User ID leak: Iran using coronavirus crisis to spy on ordinary Iranians

As the world rightly focuses on addressing the coronavirus pandemic, a lesser discussed issue is how the Iranian regime is taking advantage of the status quo in many different ways. And with China’s support.

42 million Iranian “Telegram” user IDs and phone numbers leaked online, according to a recent report. Iran’s regime has a history of using apps to place the general public, especially activists and dissidents, under a watchful eye.

The incident follows a similar case in 2016 when Reuters reported 15 million Telegram user IDs, phone numbers, and one-time verification codes were identified by Iranian hackers, resulting in more than a dozen compromised accounts.

The information contained in this recently exposed database poses a clear risk to users. Not only does it reveal who in Iran uses Telegram (or a Telegram fork), it also opens them up to attack.

SIM swap attacks are one example. A SIM-swap attack occurs when the attacker convinces a phone carrier to move a phone number to a new SIM card, allowing them to send and receive the victim’s SMS messages and phone calls. The attacker could then receive their one-time access verification codes, granting full access to app accounts and messages.

Affected users could also be at risk of targeted phishing or scams using the phone numbers in the database.

IRGC role

Just recently Google Play removed an Android app developed by Iran’s regime—supposedly launched “to test and keep track of COVID-19 (coronavirus) infections”—while users accuse the regime of collecting phone numbers and real-time geo-location data.

Once installed, the app asks for access to real-time geo-location details, which it would immediately upload to a remote server. Furthermore, it was soon discovered that the app had been developed by a company that has previously built other apps for the Iranian regime.

Smart Land Strategy, linked to Iran’s Revolutionary Guards (IRGC), previously built Telegram Gold and HotGram, both removed from Play Store for secretly collecting user data and reports of the apps being developed at the behest of Iran’s intelligence agencies, according to a report.

“… the Iranian government could be using the current COVID-19 pandemic as a ruse to trick millions of Iranians into installing the app, collect their device and location details, and then install malware on their devices through a subsequent update,” the report warns.

Malign past & China’s support

Back in February 2018, the Iranian opposition coalition National Council of Resistance of Iran (NCRI) held a press conference in Washington warning, “… the regime has created close to 100 spyware apps, including Mobogram, Telegram Farsi, Hotgram, Wispi, and Telegram Talayi, that resemble popular apps and spy on the unwitting Iranians who download them by mistake.”

NCRI press conference in Washington, DC
Alireza Jafarzadeh, Deputy Director of the Washington office of the dissident National Council of Resistance of Iran (NCRI), speaking to reporters at a Feb. 15, 2018 news conference on “cyberwarfare” being waged by Iran’s government. (Photo courtesy of NCRI)

Iran’s regime is now taking advantage of the coronavirus crisis to launch an app aimed at spying on ordinary Iranians further indicates the mullahs are lying about the numbers of COVID-19 deaths and cases and are only concerned about maintaining their establishment in power.

Back in March 2012, a Chinese telecommunications equipment company sold Iran’s largest telecom firm a powerful surveillance system capable of monitoring landline, mobile and internet communications, according to Reuters citing interviews and contract documents show.

“The system was part of a 98.6 million euro ($130.6 million at the time) contract for networking equipment supplied by Shenzhen, China-based ZTE Corp to the Telecommunication Co of Iran (TCI), according to the documents. Government-controlled TCI has a near monopoly on Iran’s landline telephone services and much of Iran’s internet traffic is required to flow through its network.

“Human rights groups say they have documented numerous cases in which the Iranian government tracked down and arrested critics by monitoring their telephone calls or internet activities. Iran this month set up a Supreme Council of Cyberspace, headed by President Mahmoud Ahmadinejad, who said it would protect ‘against internet evils,’ according to Iranian state television.”

Months later, the FBI launched an investigation into allegations that a top Chinese maker of phone equipment supplied Iran with U.S.-made hardware and software, including a powerful surveillance system, in violation of federal laws and a trade embargo, according to the Wired citing a report by The Smoking Gun.

Investigators, who began their probe earlier in 2012, also found evidence that the company planned to obstruct a Department of Commerce inquiry into the contract behind the sales.

Apologists/lobbyists to the rescue

Chief Iran apologist/lobbyist Trita Parsi was quick to push Iranian Foreign Minister Mohammad Javad Zarif’s talking points about U.S. sanctions after Google took actions against Iran’s spying app.

Negar Mortazavi, another known Iranian apologist/lobbyists, claimed this could “help people self-diagnose the coronavirus.” Self-diagnosing is scientifically impossible. But that is not important for Mortazavi.

Why? Because as an Iran apologist/lobbyist with close ties to Zarif, her sole focus is to push Tehran’s talking points. Even the article cited by Mortazavi in her tweet reads:

“But that app was booted from Google’s Play Store recently, reports ZDNet.”

Why? Because of “misleading claims,” according to the report, that it could detect COVID-19 infections, something that is impossible through an app.

