Iran spied on ISIS supporters through fake phone wallpaper app, say researchers

Cell Phone - IASupporters of the Islamic State, most of them Persian speakers, were spied on by the government of Iran after they downloaded a fake smartphone application with wallpaper images, according to an online security firm. Iran is a major adversary of the radical Sunni group Islamic State. The latter considers Shiism (Iran’s state religion) as an abomination. Not surprisingly, therefore, the Islamic State, which is also known as the Islamic State of Iraq and Syria (ISIS), relies largely on supporters from the Arabic-speaking regions of the Levant. But according to estimates, Sunnis constitute about 10 percent of Iran’s population, and ISIS has found some fertile ground among Iran’s 8 million-strong Sunni minority. As a result, the government in Tehran is highly mistrustful of Iranian Sunnis, many of whom are ethnic Kurds, Baluchis, Azeris or Turkomans, and systematically spies on them.

According to the Israeli online security firm Check Point Software Technologies, one way in which Tehran has spied on Persian-speaking ISIS supporters is through fake smartphone applications. In an article published last week, the company said it had uncovered a state-sponsored surveillance operation that it had codenamed “Domestic Kitten”. The Check Point article said that the operation had gone on for more than two years, but had remained undetected “due to the artful deception of its attackers towards their targets”. The surveillance of targeted phones was carried out with the help of an application that featured pro-ISIS-themed wallpapers, which users could download on their devices. Yet another program linked to the same vendor was a fake version of the Firat News Agency mobile phone application. The Firat News Agency is a legitimate Iranian information service featuring news about Iran’s Kurdish minority. But both applications were in fact malware that gave a remote party full access to all text messages sent or received on the compromised phones. They also gave a remote party access to records of phone calls, Internet browser activity and bookmarks, and all files stored on the compromised phones. Additionally, the fake applications gave away the geo-location of compromised devices, and used their built-in cameras and microphones as surveillance devices.

Check Point said that the majority of compromised phones belonged to Persian-speaking members of Iran’s Kurdish and Turkoman minorities. The company stressed that it was not able to confirm the identity of the sponsoring party with absolute accuracy. However, the nature of the fake applications, the infrastructure of the surveillance operation, as well as the identities of those targeted, posed a strong possibility that “Domestic Kitten” was sponsored by the government of Iran, it concluded. Last July, the American cyber security firm Symantec said that it had uncovered a new cyber espionage group called “Leafminer”, which was allegedly sponsored by the Iranian state. The group had reportedly launched attacks on more than 800 agencies and organizations in in countries such as Israel, Egypt, Bahrain, Qatar, Kuwait, the United Arab Emirates, Afghanistan and Azerbaijan.

Author: Ian Allen | Date: 14 September 2018 | Permalink

Advertisements

US announces arrest of two men charged with spying for Iran

Mujahedin-e KhalqAuthorities in the United States have announced the arrests of two men who have been charged with spying on American soil on behalf of the Islamic Republic of Iran. The men were reportedly arrested on August 9, but information about them was only released on Monday by the US Department of Justice. In a press statement published online, John Demers, US Assistant Attorney General for National Security, said the men were arrested because of concerns that they “acted on behalf of Iran”. They were identified as Ahmadreza Mohammadi Doostdar, 38, and Majid Ghorbani, 59. Doostdar is reportedly a dual citizen of the US and Iran, while Ghorbani is an Iranian citizen who lives in the US state of California. The two men are not believed to be diplomats.

According to the US government, the men were observed “conducting surveillance of political opponents and engaging in other activities that could put Americans at risk”. The press statement alleges that Doostdar carried out surveillance of a Jewish center in Chicago, while Ghorbani attended meetings and rallies organized by Iranian opposition groups operating in the US. The press release identifies one such group as the Mujahideen-e Khalq (MEK), a militant faction that has roots in radical Islam and Marxism. Between 1970 and 1976, the group assassinated six American officials in Iran and in 1970 tried to kill the United States ambassador to the country. It initially supported the Islamic Revolution of 1979, but later withdrew its support, accusing the government of Ayatollah Khomeini of “fascism”. It continued its operations in exile, mainly from Iraq, where its armed members were trained by the Palestine Liberation Organization and other Arab leftist groups. Until 2009, the European Union and the US officially considered the MEK a terrorist organization. But the group’s sworn hatred against the government in Iran brought it close to Washington after the 2003 US invasion of Iraq. By 2006, the US military was openly collaborating with MEK forces in Iraq, and in 2012 the group was dropped from the US Department of State’s list of foreign terrorist organizations. Today the group enjoys open protection from the EU and the US.

