Iran’s Internal Conflict Plays Out On Social Media

Uploaded on 2018-01-17 in INTELLIGENCE-Hot Spots-Iran, GOVERNMENT-National, FREE TO VIEW, NEWS-Cybersecurity News, TECHNOLOGY-Key Areas-Social Media

The biggest anti-government protests in Iran for nearly a decade have been fuelled by rising discontent, in particular over the cost of living. Iran has been rocked by a wave of protests over economic hardship and lack of civil liberties in the past few weeks.

The streets are not the only battleground between the Islamic Republic and its critics. A cyber battle on several fronts is being fought between the two sides on social media platforms. 

In 2009, the last time Iran saw demonstrations of such scale, social media was dominated by pro-opposition users and reformists who used Facebook, YouTube and Twitter to share images of the Green Movement to the outside world. Today, mobile apps are used by a significantly higher percentage of the population and the government is better prepared to confront its opponents on digital media.

Many senior politicians and activists use a variety of platforms on a daily basis, despite some being officially blocked, and boast hundreds of thousands of followers sympathetic to their cause. After the Stuxnet computer worm hit Iran's nuclear facilities in 2010, the country invested heavily in cyber capabilities and set up a team of trained hackers known as the Iranian Cyber-Army.

In the absence of independent news outlets and state TV's typically one-sided coverage, citizens took to social media to share photos and videos of the demonstrations with the aim of disseminating their message and inviting more local residents to join the crowds.

Telegram, which has an estimated 40 million users in Iran, equivalent to almost half the population, has been the platform of choice for the protestors. In response, the officials "temporarily" blocked Telegram and Instagram. Facebook, YouTube and Twitter have been banned since 2009. 

'Nothing going on'

But proponents of the Islamic Republic did not leave the social media battleground to the critics this time. One of the notable tactics used was the creation of dozens of Twitter bots whose job ranged from calling widely shared videos of rallies fake to discouraging potential protesters from joining rallies.  

A social bot automatically generates content and followers, mostly to support a wider campaign. Most of these accounts have unusual profile names and pictures, and were created during the protests.The accounts have no more than a handful of followers, which happen to be similar bot accounts. "I just arrived here, there is nothing going on," posted one account in response to a video about an alleged protest in Rasht, Gilan province. "Why are you lying? No-one is here," said another. The exact same messages by the same accounts can be seen below many videos shared between 1 and 4 January. 

While clearly co-ordinated, there is no evidence that these accounts were created by official authorities or security services.

Bot-spotting tips

The Atlantic Council's Digital Forensic Research Lab (DFRL) offers social-media users tips for spotting a bot:

Frequency: Bots are prolific posters. The more frequently they post, the more caution should be shown. The DFRL classifies 72 posts a day as suspicious, and more than 144 per day as highly suspicious. 

Anonymity: Bots often lack any personal information. The accounts often have generic profile pictures and political slogans as "bios".

Amplification: A bot's timeline will often consist of re-tweets and verbatim quotes, with few posts containing original wording.

Common content: Networks of bots can be identified if multiple profiles tweet the same content almost simultaneously.

Hashtag Wars                                                                                                                                                        

At the same time, hardline users began an initiative to enlarge and highlight the faces of protesters captured in videos and pictures, calling for the intelligence agencies to identify and arrest them. Tasnim news agency, affiliated to the powerful Revolutionary Guards, was among those joining the initiative on Twitter. The protesters hit back immediately. They set up a Twitter account sharing the alleged names and details of security personnel confronting the demonstrators. In addition, they identified the accounts highlighting individual protesters and repeatedly reported them to Twitter.

The hashtag mostly associated with the recent events in Iran, #nationwide_protests, has been used more than 470,000 times so far. 

But an analysis of the hashtag shows a large number of posts in favour of the demonstrations from Saudi Arabia.
Some supporters of the Islamic Republic and conservative agencies have been using their own hashtag, #nationwide_riots.
Sunni Saudi Arabia and Shia Iran are regional rivals and have been involved in proxy wars in the Middle East, notably in Syria and Yemen. An Arabic hashtag, #happening_now_in_Iran, has been used more than 66,000 times since the first day of the protests.

BBC:

You Might Also Read:

Iran Turns Off The Internet:

Signal: The Snowden-Approved Crypto App Comes to Android:

Zello Protest App Blocked in Russia:

 

« Applying Blockchain to Cybersecurity
The Big Online Advertising Swindle »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Tinfoil Security

Tinfoil Security

Tinfoil is a simple, developer friendly service that lets you scan your website for vulnerabilities and fix them quickly and easily.

KFSensor

KFSensor

KFSensor is an advanced 'honeypot' intrusion and insider threat detection system for Windows networks.

Payload Security

Payload Security

Payload Security's VxStream Sandbox is a fully automated malware analysis system.

Deutsche Cyber-Sicherheitsorganisation (DCSO)

Deutsche Cyber-Sicherheitsorganisation (DCSO)

DCSO was founded in 2015 with the aim of counteracting the threats posed by globally organized cybercrime and state-controlled industrial espionage.

Dcoya

Dcoya

Dcoya's complete security awareness training program gives you out-of-the-box compliance with PCI-DSS, HIPAA, SOX and ISO regulations.

Labris Networks

Labris Networks

Labris Networks specializes in DDoS mitigation, NG Firewall, Unified Threat Management, Centralized Management, Regulatory Compliances and SOC/CERT Services.

RedLock

RedLock

The RedLock Cloud 360TM platform correlates disparate security data sets to provide a unified view of risks across fragmented cloud environments.

AVeS Cyber Security

AVeS Cyber Security

AVeS combines expert knowledge and services with leading technology products to provide comprehensive Information Security and Advanced IT Infrastructure solutions.

Tech-Recycle

Tech-Recycle

Tech-Recycle was formed to help companies and individuals securely, ethically and easily recycle their IT and office equipment. We destroy all data passed to us safely and securely.

Trusted CI

Trusted CI

Trusted CI, the NSF Cybersecurity Center of Excellence is comprised of cybersecurity experts who have spent decades working with science and engineering communities.

ZecOps

ZecOps

ZecOps is a cybersecurity automation company offering solutions for servers, endpoints, mobile devices, and custom devices.

PrivacySavvy

PrivacySavvy

PrivacySavvy's mission is to provide you with all the information that you need to ensure that your internet privacy is intact, your devices are secure, and that any time you step online, you’re safe.

Resilience Cyber insurance

Resilience Cyber insurance

Resilience helps to improve cyber resilience by connecting cyber insurance coverage with advanced cybersecurity visibility and a shared plan to reinforce great cyber hygiene.

xdr.global

xdr.global

Xdr.global is a cybersecurity consulting firm, focused on promoting and aligning Extended Detection and Response (XDR) security solutions.

Onum

Onum

Onum helps security and IT leaders focus on the data that's most important. Gain control of your data by cutting through the noise for deep insights in real time.

Velstadt Cybersecurity

Velstadt Cybersecurity

Velstadt's team of experienced professionals works on identifying vulnerabilities, analyzing threats, and developing strategies to ensure the highest level of security.

Core42

Core42

Core42 provides a full-spectrum of AI enablement solutions covering cloud, data, cybersecurity and digital services designed for customer success.