Revelations about the cyber attacks targeting the Iranian regime's nuclear program have rightfully grabbed headlines recently, but what about the Iranian regime's use of the Internet to tighten its stranglehold on its own people?
David Sanger's new book, Confront and Conceal, reviewed last week in the New York Times is a must read that will be on the night stands of the disparate, and often bickering, opponents of the government in Iran. And while President Obama and others in both the American and Israeli security establishment should be commended for a stunning achievement in slowing down the Iranian nuclear program, these various secret programs --"Olympic Games," and most recently "Flame" -- and "Stuxnet" -- represent only half the story of Iran and the Internet.
In fact, far from being the bumbling and easily duped victims of the West's superior technological prowess, the Iranian government's online sophistication is unfortunately much more developed, and dangerous, than most anyone outside of Iran realizes.
It seems particularly important to recognize the Iranian regime's threat to an open Internet as we prepare to mark the third anniversary of protests against 2009's fraudulent Iranian presidential elections. These protests came to the attention of the outside world largely because of social media platforms like Facebook and Twitter. Both of these tools also served as important devices to organize opposition to the government inside of Iran.
The role that the Internet and social media played in both organizing and publicizing the events of 2009 was certainly not lost on the regime. This is clearly evidenced by the intense crackdown on Internet freedom that the regime has pursued since then. This crackdown has manifested itself in a variety of ways, and evidence of it is available for all to see. For example:
A Cyber Weapon Targets Dissent: In late May Morgan Marquis-Boire from Citizen Lab at the University of Toronto revealed elements of a cyber campaign targeting Iranian and Syrian dissidents. The specifics of the Citizen Lab report are disturbing, and they shine a light onto broader Iranian practices on the web. Marquis-Boire revealed a malicious code embedded into one of the popular web tools used by everyday Iranians to circumvent government-imposed restrictions on access to the World Wide Web. The infected software, known as "Simurgh", is a so-called "proxy" that has been used extensively by Iranian citizens to bypass increasing Internet censorship since 2009.
The software, which is packaged in a small file for easy downloading in a country where the regime deliberately slows access speeds, allows Iranian Internet users to establish secure Internet connections originating in countries outside of Iran. That is, as long as users aren't using the proxy software with a "backdoor" embedded in it. The piece of malicious code is one that would allow its producers to monitor infected computers for all types of usage. While the code hasn't been connected directly to the Iranian regime, it is reasonable to assume that the targeting of Iranian dissidents reveals the regime as the source.
Part of The Larger and Stepped Up Cyber War Against Its People: This is far from an isolated incident, and this type of activity has become standard practice for the Iranian regime since 2009. The range of online offenses is truly astounding; including everything from limiting Internet connection speeds in order, some say, to discourage web usage, to hacking private communications and compromising otherwise secure communications channels. The Iranian regime is even threatening to cut the entire country off from the web. In order to fully appreciate the depth and breadth of these violations we undertook a thorough review of the regime's activities and compiled them into a forthcoming white paper analyzing the regime's violations of Internet freedom. We found that Iran's violations fall into four broad categories. These categories are censorship via both legislative and constitutional means, the active monitoring and filtering of the Internet, deliberate tampering with the infrastructure of the web, and the dissemination of false and deceptive information.
Given these practices, it is no wonder that organizations like the Open Net Initiative and Freedom House have consistently categorized Iran as one of the worst violators of Internet freedom. So remember, the next time you hear a story about the Iranian regime and cyber warfare that Iran is more the aggressor than the victim -- and more often than not, those victims are everyday Iranians. We cannot turn our backs on average people seeking what people all over the world seek from the Internet; information, entertainment, opportunities for self-expression, and even political activism.