How Iran is accessing the social media accounts of protesters to incriminate them, specialists say


In between being blindfolded, locked in solitary confinement, and interrogated in a wheelchair whereas she was on a starvation strike following her late September arrest, Negin says she had a realization: Iranian officers have been utilizing her non-public Telegram chats, cellphone logs and textual content messages to incriminate her.

“They told me ‘Do you think you can get out of here alive? We will execute you. Your sentence is death penalty. We have evidence, we are aware of everything,’” mentioned Negin, whose identify CNN modified at her request, for her security.

Negin, who says she has been accused by Iranian authorities of working an anti-regime activist group on Telegram (an allegation she denies), mentioned she has “some friends” who have been political prisoners. “They put in front of me transcribed printouts of my phone conversations with those friends,” she mentioned, and “questioned me on what my relationship with those people were.”

Negin thinks Iranian brokers hacked into her Telegram account on July 12, when she realized one other IP handle had accessed it. Whereas Negin was in jail, she mentioned, Iranian authorities reactivated her Telegram account to see who tried to contact her and reveal the community of activists with whom she was in contact.

Negin was certainly one of a whole bunch of protesters detained at Iran’s notoriously brutal Evin jail in northern Tehran within the first few weeks of demonstrations following the demise in custody of Mahsa Amini. Amini, a 22-year-old girl, had been apprehended by Iran’s morality police for apparently not sporting her hijab correctly.

As protests unfold within the nation, a lot of the eye has targeted on the Iranian authorities’s efforts to close down the web. However behind the scenes, some fear the federal government is utilizing expertise in one other method: accessing cell functions to surveil and suppress dissent.

Human rights activists inside and outdoors of Iran have been warning for years in regards to the Iranian regime’s capability to remotely entry and manipulate protesters’ cell telephones. And tech corporations is probably not nicely geared up to deal with such incidents, specialists say.

Amir Rashidi, Director of Digital Rights and Safety on the human rights group Miaan Group, mentioned the strategies described by Negin match the Iranian regime’s playbook.

“I myself documented many of these cases,” he mentioned. “They have access to anything beyond your imagination.”

CNN has reached out to the Iranian authorities for remark about Negin’s allegations however has not heard again.

The Iranian authorities could have used comparable hacking ways to surveil the Telegram and Instagram accounts of Nika Shahkarami, the 16-year-old protester who died after an illustration in Tehran on September 20. The Iranian authorities have all the time denied any involvement in her demise, however a earlier CNN investigation discovered proof suggesting she was detained on the protests shortly earlier than she went lacking.

Iranian authorities nonetheless haven’t responded to CNN’s repeated inquiries about Nika’s demise.

No less than one tech firm, Meta, has now opened an inner inquiry into exercise on Nika’s Instagram account after her disappearance, CNN has realized.

Screenshot of the Instagram account of Nika Shakharami before it was disabled. CNN has obscured the user names and profile pictures of commenters to protect their privacy.

After Nika went lacking, her aunt and different protesters instructed CNN that her common Instagram and Telegram accounts had been disabled. Every week later, her household realized that she was useless. However the thriller over who had deactivated her social media accounts remained.

On October 12, two of Nika’s associates seen her Telegram account briefly again on-line, they instructed CNN. Nika’s Instagram account was additionally briefly restored on October 28, greater than a month after her disappearance and demise, in accordance with a screengrab obtained and verified by CNN.

As with Negin’s case, the reactivation of Nika’s accounts raises questions on whether or not Iranian authorities have been accountable for accessing her social media profiles, allegedly to phish different protesters or compromise her after her demise.

“Telegram is everything in Iran,” defined Rashidi. “It was more than just a messaging app before being blocked and still they managed to maintain their presence in Iran by just simply adding a proxy option in the app.”

“If users don’t have access to anything because of censorship, they still have access to Telegram,” he continued. “As results there are a lot of users’ data in Telegram and that’s why the Iranian government is interested in hacking Telegram.”

There are alternative ways the federal government might achieve entry to an individual’s accounts or their community of contacts, in accordance with specialists. Negin, for instance, mentioned authorities “kept creating Telegram accounts using my SIM card, in order to see who I am in contact with.” In different circumstances, authorities might try and co-opt the two-factor authentication course of, which is designed to offer larger safety by texting or emailing a login code.

“Usually what happens is, they do the target phone number, then they send a login request to Telegram,” Rashidi instructed CNN. “If you don’t have 2-step verification, then they will intercept your text message, read the login code and easily get into your account.”

That’s why some Iranian activists cheered when Google launched Google Authenticator within the nation in 2016. It’s a two-step verification course of that provides a layer of safety for cell phone customers.

Crucially, nonetheless, the Iranian regime doesn’t even want telecommunication corporations to work with them, in accordance with Rashidi. “The Iranian government is running the entire telecommunication infrastructure in Iran,” he mentioned.

After Nika’s disappearance, Meta launched an investigation into whether or not Nika herself had disabled the account or whether or not another person was accountable. The investigation lasted 9 days, from October 6 to October 14, in accordance with a supply at Meta who spoke to CNN on situation of anonymity.

The conclusion: “While we can’t share specific details about Nika Shahkarami’s account for privacy and security reasons, we can confirm Meta didn’t originally disable it,” a Meta spokesperson instructed CNN.

Meta additionally confirmed to CNN that Nika’s account “was briefly reactivated and memorialized for less than 24 hours” on October 27 “as a result of an internal process error, which we addressed by re-disabling the account.” Meta instructed CNN it discovered this error after CNN reached out for this investigation.

Meta additionally mentioned it obtained course from Nika’s household by way of one of many firm’s trusted companions in Iran that they wished Nika’s Instagram account to remain offline.

However, references in Iranian state media point out authorities did entry Nika’s Instagram account and direct messages, stating that they had permission from the judiciary to entry them.

A relative of Nika, who wished to stay nameless for worry of repercussions, instructed CNN the Tehran prosecutor’s workplace has been holding Nika’s cellphone since her demise. “We went to the prosecutor’s office and found out that Nika’s phone is with Mr Shahriari (name of the prosecutor); I saw with my own eyes that it was in their hands,” the member of the family mentioned.

Meta’s investigation highlights each the seriousness of the case and the constraints that American tech corporations seem to have in addressing activists’ issues about Iran’s dealing with of accounts.

Mahsa Alimardani, senior web researcher at Article 19, a freedom of expression group, additionally raised issues about Telegram. “One time we asked them to reverse some edits that were done on a person’s account after her death, and they were not helpful. They didn’t get back to us. They didn’t try to fix the issue. No kind of support or help into that,” Alimardani mentioned.

In response to CNN’s request for remark, Telegram spokesperson Remi Vaughn mentioned: “We routinely process dozens of similar cases referred to us by activists from trusted organizations and disable access to compromised accounts. In every case we’ve investigated, either the device had been confiscated or the user had unwittingly made such access possible — by not setting a 2-Step Verification password or using a malicious app impersonating Telegram.”

“In countries with authoritarian rule, such as Iran, authorities can potentially intercept any SMS message,” Vaughn continued. “It is therefore important for users to enable Two-Step Verification, which requires an additional user-created password to be entered whenever logging in, in addition to the SMS login code. It is also important that such users use official Telegram apps from trusted sources.”

“To protect protesters, we have blocked thousands of posts that had attempted to deanonymize protestors and could have reached hundreds of thousands if not for our intervention. We are always proactively monitoring public-facing parts of our platform to find such misuse,” she concluded.

“Tech companies must work with civil society,” Rashidi mentioned. “There are so many issues that they can work with us on them to make sure these platforms are safe, especially for those who are at risk.”