Iran’s Internal Conflict Plays Out On Social Media

Uploaded on 2018-01-17 in INTELLIGENCE-Hot Spots-Iran, GOVERNMENT-National, FREE TO VIEW, NEWS-Cybersecurity News, TECHNOLOGY-Key Areas-Social Media

The biggest anti-government protests in Iran for nearly a decade have been fuelled by rising discontent, in particular over the cost of living. Iran has been rocked by a wave of protests over economic hardship and lack of civil liberties in the past few weeks.

The streets are not the only battleground between the Islamic Republic and its critics. A cyber battle on several fronts is being fought between the two sides on social media platforms. 

In 2009, the last time Iran saw demonstrations of such scale, social media was dominated by pro-opposition users and reformists who used Facebook, YouTube and Twitter to share images of the Green Movement to the outside world. Today, mobile apps are used by a significantly higher percentage of the population and the government is better prepared to confront its opponents on digital media.

Many senior politicians and activists use a variety of platforms on a daily basis, despite some being officially blocked, and boast hundreds of thousands of followers sympathetic to their cause. After the Stuxnet computer worm hit Iran's nuclear facilities in 2010, the country invested heavily in cyber capabilities and set up a team of trained hackers known as the Iranian Cyber-Army.

In the absence of independent news outlets and state TV's typically one-sided coverage, citizens took to social media to share photos and videos of the demonstrations with the aim of disseminating their message and inviting more local residents to join the crowds.

Telegram, which has an estimated 40 million users in Iran, equivalent to almost half the population, has been the platform of choice for the protestors. In response, the officials "temporarily" blocked Telegram and Instagram. Facebook, YouTube and Twitter have been banned since 2009. 

'Nothing going on'

But proponents of the Islamic Republic did not leave the social media battleground to the critics this time. One of the notable tactics used was the creation of dozens of Twitter bots whose job ranged from calling widely shared videos of rallies fake to discouraging potential protesters from joining rallies.  

A social bot automatically generates content and followers, mostly to support a wider campaign. Most of these accounts have unusual profile names and pictures, and were created during the protests.The accounts have no more than a handful of followers, which happen to be similar bot accounts. "I just arrived here, there is nothing going on," posted one account in response to a video about an alleged protest in Rasht, Gilan province. "Why are you lying? No-one is here," said another. The exact same messages by the same accounts can be seen below many videos shared between 1 and 4 January. 

While clearly co-ordinated, there is no evidence that these accounts were created by official authorities or security services.

Bot-spotting tips

The Atlantic Council's Digital Forensic Research Lab (DFRL) offers social-media users tips for spotting a bot:

Frequency: Bots are prolific posters. The more frequently they post, the more caution should be shown. The DFRL classifies 72 posts a day as suspicious, and more than 144 per day as highly suspicious. 

Anonymity: Bots often lack any personal information. The accounts often have generic profile pictures and political slogans as "bios".

Amplification: A bot's timeline will often consist of re-tweets and verbatim quotes, with few posts containing original wording.

Common content: Networks of bots can be identified if multiple profiles tweet the same content almost simultaneously.

Hashtag Wars                                                                                                                                                        

At the same time, hardline users began an initiative to enlarge and highlight the faces of protesters captured in videos and pictures, calling for the intelligence agencies to identify and arrest them. Tasnim news agency, affiliated to the powerful Revolutionary Guards, was among those joining the initiative on Twitter. The protesters hit back immediately. They set up a Twitter account sharing the alleged names and details of security personnel confronting the demonstrators. In addition, they identified the accounts highlighting individual protesters and repeatedly reported them to Twitter.

The hashtag mostly associated with the recent events in Iran, #nationwide_protests, has been used more than 470,000 times so far. 

But an analysis of the hashtag shows a large number of posts in favour of the demonstrations from Saudi Arabia.
Some supporters of the Islamic Republic and conservative agencies have been using their own hashtag, #nationwide_riots.
Sunni Saudi Arabia and Shia Iran are regional rivals and have been involved in proxy wars in the Middle East, notably in Syria and Yemen. An Arabic hashtag, #happening_now_in_Iran, has been used more than 66,000 times since the first day of the protests.

BBC:

You Might Also Read:

Iran Turns Off The Internet:

Signal: The Snowden-Approved Crypto App Comes to Android:

Zello Protest App Blocked in Russia:

 

« Applying Blockchain to Cybersecurity
The Big Online Advertising Swindle »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Proofpoint

Proofpoint

Proofpoint provide the most effective cybersecurity and compliance solutions to protect people on every channel including email, the web, the cloud, social media and mobile messaging.

Cyber DriveWare

Cyber DriveWare

DriveWare analyzes new traffic in the I/O layer and blocks malware and cyber attacks which organizations have no means to protect against.

Automation & Cyber Solutions (ACS)

Automation & Cyber Solutions (ACS)

Automation & Cyber Solutions delivers a range of Industrial Automation and Cyber solutions & services to sectors including Oil & Gas, Chemicals & Petrochemicals, Power and others.

Cybersprint

Cybersprint

Cybersprint's Digital Risk Protection platform continuously monitors your digital footprint so you can make informed decisions on exposure to online threats, identify vulnerabilities and take action.

Digital Law

Digital Law

Digital Law is the only UK law firm to specialise solely in online, data and cyber law.

Desec Security

Desec Security

Desec's training platform allows professionals around of the world to acquire knowledge and practical experience in Information Security.

Digi International

Digi International

Digi is a leading global provider of mission-critical and business-critical machine-to-machine (M2M) and Internet of Things (IoT) connectivity products and services.

CyberGuru

CyberGuru

CyberGuru is a service provided by CyberSecurity Malaysia specializing in cyber security professional training and development.

AlertEnterprise

AlertEnterprise

AlertEnterprise uniquely eliminates silos and uncovers blended threats across IT Security, Physical Access Controls and Industrial Control Systems.

Beauceron Security

Beauceron Security

Beauceron's cloud-based platform gives employees a powerful personal cyber-risk coach empowering them to improve their cybersecurity practices and behaviours.

RegScale

RegScale

RegScale helps organizations comply in real-time with multiple compliance requirements (NIST, CMMC, ISO, SOX, etc), scalable to meet the needs of the entire enterprise.

HWG Sababa

HWG Sababa

HWG Sababa is a cybersecurity provider that offers a comprehensive suite of strategic managed security solutions, services, and consultancy.

Codenotary

Codenotary

Codenotary provide a comprehensive suite of verification and enforcement services to guarantee the integrity of your software throughout its entire lifecycle.

Oak9

Oak9

Oak9's Security as Code platform dynamically secures Infrastructure as Code (IaC) and deployed cloud workloads, automatically.

Adsigo

Adsigo

Adsigo AG is your reliable and professional partner for all topics concerning PCI certification, compliance and information security.

RedArx Cyber Group

RedArx Cyber Group

At RedArx Cyber Group, our vision is to empower businesses with cutting-edge, proactive security solutions that safeguard their digital landscapes.