Iranian Spyware Exposed

The hacking gang GhostSec, has got global attention after saying it has hit the FANAP Behnama software, which it has described as the “Iran regime’s very own privacy-invading software.” The group has shared as evidence a portion of the software’s source code, showcasing its distinctive facial recognition functionality that enhances its surveillance effectiveness.

The GhostSec group was formed about 10 years ago with the specific aim of combating Islamist extremism online. It claims to have exposed 20GB of data including face recognition and motion detection systems that are used by the Iranian government to monitor and track its people.

After the outrage following the death of Mahsa Amini, who was in custody in 2022. She was arrested by the morality police of Iran for allegedly failing to wear appropriate religious dress, and there was a mass of protests since her death that have seen hundreds more killed or detained and so the revelations by GhostSec are considered to be on the moment by many Irainians.

GhostSec says it intends to make the data public, “in the interests of the Iranian people, but also in the interests of protecting the privacy of each and every one of us.” There are claims that GhostSec’s actions align with hacktivist principles, they also position themselves as advocates for human rights.

The group has shared as evidence a portion of the software’s source code, showcasing its distinctive facial recognition functionality that enhances its surveillance effectiveness. This attack exposes the Iranian regime’s capacity and willingness to put its citizens under intrusive scrutiny in a fundamental breach of the human right to privacy.

The group itself even said in its statement: “This is not about technology and software, it’s about the privacy of the people, civil liberties, and a balance of power.”

Apparently the group also established a Telegram channel titled “Iran Exposed” through which they intend to share information about the breach and have already shared some compromised data accompanied by explanations of their findings and the rationale behind their actions.

GhostSec is believed to be an offshoot of the wider Anonymous hacktivist group that emerged around 2015, thought to be partly in response to the ISIS terrorist attacks in France the same year.

Since its emergence, it claims to have sabotaged hundreds of portals and social media accounts promoting Islamist extremism. GhostSec’s intention to amplify opposition to the intrusive scrutiny that undermines fundamental human rights in Iran and many other countries.

I-HLS:     Cyber News:     Hackread:     OSINT Team:     Cyberint:     TikTok:     Iran Xposed:     Wikipedia

You Might Also Read: 

A ‘FunnyDream’ From China:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« LockBit Hacked Montreal's Electricity Supplier
CISA's Post-Quantum Cryptography Initiative »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CERT-EU

CERT-EU

CERT-EU is a permanent Computer Emergency Response Team for the EU institutions, agencies and bodies.

Cyber Data-Risk Managers

Cyber Data-Risk Managers

Cyber Data-Risk Managers Pty Ltd is an insurance broker based in Melbourne, Australia specializing in Cyber insurance / Data breach insurance.

Northwave

Northwave

Northwave is 100% focused on providing integrated high quality information security services.

NetKnights

NetKnights

NetKnights is an independent IT security company which offers services and products for strong authentication, identity management and encryption.

Air Informatics

Air Informatics

Air Informatics LLC provides security, information management, analytics and informatics for IT and wirelessly enabled airplanes and operations.

Lightship Security

Lightship Security

Lightship Security is an accredited Common Criteria and FIPS 140-2 IT security testing laboratory that specializes in test conformance automation solutions and IT product security certifications.

Vanbreda

Vanbreda

Vanbreda Risk & Benefits is the largest independent insurance broker and risk consultant in Belgium and the leading insurance partner in the Benelux.

Zerodium

Zerodium

Zerodium is the leading exploit acquisition platform for premium zero-days and advanced cybersecurity research.

Conatix

Conatix

Conatix was formed to apply recent advances in AI and other fields of technology to insider fraud, one of the most intractable problems in cybersecurity.

Quintillion Consulting

Quintillion Consulting

Quintillion Consulting is a strategic risk based consulting firm. We help companies safeguard the core business and IT capabilities that deliver competitive advantage.

UK Cyber Security Council (UKCSC)

UK Cyber Security Council (UKCSC)

The role of The UK Cyber Security Council is to champion the cybersecurity profession across the UK, provide representation for the industry, accelerate awareness and promote excellence.

DeepFactor

DeepFactor

DeepFactor is the industry’s first Continuous Observability platform enabling Engineering and AppSec teams to find and triage RUNTIME security, privacy, and compliance risks in your applications.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Celebrus

Celebrus

Celebrus Fraud Data Platform, by D4t4 Solutions, works with existing fraud structures to augment functionality and turn fraud management into true fraud prevention.

Mobilicom

Mobilicom

Mobilicom is an end-to-end provider of cybersecurity and smart solutions for drones, robotics & autonomous platforms.

QEDIT

QEDIT

QEDIT is leading the standardization of Zero-Knowledge Proofs through the ZKProof.org Workshops, and builds production-grade ZKP systems for blockchain.