Iran’s Internal Conflict Plays Out On Social Media

The biggest anti-government protests in Iran for nearly a decade have been fuelled by rising discontent, in particular over the cost of living. Iran has been rocked by a wave of protests over economic hardship and lack of civil liberties in the past few weeks.

The streets are not the only battleground between the Islamic Republic and its critics. A cyber battle on several fronts is being fought between the two sides on social media platforms. 

In 2009, the last time Iran saw demonstrations of such scale, social media was dominated by pro-opposition users and reformists who used Facebook, YouTube and Twitter to share images of the Green Movement to the outside world. Today, mobile apps are used by a significantly higher percentage of the population and the government is better prepared to confront its opponents on digital media.

Many senior politicians and activists use a variety of platforms on a daily basis, despite some being officially blocked, and boast hundreds of thousands of followers sympathetic to their cause. After the Stuxnet computer worm hit Iran's nuclear facilities in 2010, the country invested heavily in cyber capabilities and set up a team of trained hackers known as the Iranian Cyber-Army.

In the absence of independent news outlets and state TV's typically one-sided coverage, citizens took to social media to share photos and videos of the demonstrations with the aim of disseminating their message and inviting more local residents to join the crowds.

Telegram, which has an estimated 40 million users in Iran, equivalent to almost half the population, has been the platform of choice for the protestors. In response, the officials "temporarily" blocked Telegram and Instagram. Facebook, YouTube and Twitter have been banned since 2009. 

'Nothing going on'

But proponents of the Islamic Republic did not leave the social media battleground to the critics this time. One of the notable tactics used was the creation of dozens of Twitter bots whose job ranged from calling widely shared videos of rallies fake to discouraging potential protesters from joining rallies.  

A social bot automatically generates content and followers, mostly to support a wider campaign. Most of these accounts have unusual profile names and pictures, and were created during the protests.The accounts have no more than a handful of followers, which happen to be similar bot accounts. "I just arrived here, there is nothing going on," posted one account in response to a video about an alleged protest in Rasht, Gilan province. "Why are you lying? No-one is here," said another. The exact same messages by the same accounts can be seen below many videos shared between 1 and 4 January. 

While clearly co-ordinated, there is no evidence that these accounts were created by official authorities or security services.

Bot-spotting tips

The Atlantic Council's Digital Forensic Research Lab (DFRL) offers social-media users tips for spotting a bot:

Frequency: Bots are prolific posters. The more frequently they post, the more caution should be shown. The DFRL classifies 72 posts a day as suspicious, and more than 144 per day as highly suspicious. 

Anonymity: Bots often lack any personal information. The accounts often have generic profile pictures and political slogans as "bios".

Amplification: A bot's timeline will often consist of re-tweets and verbatim quotes, with few posts containing original wording.

Common content: Networks of bots can be identified if multiple profiles tweet the same content almost simultaneously.

Hashtag Wars                                                                                                                                                        

At the same time, hardline users began an initiative to enlarge and highlight the faces of protesters captured in videos and pictures, calling for the intelligence agencies to identify and arrest them. Tasnim news agency, affiliated to the powerful Revolutionary Guards, was among those joining the initiative on Twitter. The protesters hit back immediately. They set up a Twitter account sharing the alleged names and details of security personnel confronting the demonstrators. In addition, they identified the accounts highlighting individual protesters and repeatedly reported them to Twitter.

The hashtag mostly associated with the recent events in Iran, #nationwide_protests, has been used more than 470,000 times so far. 

But an analysis of the hashtag shows a large number of posts in favour of the demonstrations from Saudi Arabia.
Some supporters of the Islamic Republic and conservative agencies have been using their own hashtag, #nationwide_riots.
Sunni Saudi Arabia and Shia Iran are regional rivals and have been involved in proxy wars in the Middle East, notably in Syria and Yemen. An Arabic hashtag, #happening_now_in_Iran, has been used more than 66,000 times since the first day of the protests.

BBC:

You Might Also Read:

Iran Turns Off The Internet:

Signal: The Snowden-Approved Crypto App Comes to Android:

Zello Protest App Blocked in Russia:

 

« Applying Blockchain to Cybersecurity
The Big Online Advertising Swindle »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

mile2

mile2

Mile2 develop and deliver proprietary vendor neutral professional certifications for the cyber security industry.

Avatu

Avatu

Avatu specialise in providing clients the advice, technology and tools they need to fight cyber and insider threats.

Venable

Venable

Venable is an American Lawyer 100 law firm with nine offices across the USA, Practice areas include Cybersecurity.

FaceFirst

FaceFirst

FaceFirst provide face recognition technology solutions to detect and deter real time threats,

ESTsecurity

ESTsecurity

ESTsecurity provides intelligent security threat management solutions to make a safer world.

Nehemia Security

Nehemia Security

Nehemiah Security delivers a security risk management and analytics platform that empowers business leaders to make better, more actionable decisions.

LaoCERT

LaoCERT

LaoCERT is the national Computer Incident Response Team for Laos.

Grupo CFI

Grupo CFI

Grupo CFI is the largest Spanish network of data protection and cybersecurity professionals.

La Fosse Associates

La Fosse Associates

The InfoSec Recruitment team at La Fosse Associates specialises in placing Information Security & Risk professionals on a permanent and contract basis.

boxxe

boxxe

boxxe create flexible IT infrastructures, collaborative global workspaces and data clarity, all underpinned by world-leading security.

VIRTIS

VIRTIS

VIRTIS' mission is to provide today's leading organizations peace of mind that their entire digital network perimeter is safe from hackers and data breach.

DoControl

DoControl

DoControl gives organizations the automated, self-service tools they need for SaaS applications data access monitoring, orchestration, and remediation.

Information Services Group (ISG)

Information Services Group (ISG)

As a leading global research and advisory firm, ISG partners with our clients to determine a future vision, lead rapid change and realize the value of your digital investments at scale.

Myota

Myota

Myota intelligently equips each file to be resilient and achieve Zero Trust-grade protection. Withstand ransomware and data breach attacks. Reduce data restoration time and effort.

Prancer

Prancer

Prancer is the industry's first cloud-native, self-service SAAS platform for automated security validation and penetration testing in the cloud.

Apex Systems

Apex Systems

Apex Systems is a world-class technology services business that incorporates industry insights and experience to deliver solutions that fulfill our clients’ digital visions.