Read The Intercept report written by Sam Biddle and Murtaza Hussain in English and in Persian.
Internet shutdowns and online restrictions are well established methods of suppression in Iran, and there is evidence to suggest that authorities are now using an array of technologies to assist them in implementing their crackdowns. Just this week we have seen localized internet shutdowns in several provinces across Iran amid protests, which were accompanied by the use of lethal force by authorities against protestors leading to a number of deaths and injuries.
The extremely opaque nature with which the Iranian government operates, however, leaves us with many unanswered questions regarding the specific technologies they use to control the free flow of information and monitor their citizens, making it difficult to know how to counter them.
A report published on Friday, October 28th (Persian available here) by The Intercept – based on documents provided to them by an individual claiming to have hacked the Iranian mobile network operator Ariantel – may provide us with a rare window into the more insidious and dangerous tools used by authorities for surveillance and control via a system known as “SIAM,” which is available to Iran’s Communications Regulatory Authority (CRA).
This article aims to provide a brief overview of the content of The Intercept’s report below.
SIAM has been described as “a computer system that works behind the scenes of Iranian cellular networks, providing its operators a broad menu of remote commands to alter, disrupt, and monitor how customers use their phones.” The system is said to be available to the CRA – who operate under Iran’s ICT Ministry – who per “rules and regulations” must be given “direct access to their [telecom operator’s] system for query customers information and change their services via web service,” according to an English language document received by The Intercept.
SIAM is said to have as many as “40 features”, one of which is throttling mobile internet speeds and downgrading mobile connections from 3G and 4G networks to a 2G connection through a “Force2GNumber” command. This method can not only dramatically reduce internet speeds – making the use of the internet on this type of connection essentially useless – but also a 2G network “generally does not encrypt data or uses outdated encryption methods.” This means that such a network connection is less secure compared to more secure 4G and 5G connections leaving users more vulnerable to surveillance and snooping.
Other concerning capabilities provided by SIAM include location tracking of mobile devices, which can allow authorities to identify which mobile phone numbers are connecting to specific cell towers through each mobile phone’s unique IMEI number. Given that SIM cards are registered to individuals in Iran, this can expose personally identifying data such as name, address, and national ID number. SIAM is also said to be able to give its user(s) the ability to collect “comprehensive Call Detail Record, including the date, time, duration, location, and recipients of a customer’s phone calls during a given time period,” in addition to a “list of websites and other IP addresses a customer has connected to, the time and date these connections took place, the customer’s location, and potentially the apps they opened.”
We have already seen several reports during the current protests and from protests in previous years from people inside Iran who have received text messages from government authorities and security forces after having attended protests or after having been in geographical proximity of protest areas, warning them not to attend protests or demonstrations.
According to Cyber Security expert Amir Rashidi the use of VPNs in Iran can also be exploited by SIAM: “The government can easily identify IP addresses in use by a particular VPN provider, pass the addresses to this location function, and then see where the people are who are using this VPN.”
The Intercept’s report goes into greater detail on the capabilities explained above and on SIAM’s additional functions. While the documents shared with the Intercept “don’t mention SIAM’s use against protesters or any other specific target”, there is ample evidence to suggest that authorities have used SIAM extensively in their crackdowns, including localized throttling of mobile internet speeds to tracking user locations. Such tools allow authorities to continue their violent and brutal crackdown against any form of dissent with greater ease and precision, posing major dangers to those inside Iran who are risking their lives to demand basic and fundamental human rights. The international community should pay close attention to SIAM as it provides a rare glimpse into how Iranian authorities maintain and enhance their systems of surveillance and oppression both online and offline.
