For years, opposition to the Islamic Republic’s censorship focused on blocked websites, social media, and messaging apps. But new evidence shows these restrictions now extend to text messages (SMS), one of the oldest and most dependable ways to communicate.
The discovery of a system for filtering and manipulating SMS messages reveals a new kind of digital rights violation, allowing the government to control people’s communications even when the internet is shut down or disrupted.
The filtering of SMS messages is particularly significant. Research by Filterwatch shows that in recent months, the government has been blocking text messages from certain apps, like social networks and messengers. This has stopped people from installing these apps, because they can’t get the SMS activation code needed to set them up. If someone deletes the app — even by accident — they can’t reinstall it unless they use a non-Iranian phone number. That not only violates their right to access the internet, but can also mean losing saved data, chats, and contacts. In this way, SMS filtering goes beyond a technical measure, and becomes a deliberate tool to cut people off from essential communication.
The rise of companies tasked with designing filtering infrastructure has been gaining momentum in Iran. A clear example is Peyk-Asa, a company that uses advanced technologies to play a key role in engineering filtering and SMS monitoring systems. This report, based on documents leaked by the hacking group DDoSecrets, takes a deep dive into the company’s filtering machine and the pivotal role of its founder, Rasoul Jalili.
Key Findings:
- Hacked documents from the telecom company ArianTel show that in 2021, Peyk-Asa — a company sanctioned by the U.S. since 2012 for helping censor the internet — proposed a detailed plan to massively monitor and filter text messages. The plan offered advanced tracking and control tools for security agencies and mobile providers.
- Peyk-Asa was founded by Rasoul Jalili, a member of the Supreme Council of Cyberspace. Through projects like Amn-Afzar Gostar Sharif, the company has aligned itself with the government’s technical and policy-making framework for censorship, extending from Sharif University to the broader state apparatus.
- Peyk-Asa’s proposed system provides a powerful infrastructure for widespread SMS surveillance. Especially during internet disruptions, this tool extends government control to SMS communications, placing citizens’ freedom of communication at serious risk.
On January 16, 2024, the hacking group DDoSecrets publicly leaked emails from the telecommunications company ArianTel. Among these documents is a file revealing that Peyk-Asa had proposed a solution called “Evolved SMS Policy Maker.” From a technical standpoint, this is a comprehensive and powerful system for managing SMS traffic that can be turned into a tool for complete control over the flow of SMS information.
Its key features—including content filtering, real-time and offline monitoring, message quantity limitations, location-based surveillance, and the ability to create exceptions—make this solution a serious threat to user privacy and freedom of expression. The system gives the operator and relevant authorities an unprecedented level of control over SMS communications.
According to official documents from the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC), Peyk-Asa has been under the IRAN-TRA sanctions program since 2012. In the official OFAC documentation, what’s particularly significant is the trail of Rasoul Jalili, the company’s founder. His email address, [email protected], and the company’s address near Sharif University of Technology shed more light on the company’s structure, connections, and position within the state’s censorship network. This pattern echoes Jalili’s established ties to companies linked to Sharif University.
The Rise of Peyk-Asa from Sharif University
Peyk-Asa, alongside companies like Tanzimyarsherif Technologies, Amn-Afzar Gostar Sharif, and the Raya Sharif Security Research Institute, is part of a network where Rasoul Jalili plays a key role as a designer and manager for providing the infrastructure for digital repression in Iran.
The company’s origins trace back to the winter of 2000, when a group led by Rasoul Jalili at Sharif University’s Faculty of Computer Engineering began designing the first Short Message Service Center (SMSC) for Iran. This group was officially registered as Peyk-Asa Company in June 2005.
From its inception, Peyk-Asa was at the heart of strategic projects related to communications control. Its products were rapidly installed and implemented within the infrastructure of Iran’s main mobile operators—including Hamrah-e Avval, Irancell, Rightel, and Taliya—as well as provincial telecommunications companies.
In 2018, with the registration of the BenTech technology holding company, Peyk-Asa was listed as one of its subsidiaries. BenTech operates in the fields of telecom, data and intelligence, media, and fintech, with other subsidiaries like Asanak (digital marketing and value-added fixed-line services) and Pakpay (payment and fintech services) also under its umbrella.
