Washington, DC, 15 February 2018—In a press conference in its Washington, DC office, the National Council of Resistance of Iran revealed new details about how the Islamic Revolutionary Guards Corp (IRGC), and the Ministry of Information and Security (MOIS), have been using cyberwarfare against the people of Iran, in a bid to counter the recent outbreak of popular unrest. NCRI said that a new wave of domestic cyberwarfare, led by the IRGC in collaboration with the MOIS, accelerated significantly after the recent eruption of nationwide protests in Iran.
The internal network of the main opposition People’s Mojahedin Organization of Iran (MEK/PMOI), which is the principal member of the National Council of Resistance of Iran (NCRI), has established that the regime has focused all its energy on mass surveillance through malicious software embedded in IRGC mobile apps, designed to actively monitor and disrupt the communication of protesters and dissidents. The latest popular uprising in Iran against the ruling theocracy erupted on December 28, 2017 and spread to 142 towns and cities with breakneck speed. The protests sent shockwaves through the regime and around the world. Many policy experts now view the revolt as a “landmark event” and a “turning point” since the regime’s establishment in 1979. The protesters’ use of cyber technology proved to be the regime’s Achilles ‘heel, rendering it incapable, despite a huge show of force, of stopping the expansion of protests. Beginning on the second day, the protests expanded in size and scope due to pre-announced locations and times, even as the regime desperately cut off access to the Internet and blocked key mobile apps such as Telegram at considerable financial and political cost as well as international embarrassment, NCRI said.
Alireza Jafarzadeh, the deputy director of the NCRI’s Washington office a block away from the White House, presented the NCRI findings at the press conference, saying, “The IRGC has weaponized western cyber technology to target its own people, who are engaged in the uprising to free their country.” Jafarzadeh said that the homegrown marketplace Café Bazaar, modeled after Google Play, is monitored by the IRGC.
According to the Mujahedin-e Khalq (MEK) sources in Iran, through front companies such as Hanista, the IRGC has created apps such as Mobogram, an unofficial Telegram fork. The IRGC uses the malware embedded in Mobogram to spy on, identify, threaten and eventually arrest the protesters who used Mobogram during the uprising. The malicious codes are undetected by the mobile users. If Mobogram is installed by an administrator of a Telegram channel on his/her phone, the malicious code allows the IRGC to gain full access to the entire list of that channel’s subscribers. Ironically, some of these spyware-enabled apps are available on Google Play, Apple Store, and GitHub, potentially exposing millions of users worldwide to the IRGC’s spyware and surveillance activities. “The same cyber unit of the IRGC Intelligence Organization that is involved in the development of the spyware-enabled apps is also responsible for the regime’s cyber-warfare against the West and the countries in the region,” Jafarzadeh added. The IRGC-developed mobile apps are accessible on global markets, in clear violation of U.S. sanctions, including executive orders 13606, which prohibits facilitating the Iranian regime’s ‘computer and network disruption, monitoring, and tracking,’ as well as 13224, which prohibits providing any assistance to entities associated with the IRGC, the NCRI-US’s deputy director explained.
Jafarzadeh urged the international community to take appropriate measures to pressure the regime and stand on the side of the Iranian people. “The U.S. Government needs to adopt a much tougher policy regarding the rogue behavior of the Iranian regime, including the IRGC’s cyber warfare,” he warned. “The Iranian regime is currently hard at work testing the success of these apps on the people of Iran first. If not confronted, its next victims will be the people of other nations.”
Video of the conference: