users to connect to regular websites anonymously so their ISPs can’t tell what they’re browsing. Tor is often used to access the “dark web,” a hidden part of the Internet that can only be accessed with special software.

“This is not the first time we have seen actors involved in Iranian affairs,” Amin Hasbini, director of global research and analysis at cybersecurity firm Kaspersky, told CNBC.

Lab Dookhtegan, an anti-Iranian hacking group, is known to have leaked data it claims belongs to Iranian cyber espionage operations on Telegram, for example. A report from Check Point last year detailed how Iranian hacking groups targeted dissidents with malware to track them.