Rasoul Jalili and His Role in Digital Repression
Rasoul Jalili has played a central role in designing and implementing Iran’s digital repression infrastructure. He has held key positions as the head of Sharif University (until 2023), a member of the Supreme Council of Cyberspace (appointed by the Supreme Leader since 2011), and a leader within security institutions and multiple cybersecurity firms.
From 2011 to 2022, Jalili was an almost constant presence in Peyk-Asa’s management. He served as the company’s CEO from December 2011 to December 2013, after which he played a key role as a member and chairman of the board of directors. This period directly overlaps with the U.S. government’s decision to sanction both Peyk-Asa and Rasoul Jalili for their involvement in internet censorship and the violation of Iranian citizens’ rights.
The company’s executive management is currently led by Ebrahim Jalili, who has been the CEO and vice-chairman of the board since February 2024.
According to the company’s own claims, Peyk-Asa’s products have been widely deployed within the country’s telecommunication network since its early years. This extensive presence, combined with Rasoul Jalili’s strategic responsibilities within internet restriction policymaking bodies, has given the company the ability to monitor and enforce filtering policies on a national scale.
In December 2024, following repeated reports about his activities in the field of filtering, Jalili issued a statement—which was published on social media and by news outlets such as Tabnak—in which he asserted that “neither Amn-Afzar nor Peyk-Asa filters anything or sells Internet censorship circumvention tools.”
Detailed Analysis of Peyk-Asa’s SMS Filtering Plan
Despite Rasoul Jalili’s denials, Peyk-Asa’s role in providing filtering infrastructure is well-documented. In October 2021, the company presented a proposal titled “PA-Evolved SMS Policy Enforcer,” which laid out a comprehensive plan for the organized control and filtering of SMS messages for the Iranian government. This centralized system is designed to monitor, filter, and block all user SMS communications—including those within a single operator, between different operators, and international roaming—at the discretion of monitoring agencies.
Peyk-Asa introduced this plan with the claim of adhering to “international standards,” but it is, in reality, a sophisticated censorship machine. The document’s repeated emphasis on “security considerations” throughout the analysis, design, implementation, and operation stages—including the use of HTTPS, database restrictions, software firewalls, and security tests—is an attempt to legitimize a system intended to be the backbone of the government’s SMS surveillance.
The proposal also outlines an accelerated 8-week timeline for familiarization, design, implementation, and integration, which suggests the company’s technical and infrastructural readiness to deliver a mass communication control tool immediately. The proposal even includes training courses for the client (government agencies) on topics like Docker, Kubernetes (tools for automated management of large-scale software systems), Zabbix (a tool for real-time monitoring of servers and networks), and alarm management. This training would enable the agencies to independently control and manage the surveillance infrastructure in the long run.
Financially, Peyk-Asa proposed a price of 22 billion rials for the project, equivalent to approximately $520,000 at the time (October 2021). This figure included the software, installation, and 15 days of free training. A separate one-year support fee was also included, indicating the company’s goal for a long-term partnership with the government.
In the document, Peyk-Asa presents itself as a pioneer in the IT and telecommunications industry, citing 16 years of experience. The company claims to have implemented more than 50 operational sites for major Iranian operators, including Hamrah-e Avval, Irancell, and Rightel, and provides services to over 80 million mobile and landline subscribers. Its declared areas of activity include:
- Telecommunication Solutions: Including the production of the first domestic SMS Center (SMSC), which manages the sending and receiving of SMS messages for operators; designing high-capacity processing centers for SMS transmission (SMSGW); developing signaling communication control systems, which are crucial for managing call and message routing in mobile networks; and creating tools related to network security and fraud prevention in telecommunication systems.
- Smartization Solutions: Including big data and Internet of Things (IoT) projects.
- Business Innovation Solutions: Such as billing systems, customer management, loyalty programs, and e-wallets.