On June 30 of this year, authorities in Belgium arrested a married Belgian couple of Iranian descent, who were found to be carrying explosives and a detonator. On the following day, July 1, German police arrested an Iranian diplomat stationed in Iran’s embassy in Vienna, Austria, while a fourth person was arrested by authorities in France, reportedly in connection with the three other arrests. All four individuals were charged with having planned a foiled plot to bomb the annual conference of the MEK-affiliated National Council of Resistance of Iran (NCRI) that took place on June 30 in Paris, France. It is not known whether the arrests in Europe are in any way connected with the cases of the two men held in the US.

Researchers uncover ‘ambitious’ Iranian hacker group that targets the Middle East

Computer hackingAn American cyber security firm has reported the discovery of a previously undetected, “highly active” Iranian cyber espionage group, whose extensive target list consists mainly of large organizations and companies in the Middle East. The cyber security firm Symantec, makers of Norton antivirus software, which uncovered the cyber espionage group’s existence, has dubbed it “Leafminer”. It said the group has been active since the beginning of 2017, but has “significantly ramped up its activities” in 2018 and is currently involved in dozens of ongoing attacks.

In a report published on Wednesday, Symantec said that its security experts managed to obtain what appears to be Leafminer’s master list of targets. The list is written in the Farsi language and contains just over 800 organizations, which according to Symantec researchers is “an ambitious goal” for any cyber espionage group. The organizations listed on the target sheet come from a variety of sectors, including government, transportation, the financial sector, energy and telecommunications. But the majority of the group’s targets appear to be in the petrochemical and government sectors. Additionally, virtually all of Leafminer’s targets are located in the Middle East and North Africa, in countries such as Israel, Egypt, Bahrain, Qatar, Kuwait and the United Arab Emirates. Some of the group’s targets are located in Afghanistan and Azerbaijan.

Symantec said its researchers observed the Leafminer hackers execute attacks in real time on at least 40 targets in the Middle East, including on the website of an intelligence agency in Lebanon. According to the cyber security company, Leafminer uses a variety of hacking tools, including custom-designed malware and some publicly available software. The group’s operational sophistication is also varied, and ranges from complex, multilayered attacks to brute-force login attempts. Symantec said it concluded that the cyber espionage group originates from Iran because its master target list is written in Farsi and because Iran is virtually the only country in the Middle East that is missing from the target list. However, it said that it did not have sufficient evidence to link Leafminer to the Iranian government. In a separate development, Germany’s domestic intelligence agency, the Federal Office for the Protection of the Constitution (BfV), said this week in its annual report that the government of Iran has significantly expanded its cyber warfare capabilities and “poses a danger to German companies and research institutions”.

Author: Joseph Fitsanakis | Date: 26 July 2018 | Permalink

Iran warns of repercussions as US intensifies campaign against Tehran

IRGC IranIranian military officials have warned of extracting “revenge from foreign intelligence services”, as Reuters reported that an aggressive campaign against Tehran has been launched by Washington. On Sunday, the Reuters news agency said that senior officials in the administration of US President Donald Trump had launched a concerted offensive “meant to foment unrest” in the Islamic Republic. Citing information from “more than half a dozen current and former officials”, Reuters said that the US offensive is directly supported by President Trump’s Secretary of State Mike Pompeo and his National Security Adviser John Bolton. Both officials are known for their aggressive stance against the Iranian government.

The campaign, said Reuters, is meant to “work in concert” with President Trump’s push to “economically throttle Iran”. The US leader announced a series of economic sanctions on the Islamic Republic and has intensified his critical statements against Tehran after May of this year, when Washington pulled out of the Iran nuclear agreement. Known as the Joint Comprehensive Plan of Action (JCPOA), the international agreement was reached in 2015 between Iran and a group of nations known as the P5+1, namely the five permanent members of the United Nations Security Council plus Germany. As part of the deal, Iran agreed to halt its nuclear weapons program in exchange for an end to economic sanctions by the West. But President Trump abandoned the agreement, saying it was a form of appeasing Tehran.

