Despite being one of the region’s leading cyberpowers, Iran is one of the worst violators of international standards relating to the Internet, routinely violating human rights exercised online, and using online tactics to restrict rights exercised offline. A regime-led ideological Soft War threatens to keep Iranian citizens isolated from the rest of the world, and unable to exercise their rights to freedom of expression and information. In order to understand how to address the challenges facing freedom of expression in Iran both off- and online, it is essential to understand how online control is implemented and maintained.
The Soft War has remained of great importance to the Iranian regime, with a particular surge in activity after the controversial 2009 elections, five months after which Supreme Leader Ayatollah Khamenei stated: “Today, the country’s priority is to fight the enemy’s soft war.”
There has been much discussion, by international civil society, as well as groups and individuals within Iran including members of the Iranian establishment itself, of an ‘Iranian Cyber Army’ (ICA) – an organised group with official oversight and support of the Iranian government. The origin and structure of this group are extremely difficult to establish, but there is clear evidence of online actors and tactics, whose actions and goals often align with those of the Iranian authorities, even shifting with that political agenda. Individuals and groups targeted by this group are often civil society, activists, and political opposition groups, though diasporic Iranians have also been targeted, as well as state entities seen as oppositional or a threat (potentially including the US Department of Justice).
There are two distinct types of online activity which contribute to the hegemony of state ideology and discourse: the first is the content of the Soft War itself online– the production and promotion of state-sanctioned ideological content, with the restriction of content perceived to threaten tradition Iranian cultural and political values.
Those who express dissent, including social activists and human rights campaigners, (who frequently fail to adopt necessary online security precautions such as complex passwords and online anonymity) are monitored and even arrested. In subsequent interrogations they are often subjected to torture and other ill-treatment: the authorities thus obtain key information – communications, online account details, web histories – which enables the persecution of other targets of interest. This has been one of the most effective techniques in gathering information on human rights activists.
The second type of activity is cyberattacks i.e. hacking: intrusive malware, monitoring, and, for example, DDoS attacks carried out on actors perceived to be in opposition to state ideology: the targets are suspected to be selected by state actors, and civil society and political opponents have been shown to be primary targets of such intrusive tactics. This not only directly interferes with both the activities and publications of organisations deemed to oppose the government, but can also lead to information used to arrest and prosecute dissenting individuals or groups. It is important to note the difficulty in researching hacking actions and groups, especially in determining the attribution and intent of intrusive online actions.
Perhaps the greatest success of the Iranian government’s online campaign, at least domestically, is the ‘chilling effect’: the establishment of a climate of fear that surpasses actual surveillance capabilities and encourages online communicators and activists to self-censor. It would be impossible to maintain a catch-all censorship or monitoring programme, but by instilling in Iranian citizens a sense of fear, the surveillance and blocking do not have to be comprehensive.
This report aims to provide insight into the online tactics and networks active in Iran’s Soft War, using a combination of primary sources, interviews, and metadata collection.