Another important reminder: Iran’s regime uses indigenous apps to gain information about Iranian dissidents. Even despite the ongoing coronavirus, security and maintaining their grip on power is the regime’s number one priority.

Will Iran Gain Or Lose By Blocking Telegram?

Forbes

Reports of Iran’s regime intending to block the popular messaging app, Telegram, is the source of a variety of reactions. If Iran’s rulers had it their way this platform would be blocked as we speak after similar measures temporarily grounded the network following the January uprising.

Various Iranian officials have also expressed their belief that the internet must remain intensely monitored and filtered. This is part of a broad cyber-repression campaign led by Tehran, pushing users towards domestically-made apps that can be monitored by the regime’s security apparatus.

However, even Iranian President Hassan Rouhani posed to oppose such actions due to his concerns of its consequences.

Iranian media outlets are criticizing Rouhani, saying as the President he stands against blocking, while as chair of the Supreme National Security Council he orders such actions. The question is why did Iran lift its initial blocking after the quelling of recent unrests? The answer is simple: social pressures and international backlashes.

In Iran’s current powder keg society any issue can ignite a major movement. On December 28th an increase in the price of eggs sparked a major nationwide uprising. In a matter of just hours protesters were chanting “Death to Khamenei-Rouhani,” referring to the regime’s Supreme Leader and President, respectively.

To this day Interior Minister Abdolreza Rahmani Fazli acknowledges that these protests spread to more than 100 cities, 42 of which witnessed serious unrests. He also went on to confirm that an uprising can begin at any moment in Iran.

When a price hike can result in the most significant crisis for the Iranian regime since the 2009 uprising, rest assured blocking Telegram – used by over 40 million people across the country and the jobs of at least more than half a million people depend on this application – will generate extremely dangerous consequences.

Reactions of this announcement, made by Aladdin Borujerdi, chair of the parliament’s National Security and Foreign Policy Commission, saying the decision was made at the highest level, obviously referring to Khamenei himself, are more than telling.

“Blocking Telegram will not result in people shifting towards homegrown platforms. It will backfire,” said Iranian MP Farid Mousavi.

“This will distance the people further from the government,” added Gholamali Jafarzadeh, another Iranian MP.

Censoring the internet at any extent will also come with a heavy global price tag. Considered a violation of freedom of speech and other liberties, the international community has an obligation to condemn such a move by Iran’s regime.

During the few days that Tehran blocked Telegram in January, American political figures and Members of Congress hit back hard. This rendered the U.S. Treasury Department to permit private companies to launch free and high-speed internet access for the Iranian people.

Considering today’s developments throughout the world, escalating international isolation for Iran and significant changes in the U.S. political structure, any move by Tehran can bear unprecedented penalties.

More importantly, from Iran’s perspective, is future uprisings and the society’s explosive atmosphere. Iranian officials are saying Telegram was the main tool used to coordinate and issue calls for continuous demonstrations during the January uprising.

Saeed Hajarian, a political strategist in Iran, describes uprisings in Iran as a retreating wave that returns with far more force.

As a result, Tehran must decide if it has reached the point of no return and has no choice but to block Telegram for good. Iran is no longer choosing between bad or worse. Decisions now are between hard and harder.

Interesting is how in a recent TV interview Iranian Information and Communications Technology Minister Mohammad Javad Jahromi said there are 8,000 dissident Telegram channels. Twice he also mentioned a channel – or group – belonging to the Iranian opposition People’s Mojahedin Organization of Iran (PMOI/MEK), signaling the very threat Tehran is specifically concerned about in regards to the source of the recent uprising and ongoing protests.

A few weeks ago, another Telegram channel that is allegedly associated to the Iranian Intelligence Ministry and yet criticizes Tehran, placed a thought-provoking post asking:

“Why do people shift towards PMOI-linked channels? True, they have high quality posts. True, they have good video and … but those who do refer to PMOI channels are traitors.”

Ahmad Khatami, a senior member of Iran’s Assembly of Experts and a close figure to Khamenei also voiced concerns most likely mirroring those of the supreme leader:

“Cyberspace has become a major social dilemma and brought the enemy into our homes. Mothers should protect their children against cyberspace that is polluted with the enemy(!) The enemy intends to strike against the state through all means.”

To make matters worse, Iran is facing a very tumultuous period and a very high-risk decision. May 12th marks the end of U.S. President Donald Trump’s deadline regarding the Iran nuclear deal.

Tehran has only two options:

  • succumbing to significantly curbing its ballistic missile program and Middle East meddling, while permitting snap inspections at all sites,
  • or maintaining its position and bracing for a return of crippling sanctions.

The irony for Iran lies in the fact that both options pave the path for further social uprisings. This leaves Khamenei with no choice but to block, at least temporarily, the very medium fueling the ongoing uprising and accept the consequences.

There is an undeniable reality that senior Iranian regime officials understand far better than anyone. Although the internet is a powerful tool in driving Iran’s protests forward, the very basis is the fact that conditions across the country are ripe for protest snowballing into nationwide uprisings and an all-out revolution.