According to Reuters, Washington’s campaign involves the spreading of information that “paints Iranian leaders in a harsh light” and in some cases makes claims about Tehran that are “exaggerated”. For example, said Reuters, some social media posts by the US Department of State’s Farsi-language news service claim that Iran is close to al-Qaeda, despite the fact that Shiite Islam, which is Iran’s state religion, is viewed as a heresy by Sunni members of al-Qaeda. Other –perhaps more believable– accusations include claims that the leaders of Iran are wasting funds released by the JCPOA instead of using it for their people’s welfare, and that Tehran funds the Taliban in Afghanistan.

Meanwhile, a spokesman for the Iranian Revolutionary Guard Corps (IRGC), arguably the most powerful branch of the Iranian Armed Forces, issued a warning on Sunday against “foreign intelligence services”. The spokesman, Brigadier General Ramezan Sharif, said Iran would take revenge on foreign spy services “who try to disrupt the security of Iran’s borders”. He was referring to an armed attack that took place on Saturday in Iran’s northwestern Marivan region, near the Iran-Iraq border. The attack concentrated on an Iranian military compound in the village of Dari and culminated with the bombing of an IRGC arms depot. According to Iranian media reports, the explosion killed 11 Iranian border guards. Reuters said it contacted the White House and the Department of State about the alleged campaign against Iran, but that both declined to comment.

Author: Joseph Fitsanakis | Date: 23 July 2018 | Permalink

Israel says it foiled Iranian-sponsored bomb attack in France

MossadIsrael helped foil an alleged Iranian-sponsored bomb attack in Paris, which involved arrests of several Iranian agents and at least one diplomat in France, Belgium and Germany, according to media reports. As intelNews reported earlier this month, the arrests began on June 30, when members of Belgium’s Special Forces Group arrested a married Belgian couple of Iranian descent in Brussels. The couple were found to be carrying explosives and a detonator. On the following day, July 1, German police arrested an Iranian diplomat stationed in Iran’s embassy in Vienna, Austria. On the same day, a fourth person, who has not been named, was arrested by authorities in France, reportedly in connection with the three other arrests.

All four individuals appear to have been charged with a foiled plot to bomb the annual conference of the National Council of Resistance of Iran (NCRI) that took place on June 30 in Paris. The NCRI is led by Mujahedin-e Khalq (MEK), a militant group with roots in radical Islam and Marxism. The MEK was designated as a terrorist group by the European Union and the United States until 2009 and 2012 respectively. But it has since been reinstated in both Brussels and Washington, reportedly because it provides the West with a vehicle to subvert the Iranian government.

On Thursday, authorities in Israel announced the lifting of a blanket censorship decree that prevented local media from discussing the country’s role in helping the Europeans foil the alleged bomb attack in Paris. According to Israel’s Channel 2, a private television station based in Jerusalem, the Iranian attack was prevented after the Israeli agency Mossad detected the whereabouts of several suspects involved in it. The Mossad then supplied Germany, Belgium and France with intelligence that led to the arrests of some of those suspects. However, Channel 2 said that the Israeli government did not give a reason for the initial censorship imposed on the country’s media, nor did it explain why it had decided to lift it. On July 4, Israeli Prime Minister Benjamin Netanyahu appeared to hint that Israel had a role in the foiling of the alleged bomb attack in Paris. Speaking during a commemoration ceremony in Acre, Israel, Netanyahu said it was “no coincidence” that the attack in Paris had been stopped. But the Israeli leader did not expressly indicate that the Mossad had a role in the operation.

Following news of the arrests in Europe, the Iranian government said that it had no connection to the alleged plot in Paris and called the incident a “false flag” operation staged by Tehran’s enemies at home and abroad.

Author: Joseph Fitsanakis | Date: 20 July 2018 | Permalink

Spy chiefs from Russia, China, Iran and Pakistan hold high-level meeting

Sergei NaryshkinIntelligence directors from Russia, China, Iran and Pakistan met on Tuesday to discuss regional cooperation with particular reference to combating the Islamic State in Afghanistan. Information about the high-level meeting was revealed yesterday by Sergei Ivanov, media spokesman for the Russian Foreign Intelligence Service (SVR). Ivanov told Russia’s state-owned TASS news agency that the meeting was held in Pakistan and included the participation of SVR director Sergei Naryshkin. TASS reported that the meeting was held under the auspices of Pakistan’s powerful Inter-Services Intelligence (ISI) Directorate and was attended by “senior intelligence officials” from Pakistan, Russia, Iran and China.

