Iran as a Surveillance State
Over the past two decades, Iran has expanded its cyber capabilities for domestic control, regional influence, and retaliation against adversaries. Leaked data from seemingly hacktivist groups have repeatedly indicated the expansive scope of Iran’s interest and capability to surveil citizens and dissidents. The SIAM network, use of facial recognition, e-government services, surveillance tools, and the Nazer app are only a few prominent examples of Iran’s surveillance apparatus. Despite significant investments in cyber offense, Iran remains susceptible to cyber attacks. Since the Women Life Freedom protests began in September 2022, repeated hacktivist attacks on civilian networks and the subsequent data leaks have illustrated this point. Speculations about the affiliation of these groups continue. At best, they are dissident hackers showing sympathy with protesters. Or these hack-and-leaks are part of a larger intelligence contest by Iran’s adversaries seizing the momentum to spill some of Iran’s best kept secrets.
Iran showcased its surveillance capabilities during nation-wide, pro-democracy protests that erupted following the death of Mahsa Jina Amini in 2022. The protests faced challenges not only from security forces on the ground, but also an extensive state surveillance system that compromised protesters’ physical safety and communication integrity. The government’s tracking of smartphones, identification through device registration numbers, and collaboration with private entities underscored Iran’s far-reaching surveillance capabilities, which continue to impact political dissidents, ethnic and human rights activists, and ordinary citizens.
The private sector’s collaboration with Iran’s security forces in this expansive state surveillance apparatus is particularly worthy of note. Leaked documents from different hacktivist groups indicate a sprawling network of front companies that serve Iran’s Revolutionary Guard Corps (IRGC) and aid the government in suppressing dissent rather effectively despite U.S. sanctions. Previous Hackerwatch reports have underscored these connections and their implications for freedom of speech and other human rights.
Misaligned Priorities Jeopardize Civilians’ Security
Iran’s consistent prioritization of offensive cyber operations over cybersecurity has come at the expense of taxpayers’ money that should otherwise have protected state networks. A prominent example is the repeated intrusion of the payment system of gas pumps nationwide, which had significant economic implications for the public. The scale of intrusion and leaks of the past few years would present a major national security dilemma for any country and prompt investigations to identify the vulnerabilities. But, so far, the Iranian government has only dismissed these attacks as a plot by adversaries and labeled leaked files as fake. Deprioritization of domestic network security, coupled with the lack of good governance in cybersecurity, poses consequences for public resources and the collective right to safety in cyberspace.
Most network breaches of the past few years have not been conclusively attributed to a specific actor. However, a common understanding points to an escalation of cyber activities between Iran and Israel. Both states have been engaged in cyber attacks, accusing each other of orchestrating espionage and sabotage operations. These cyber confrontations serve as a less costly alternative to potential military conflicts, serving mainly as signaling or deterrence mechanisms amid growing tensions. The cyber domain has become a low-intensity battleground for the long-standing hostility between the two nations.
The attacks on Iran’s critical infrastructure, such as the explosion at a steel plant in June 2022, have raised questions about the government’s accountability to protect civilian networks from such invasive effects. Evidence is sparse about possible efforts to investigate and respond to cyber attacks within government bodies. Hackerwatch previously obtained a threat intelligence document prepared for Tehran municipality that elaborated on the details of malware that targeted the institution. The report indicates progress toward investigating and responding to cyber attacks within government bodies. Yet it also raises concerns about Iran’s competence in strategic cyber defense as the report lacks key qualities of threat detection and analysis
Even the involvement of Iran’s Civilian Defense Organization (CDO) to guard civilian networks has not abated criticisms of the government for recent cybersecurity breaches. Despite proposed structural changes and increased budget, doubts persist about CDO’s ability to lead in cybersecurity, especially given its past meager performance.
Not only recent cyber attacks have highlighted Iran’s vulnerabilities and lack of strategy in cyber defense, but they also challenge the National Information Network (NIN), a costly decades-long telecommunications project that aims to reduce reliance on international platforms. Iran’s massive investment in the NIN is being put to the test through recent breaches, underscoring the challenges of centralization without adequately addressing cybersecurity needs.
Moreover, Iran is facing a shortage of expertise in the cybersecurity field. Government agencies often struggle to compete with the private sector for talent. There is also a significant brain drain of IT and cybersecurity professionals in other countries. An increasingly high turnover rate within the private sector leads to a loss of talent to peer companies in Europe, North America, and Australia.
The Path Forward
These developments illustrate the complex challenges that Iran faces in the realm of cybersecurity. Geopolitical tensions, vulnerabilities in civil defense systems, investment priorities, organizational underperformance, and a shortage of expertise all contribute to a misalignment of Iran’s needs, capacity, and motives toward a robust cyber defense ecosystem. The consequences extend beyond the virtual realm. Systematic cyber vulnerabilities impact civilian networks, hinder economic development, and worsen the state of human rights. Addressing these issues requires a strategic realignment of priorities and structural changes in Iran’s cybersecurity technology development and acquisition, policies, and practices.