Jeff Carr of GreyLogic and James McQuaid of Secure Home Networks have both recently noted a very disturbing connection between the Iranian government and the Russian Business Network (RBN), the supposedly defunct Russian organized cyber crime group. The Iranian government has been quick to react to the use of social media by its opponents, turning these same tools against them. Facebook and Twitter are used to track Iranians at home and abroad, and a recent Wall Street Journal article explains that the Iranian government has taken social media even further. No longer just tracking potential opponents, the Iranian regime is using social media to influence and threaten Iranians overseas. Dissident ex-pats are warned that relatives at home will suffer if they don’t stop criticizing the regime on Facebook, blogs, and Twitter. Pictures and other evidence of participation in rallies are also cited.
Carr digs deeper into Tehran’s new interest in internet-based social media, finding that it has a center for research on such topics, the Research Center of Islamic Republic of Iran Broadcasting, or the RCIRIB. With its director appointed by the Supreme Leader and oversight from the President, Parliament, and Judiciary, RCIRIB is tightly tied to the regime. And this is where it gets interesting. McQuaid found that Iran turned to either the Russian government or organized crime for help in facing the flood of “denial-of-service” attacks from Iranian hacktivists. The RCIRIB’s website is www.rcirib.ir but it also has an alias, www.crspa.ir, which loads the same webpage. RBN is hosting this alias on three of its servers. What this means in layman’s terms is that in the event of a sustained denial-of-service attack on the server that hosts www.rcirib.ir, the website will still be able to load because its alias, www.crspa.ir, is hosted on the separate RBN servers. That is, the attack won’t work.
The interesting question is this: who exactly did Tehran turn to for assistance? Organized crime, which runs RBN, or the Russian government, which has strong ties to the RBN and has used its services in the past (Georgia and likely, Estonia)? Carr leans toward the latter. The Kremlin has cultivated a close relationship with Tehran, presenting itself as Iran’s friend and sponsor (albeit a sponsor bought through lucrative contracts). Offering the RBN’s services could be another such lucrative contract, making Iran more dependent on Russia. On the other hand, the RBN’s services are readily available to almost anyone for a price, so it’s entirely possible that the Iranian government contacted the organized crime group directly, just as any other customer might. The Kremlin does not control the RBN and though such a deal might require giving the Kremlin notification, for the reasons listed above, it is unlikely the Kremlin would protest. What’s more alarming, and likely to shed light on the question of whom, is the possibility that the Iranian government might begin to employ the RBN’s more nefarious services, cyber espionage and attacks. This would leave little doubt that the assistance was sanctioned by the Russian government, which tightly controls its cyber warfare assets. As Iran continues its crackdown on all forms of dissent, it’s worth watching to see what sort of cyber assets they develop.
Kara Flook is a research associate at the American Enterprise Institute.