Western intelligence communities have been warning of a rising tide of cyber espionage and cyber terrorism from Iran, Russia, and China in recent months. At the same time, analysts have brought attention to mutual declarations of interest in military, economic, and political collaboration among the leaders of each of these countries. The two trends are potentially if not actually related.
In Iran, government support for hacking, likely in coordination with foreign assistance, has especially impacted the volume of phishing attacks aimed at uncovering sensitive information from high profile Western nationals, global human rights activists, and Iranian dissidents both at home and abroad. This trend was highlighted in IranWire once on Monday when the outlet detailed the surge in hacking attempts directed against activists, and again on Tuesday when it described the specific situation of one unnamed European lawyer whose e-mail was hacked almost immediately after an Iranian friend was arrested by Iranian security forces.
The article about these two individuals notes that the lawyer refused to reveal specific names because the arrestee’s family may be subject to reprisals if his case is discussed publicly. There is a great deal of precedent for this, especially in situations of internationally visible political imprisonments. Iranian authorities regularly order political prisoners to avoid talking to the news or on social media about their experiences in Iran’s prison system, which has a reputation for poor conditions and rampant abuse.
These orders reflect a broader preoccupation with secrecy in cases of prosecution, especially politically motivated prosecution. The rise in hacking attacks may indicate that one possible reason for this secrecy is to avoid raising suspicion among friends and acquaintances of arrestees when the Iranian authorities begin to target them in an attempt to illicitly extract information about networks of activists and dissidents.
The IranWire report certainly points to this interpretation, noting that neither the lawyer nor any of his contacts knew of his friend’s arrest until after the phishing attacks began. The arrestee’s wife was reportedly intimidating into maintaining that secrecy even after a phone call from the lawyer, and was told that the situation would get worse for the defendant, who is charged with espionage, if anyone discusses his case.
This anonymous case is not the only recent example of overlap of Iranian hacking efforts and secretive arrests. The International Campaign for Human Rights in Iran pointed out on Tuesday that there has still been no information from the Iranian judiciary about the case against Arash Zad, an information technology expert who was arrested at the Imam Khomenei Airport as he was set to leave Iran on August 1. Associates of Zad report that the did not learn of the arrest until they became subjects of phishing attempts, which they speculate originated with the Iranian Revolutionary Guard Corps.
Zad’s background lends itself to more than one explanation for why he may have been arrested. One clear possibility is that it is an act of repression against work that appears to undermine the regime’s theocratic ideology, particularly as it affects the rights of women. Zad received the 2014 UN World Summit Youth Award for developing a service aimed at increasing the role of women in the Iranian technology sector. But this comes at a time when Iran has been cracking down on women’s rights and pushing women to remain in the home as wives and mothers, and thus out of the workplace in most instances.
A number of women’s rights activists and female activists in general have been subject to harsh prison sentences in recent weeks and months. The young artist Atena Farghadani was sentenced in June to 12 years and nine months in prison, solely for posting a cartoon depicting Iranian politicians as animals, although her decision to speak out on YouTube about her treatment following her arrest may have exacerbated the sentencing. Shortly after that, the Green Movement activist Bahareh Hedayat was arbitrarily given an additional two years in prison after her actual prison term had been served in full.
In light of these and other incidents, Zad’s arrest may constitute the regime’s targeting of active opposition to regime policies. But it may also have been motivated simply by Zad’s unwillingness to collaborate with the regime at a time when it is constantly upgrading the capabilities of its state-affiliated hackers.
There is precedent for this in other areas of technological development. Omid Kokabee has been in prison since January 2011, when he was arrested on a return trip to his home in Iran after a term as a physics graduate student in the United States. He is accused of cooperating with hostile governments, but Kokabee alleges that his arrest came after he refused to help the Iranian regime with a nascent weapons project.
The July 14 nuclear agreement may prompt Iran to at least temporarily limit its investment in the sort of clandestine nuclear weapons development that people like Kokabee might have contributed to. But as any such projects move to the back burner and Iran obtains new investment capital through sanctions relief, the regime is almost certain to expand its work in non-banned areas that are already on the grow, including cyber espionage and cyber terrorism. It is thus reasonable to assume that the regime will look to domestic experts as well as foreign allies in moving ahead with this kind of work and utilizing it against international adversaries.