Opposition Group: Iran’s ‘Cyber Army’ Falls Under the Command of the IRGC

By Patrick Goodenough | March 30, 2016 | 2:24am EDT
Islamic Revolutionary Guard Corps commander Maj. Gen. Muhammad-Ali Jafari escorts Iranian President Hasan Rouhani before he addresses a national gathering of the IRGC’s commanders on September 16, 2013. (Photo: Iranian presidency)

(CNSNews.com) – Iran has denied U.S. claims of cyber-attacks following the indictment last week of seven Iranians accused of targeting dozens of U.S. banks and a small dam, but according to an Iranian opposition group a “cyber army” headed by top Islamic Revolutionary Guard Corps (IRGC) officers has been increasingly active since 2009.

Iranian foreign ministry spokesman Hossein Jaberi Ansari at the weekend dismissed the U.S. allegations, saying Iran has never supported “any precarious measures in cyberspace” but was on the contrary the victim of cyber-attacks.

The U.S. was “in no position to accuse the citizens of other countries,” Ansari said, and cited the Stuxnet computer virus which attacked the Natanz uranium enrichment facility in 2010. The attack was allegedly carried out by the U.S. and Israel in a bid to slow Iran’s nuclear advance.

The Department of Justice on Thursday announced the unsealing of indictments against seven Iranian nationals accused of carrying out denial-of-service attacks against the servers of 46 U.S. banks over 176 days between 2011 and 2013, costing victims tens of millions of dollars in remediation costs. One of the seven was also accused of gaining access to the control system for a small dam north of New York City.

The Iranians were allegedly working for private companies that had been tasked by the IRGC and other government agencies to carry out the attacks. No senior IRGC or government officials in the chain of command were indicted, however.

According to the National Council of Resistance of Iran (NCRI), an exiled opposition group, the IRGC has been engaged in cyberwarfare since around 2007, and increasingly so after the post-election anti-government protests in 2009, aimed both at suppressing domestic opposition and launching attacks against foes abroad.

“The cyber army has been established under the command of IRGC commander Mohammad-Ali Jafari,” NCRI said in a new report, which it says is based on information from its sources inside the regime, including in the IRGC.

“The regime’s Supreme National Security Council has adopted decisions for the cyber army to confront and institute measures against websites abroad, and to monitor and act against Internet threats against the regime within Iran,” the report said.

NCRI said Jafari has endorsed a plan to make the cyber army the sixth force of the IRGC – alongside the Ground, Navy, Aerospace, Qods Force, and the domestic Basij militia.

It would work against targets inside Iran in conjunction with the Basij, and outside the country with the Qods Force, “to interfere in other countries’ affairs to advance the regime’s objectives abroad.”

In November 2010, the cyber army claimed to have hacked 500 websites simultaneously, disrupting private sites as well as “intelligence networks” of foreign countries.

Private targets included social media users who encourage young Iranians to oppose the regime, the report said. Iranian hackers reportedly hacked Twitter in 2009 and China’s largest search engine, Baidu, in 2010.

The report said the cyber activities are supported by Iran’s parliament. It quoted a member of the parliamentary security committee, Fatemeh Alia, as saying in October 2010, “When it comes to cyber warfare, in the current circumstances we need to allocate a budget sufficient to acquire the equipment needed for this kind of war, so we can dedicate it to cyber warfare and the cyber army.”

Apart from the IRGC cyber activities, the NCRI report said entities attached to Iran’s Defense and Intelligence Ministries were also involved in cyber activities.

It said an operational unit falling under the Intelligence Ministry’s technology department aims “to hack sites run by opponents, to control websites, to attack other networks, and to conduct electronic espionage abroad.”

MRC Store