Ivanov said that discussions during the meeting “focused on the dangers arising from a buildup of the Islamic State on the Afghan territory”. The Islamic State announced the formation of its Afghan province (wilayah in Arabic) in January 2015, using the term “Khorasan Province”. By July 2016, two of its most prominent leaders had been killed in coordinated drone strikes by the United States, but the group continues to launch operations to this day. Its core is thought to be made up of nearly 100 fighters from the Islamic State’s former strongholds in Syria and Iraq. According to Russian reports, security officials in China, Russia, Pakistan and Iran are concerned that the Islamic State’s Afghan command is becoming stronger as fighters from the group are leaving the Middle East and moving to Afghanistan.

Tuesday’s high-level meeting in Islamabad follows an announcement last month by the Beijing-led Shanghai Cooperation Organization (SCO) that it would adopt a more active stance on security issues in Afghanistan. Early in June, Afghan President Mohammad Ashraf Ghani described the SCO as “an important platform for anti-terrorist cooperation and enhancing regional connectivity” in Central and South Asia. President Ghani made these comments shortly before traveling to China to attend the annual summit of the SCO, of which Afghanistan is an observer country.

Author: Ian Allen | Date: 11 July 2018 | Permalink

Holland expels two Iranian diplomats, but stays silent on reasons

Iran embassy HagueHolland has expelled two Iranian diplomats without saying why, leading to speculation that the expulsions may be related to the arrests of members of an alleged Iranian sleeper cell in Belgium, Germany and France last week. On Friday, a spokesperson from Holland’s General Intelligence and Security Service (AIVD) told reporters that “two persons accredited to the Iranian embassy” in the Hague “were expelled from the Netherlands on June 7”. The spokesperson continued saying that, although the AIVD was able to confirm that the two unnamed persons had been expelled from the country, they would “not provide any further information”. When journalists contacted Holland’s Ministry of Foreign Affairs, they were told that there would be no comment on the matter from the Dutch government.

Late on Friday, the Reuters news agency cited an unnamed “European government official and a Western intelligence source” who said that the two Iranian embassy personnel were expelled from Holland “up to two months ago”. But Holland’s state-owned Dutch Broadcast Foundation (NOS) reported that the expulsions took place on June 7. No further information appears to be publicly available. However, assuming that the expulsions took place last week, and not two months ago, they appear to have coincided with the arrests of members of an alleged Iranian sleeper cell on June 30 and July 1. As intelNews reported last week, the arrests began on June 30, when members of Belgium’s Special Forces Group arrested a married Belgian couple of Iranian descent in Brussels. The couple were found to be carrying explosives and a detonator. On the following day, July 1, German police arrested an Iranian diplomat stationed in Iran’s embassy in Vienna, Austria. On the same day, a fourth person, who has not been named, was arrested by authorities in France, reportedly in connection with the three other arrests.

All four individuals appear to have been charged with a foiled plot to bomb the annual conference of the National Council of Resistance of Iran (NCRI) that took place on June 30 in Paris. The NCRI is led by Mujahedin-e Khalq (MEK), a Marxist militant group that has roots in radical Islam and Marxism. Until a few years ago, the MEK was designated as a terrorist group by the European Union and the United States, but has since been reinstated in both Brussels and Washington. There is also speculation that last week’s expulsions in Holland may be related to the assassinations of dissident Iranian expatriates in Holland in 2015 and 2017, which have been blamed on the government in Tehran.

On Saturday, the Iranian Ministry of Foreign Affairs summoned the Dutch ambassador to protest against the expulsions of its diplomats, while a ministry spokesperson warned that “the Islamic Republic reserves the right to retaliate”. Reuters quoted an unnamed “senior Iranian official” who said that “all these arrests and expulsions are part of our enemies’ attempts to harm efforts to salvage the nuclear deal”, a reference to the Joint Comprehensive Plan of Action.

Author: Joseph Fitsanakis | Date: 09 July 2018 | Research credit: M.K. | Permalink