Iran’s Internal Conflict Plays Out On Social Media

The biggest anti-government protests in Iran for nearly a decade have been fuelled by rising discontent, in particular over the cost of living. Iran has been rocked by a wave of protests over economic hardship and lack of civil liberties in the past few weeks.

The streets are not the only battleground between the Islamic Republic and its critics. A cyber battle on several fronts is being fought between the two sides on social media platforms. 

In 2009, the last time Iran saw demonstrations of such scale, social media was dominated by pro-opposition users and reformists who used Facebook, YouTube and Twitter to share images of the Green Movement to the outside world. Today, mobile apps are used by a significantly higher percentage of the population and the government is better prepared to confront its opponents on digital media.

Many senior politicians and activists use a variety of platforms on a daily basis, despite some being officially blocked, and boast hundreds of thousands of followers sympathetic to their cause. After the Stuxnet computer worm hit Iran's nuclear facilities in 2010, the country invested heavily in cyber capabilities and set up a team of trained hackers known as the Iranian Cyber-Army.

In the absence of independent news outlets and state TV's typically one-sided coverage, citizens took to social media to share photos and videos of the demonstrations with the aim of disseminating their message and inviting more local residents to join the crowds.

Telegram, which has an estimated 40 million users in Iran, equivalent to almost half the population, has been the platform of choice for the protestors. In response, the officials "temporarily" blocked Telegram and Instagram. Facebook, YouTube and Twitter have been banned since 2009. 

'Nothing going on'

But proponents of the Islamic Republic did not leave the social media battleground to the critics this time. One of the notable tactics used was the creation of dozens of Twitter bots whose job ranged from calling widely shared videos of rallies fake to discouraging potential protesters from joining rallies.  

A social bot automatically generates content and followers, mostly to support a wider campaign. Most of these accounts have unusual profile names and pictures, and were created during the protests.The accounts have no more than a handful of followers, which happen to be similar bot accounts. "I just arrived here, there is nothing going on," posted one account in response to a video about an alleged protest in Rasht, Gilan province. "Why are you lying? No-one is here," said another. The exact same messages by the same accounts can be seen below many videos shared between 1 and 4 January. 

While clearly co-ordinated, there is no evidence that these accounts were created by official authorities or security services.

Bot-spotting tips

The Atlantic Council's Digital Forensic Research Lab (DFRL) offers social-media users tips for spotting a bot:

Frequency: Bots are prolific posters. The more frequently they post, the more caution should be shown. The DFRL classifies 72 posts a day as suspicious, and more than 144 per day as highly suspicious. 

Anonymity: Bots often lack any personal information. The accounts often have generic profile pictures and political slogans as "bios".

Amplification: A bot's timeline will often consist of re-tweets and verbatim quotes, with few posts containing original wording.

Common content: Networks of bots can be identified if multiple profiles tweet the same content almost simultaneously.

Hashtag Wars                                                                                                                                                        

At the same time, hardline users began an initiative to enlarge and highlight the faces of protesters captured in videos and pictures, calling for the intelligence agencies to identify and arrest them. Tasnim news agency, affiliated to the powerful Revolutionary Guards, was among those joining the initiative on Twitter. The protesters hit back immediately. They set up a Twitter account sharing the alleged names and details of security personnel confronting the demonstrators. In addition, they identified the accounts highlighting individual protesters and repeatedly reported them to Twitter.

The hashtag mostly associated with the recent events in Iran, #nationwide_protests, has been used more than 470,000 times so far. 

But an analysis of the hashtag shows a large number of posts in favour of the demonstrations from Saudi Arabia.
Some supporters of the Islamic Republic and conservative agencies have been using their own hashtag, #nationwide_riots.
Sunni Saudi Arabia and Shia Iran are regional rivals and have been involved in proxy wars in the Middle East, notably in Syria and Yemen. An Arabic hashtag, #happening_now_in_Iran, has been used more than 66,000 times since the first day of the protests.

BBC:

You Might Also Read:

Iran Turns Off The Internet:

Signal: The Snowden-Approved Crypto App Comes to Android:

Zello Protest App Blocked in Russia:

 

« Applying Blockchain to Cybersecurity
The Big Online Advertising Swindle »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

SC Media

SC Media

SC Media arms information security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face.

Copper Horse Solutions

Copper Horse Solutions

Copper Horse specialises in mobile and IoT security, engineering solutions throughout the product lifecycle from requirements to product security investigations.

Tigerscheme

Tigerscheme

Tigerscheme is a certification scheme for information security specialists, backed by University standards and covering a wide range of expertise.

ACI Solutions

ACI Solutions

ACI Solutions is a managed IT services and network security provider working with diverse global commercial, government and public sector clients.

StationX

StationX

StationX is a leading provider of cyber security training, consultancy and services.

Quorum Cyber

Quorum Cyber

Quorum Cyber offer end-to-end cyber security solutions, specialising in Managed Security Services, Consulting and Resourcing.

TorGuard

TorGuard

TorGuard is a Virtual Private Network services provider offering secure encrypted access to the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Quantum Xchange

Quantum Xchange

As the provider of unbreakable quantum-safe encryption, Quantum Xchange gives commercial enterprises and government agencies the ultimate defense to keep high-value data safe.

Defensity

Defensity

Defensity offer bespoke & pre packaged IT Security Solutions for Small business to help companies reduce overall IT related risk.

Bleam Cyber Security

Bleam Cyber Security

Bleam is a leading provider of Managed Cyber Security Services and Information Security consulting. We deliver enterprise class security services to UK SME’s to stop data breaches.

Ross & Baruzzini

Ross & Baruzzini

Ross & Baruzzini delivers integrated technology, consulting, and engineering solutions for safe, sustainable, and resilient facilities.

Proximus Ada

Proximus Ada

Proximus Ada is the first Belgian center of excellence combining artificial intelligence and cybersecurity.

Flotek

Flotek

Flotek is an IT & Comms service provider delivering SMEs with trusted, innovative and cost effective cloud technology, with confidence, clarity and clout.

Illustria

Illustria

Illustria is your agent-less “watchdog” for all open source libraries. Our mission is becoming a dev-velocity company, enabled via cyber security.

Badge

Badge

Badge authenticates you on-demand for every application, on any device, without storing any secrets.