Iran’s Internal Conflict Plays Out On Social Media

Uploaded on 2018-01-17 in INTELLIGENCE-Hot Spots-Iran, GOVERNMENT-National, FREE TO VIEW, NEWS-Cybersecurity News, TECHNOLOGY-Key Areas-Social Media

The biggest anti-government protests in Iran for nearly a decade have been fuelled by rising discontent, in particular over the cost of living. Iran has been rocked by a wave of protests over economic hardship and lack of civil liberties in the past few weeks.

The streets are not the only battleground between the Islamic Republic and its critics. A cyber battle on several fronts is being fought between the two sides on social media platforms. 

In 2009, the last time Iran saw demonstrations of such scale, social media was dominated by pro-opposition users and reformists who used Facebook, YouTube and Twitter to share images of the Green Movement to the outside world. Today, mobile apps are used by a significantly higher percentage of the population and the government is better prepared to confront its opponents on digital media.

Many senior politicians and activists use a variety of platforms on a daily basis, despite some being officially blocked, and boast hundreds of thousands of followers sympathetic to their cause. After the Stuxnet computer worm hit Iran's nuclear facilities in 2010, the country invested heavily in cyber capabilities and set up a team of trained hackers known as the Iranian Cyber-Army.

In the absence of independent news outlets and state TV's typically one-sided coverage, citizens took to social media to share photos and videos of the demonstrations with the aim of disseminating their message and inviting more local residents to join the crowds.

Telegram, which has an estimated 40 million users in Iran, equivalent to almost half the population, has been the platform of choice for the protestors. In response, the officials "temporarily" blocked Telegram and Instagram. Facebook, YouTube and Twitter have been banned since 2009. 

'Nothing going on'

But proponents of the Islamic Republic did not leave the social media battleground to the critics this time. One of the notable tactics used was the creation of dozens of Twitter bots whose job ranged from calling widely shared videos of rallies fake to discouraging potential protesters from joining rallies.  

A social bot automatically generates content and followers, mostly to support a wider campaign. Most of these accounts have unusual profile names and pictures, and were created during the protests.The accounts have no more than a handful of followers, which happen to be similar bot accounts. "I just arrived here, there is nothing going on," posted one account in response to a video about an alleged protest in Rasht, Gilan province. "Why are you lying? No-one is here," said another. The exact same messages by the same accounts can be seen below many videos shared between 1 and 4 January. 

While clearly co-ordinated, there is no evidence that these accounts were created by official authorities or security services.

Bot-spotting tips

The Atlantic Council's Digital Forensic Research Lab (DFRL) offers social-media users tips for spotting a bot:

Frequency: Bots are prolific posters. The more frequently they post, the more caution should be shown. The DFRL classifies 72 posts a day as suspicious, and more than 144 per day as highly suspicious. 

Anonymity: Bots often lack any personal information. The accounts often have generic profile pictures and political slogans as "bios".

Amplification: A bot's timeline will often consist of re-tweets and verbatim quotes, with few posts containing original wording.

Common content: Networks of bots can be identified if multiple profiles tweet the same content almost simultaneously.

Hashtag Wars                                                                                                                                                        

At the same time, hardline users began an initiative to enlarge and highlight the faces of protesters captured in videos and pictures, calling for the intelligence agencies to identify and arrest them. Tasnim news agency, affiliated to the powerful Revolutionary Guards, was among those joining the initiative on Twitter. The protesters hit back immediately. They set up a Twitter account sharing the alleged names and details of security personnel confronting the demonstrators. In addition, they identified the accounts highlighting individual protesters and repeatedly reported them to Twitter.

The hashtag mostly associated with the recent events in Iran, #nationwide_protests, has been used more than 470,000 times so far. 

But an analysis of the hashtag shows a large number of posts in favour of the demonstrations from Saudi Arabia.
Some supporters of the Islamic Republic and conservative agencies have been using their own hashtag, #nationwide_riots.
Sunni Saudi Arabia and Shia Iran are regional rivals and have been involved in proxy wars in the Middle East, notably in Syria and Yemen. An Arabic hashtag, #happening_now_in_Iran, has been used more than 66,000 times since the first day of the protests.

BBC:

You Might Also Read:

Iran Turns Off The Internet:

Signal: The Snowden-Approved Crypto App Comes to Android:

Zello Protest App Blocked in Russia:

 

« Applying Blockchain to Cybersecurity
The Big Online Advertising Swindle »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Satisnet

Satisnet

Satisnet is a leading Security Reseller, Managed Security Services Provider (MSSP) and Cyber Training Innovator, with operations throughout the UK, EMEA and United States.

Capita

Capita

Capita is a consulting, digital services and software business, providing end-to-end enterprise IT services and solutions focused around digital transformation and innovation.

Sigma Payment Solutions

Sigma Payment Solutions

Sigma Payment Solutions offers a comprehensive suite of automated payment processing services, solutions, and technology to businesses in the USA.

SafenSoft (SnS)

SafenSoft (SnS)

SafenSoft delivers high-efficiency, low-impact proactive protection against malware, insider threats, and confidential data leakage.

Uppsala Security

Uppsala Security

Uppsala Security built the first crowdsourced Threat Intelligence platform known as the Sentinel Protocol, which is powered by blockchain technology.

Fraugster

Fraugster

Fraugster provides the most precise anti-fraud solution for e-commerce businesses.

Industrial Cybersecurity Center (CCI)

Industrial Cybersecurity Center (CCI)

CCI is the first center of its kind that comes from industry without subsidies, independent and non-profit, to promote and contribute to the improvement of Industrial Cybersecurity.

Towerwall

Towerwall

Towerwall offers a comprehensive suite of security services and solutions using best-of-breed tools and information security services.

ISTC Foundation

ISTC Foundation

ISTC Foundation is one of the leading innovation centers in Armenia, founded by joint initiative of IBM, USAID, Armenian Government and Enterprise Incubator Foundation.

Arqit Quantum

Arqit Quantum

Arqit's mission is to use transformational quantum encryption technology to keep safe the data of our governments, enterprises and citizens.

Aiden Technologies

Aiden Technologies

Aiden simplifies your IT process, giving you peace of mind and security by ensuring your computers get exactly the software they need and nothing else.

Factmata

Factmata

Factmata is an social and news media monitoring and analytics product that uses AI to identify and track narratives online, highlighting those most likely to cause brand harm or misinform the public.

Gravitee

Gravitee

Gravitee helps organizations manage and secure their entire API lifecycle with solutions for API design, management, security, productization, real-time observability, and more.

Probity

Probity

Probity Inc. is a certified software development and systems engineering company, providing support to federal government and national defense related clients.

Nclose

Nclose

Nclose is a proudly South African cyber security specialist that has been securing leading enterprises and building our security portfolio since 2006.

Hexiosec

Hexiosec

Hexiosec (formerly Red Maple Technologies) is a technical consultancy and product company founded and run by engineers from the UK Intelligence and Defence communities.