The company also owns brands like Asanak (digital marketing and fixed-line value-added services), Pekpay (payment and fintech services), and Afrinak (an online streaming service for children). This diversity indicates that Peyk-Asa has a wide-reaching influence in Iran’s communications and technology sectors, and it has now leveraged this capability to give the government greater control over citizens’ communications.
Technical Breakdown: Peyk-Asa’s Two Main Subsystems for SMS Filtering
In its proposal, Peyk-Asa introduced two key subsystems designed for the organized control, surveillance, and censorship of SMS messages:
1. The Clif Subsystem
This web-based system connects directly to Short Message Service Centers (SMSCs) to monitor all SMS traffic, both within a single operator and between different ones. Peyk-Asa presents it as a solution for “managing filtering and enforcing legal oversight.” A closer look at its capabilities reveals a multi-layered censorship infrastructure:
- Whitelisting and Restricted Lists: Creates the ability for discriminatory access by exempting certain numbers from filtering or limiting the number of messages they can send.
- Content Filtering: Applies rules based on sender, recipient, message text, time, and location. It has the ability to block messages, alter their content, or delay delivery.
- Number Grouping and Polymorphic Words: Enables more targeted filtering and prevents censorship circumvention by detecting variations in how words are spelled.
- Geographical Filtering: Uses network location data like LAC (Location Area Code) and Cell ID (Cell Tower ID) to intensify SMS control in specific areas, such as borders, sensitive security locations, or during protests and gatherings.
- Service Centers: Leverages technical infrastructure like the SMSC (SMS management center), FSMS (bulk SMS system), and inter-operator Mediators (intermediate systems between different operators) to provide full monitoring and control of SMS messages. In simple terms, this infrastructure facilitates surveillance on three levels: internal (within one operator), inter-operator (between different operators inside Iran), and international (roaming and communications from users abroad).
- Reporting: Provides statistical and analytical reports on SMS messages and the effects of filtering policies in various formats.
- Roamer Management: Meticulously monitors the presence and activity of “guest subscribers” (users using other operators or in roaming mode) and applies specific filtering and monitoring policies when they enter or leave the network. This capability allows the system to apply separate controls to the communications of users connecting from outside the country or via other operators.
- System Management: Controls access, user management, and configuration, allowing the government to fully control the implementation of filtering policies.
2. The Home Router Subsystem
This module is designed to control incoming SMS messages from other operators. While it is presented as a solution for roaming issues and security risks, it effectively becomes a tool for targeted filtering of inter-operator SMS messages.
- Signaling Module: Transmits SMS messages using SS7/SIGTRAN and SMPP telecommunication protocols and manages the flow to prevent “uncontrolled” or unmonitored messages from passing through. In simple terms, this module manages the flow of messages to prevent any that do not comply with surveillance policies from passing.
- Home Router Core: The decision-making center that can block messages based on defined rules, change their content, or forward them to their final destination without alteration after review.
- CDR Importer and Web Interface: This part of Peyk-Asa’s system meticulously logs all SMS records (CDR, or Call Detail Record) in a database. It also provides a graphical user interface (web portal) for monitoring agencies, allowing them to extract statistical and analytical reports and update filtering rules manually and in real time.
- Hybrid Databases: To ensure the system’s speed and accuracy, Peyk-Asa’s proposal explains that it uses a combination of different databases:
- Redis for fast storage of sensitive information like subscriber identity (IMSI) and cell tower location (MSC).
- MySQL for managing user information, access passwords, and system settings.
- Elasticsearch for storing, searching, and analyzing large volumes of SMS records, enabling quick searches and analytical report extraction.
- Monitoring and Resilient Architecture: This system is designed for real-time monitoring and stability, with the following components:
- OMC for collecting performance indicators and identifying potential errors in the filtering process.
- Zabbix for real-time monitoring and fast alerts in case of disruptions or system failures.
- Active/Active architecture allows the system to continue working without interruption even if part of the infrastructure fails, ensuring that the filtering process is not disrupted.
In Peyk-Asa’s proposal, the Clif and Home Router subsystems work together to create a powerful and resilient censorship machine for the government. It is a system that can monitor, filter, engineer, and restrict citizens’ SMS messages based on state policies.