Hey Guys,

More bad news for Iran. A hacker has just posted details of the country’s current digital surveillance and spying capabilities. Last week, Iran’s Atomic Energy Agency was BREACHED, and now it’s the turn of Ariantel, Iran’s leading telecommunication company, to be hacked. You can read the full article HERE on The Intercept, but the following are some of the main points:

  • The system they are using is called SIAM. You can read the leaked user guide for SIAM by going HERE
  • SIAM is embedded directly in the local phone company, so in this case, spyware does not need to be installed on the target phone. (However, in theory, they could plant spyware directly into the operating system via a SIAM compromised SIM card)
  • SIAM gives the Iranian authorities many surveillance capabilities, including but not limited to:

a. Disconnecting individuals as well as broad swaths of the population from the web
b. Slowing data connections to a crawl
c. Break the encryption of phone calls (read my tip about blocking 2g connections HERE)
D. Track the movements of individuals or large groups,
E. Produce detailed metadata summaries of who spoke to whom, when, and where.

“SIAM can control if, where, when, and how users can communicate,” explained Gary Miller, a mobile security researcher and fellow at the University of Toronto’s Citizen Lab. “In this respect, this is not a surveillance system but rather a repression and control system to limit the capability of users to dissent or protest.”

“These functions can lead to life-and-death situations in a country like Iran, where there is no fair judicial process, no accountability, and we have a huge pattern of violations of people’s rights,” said Amir Rashidi, an internet security and digital rights expert focused on Iran. “Using the tools outlined in this manual could not only lead to mass surveillance and violations of privacy — it can also easily be used to identify the location of protesters who are literally risking their lives to fight for their basic rights.”

Be Careful:
Suppose you are worried that you might end up in the vicinity of an illegal protest by accident when you are walking home from the library, for example (this happens all the time!). In that case, you should consider the following: Do not bring your phone if you think you will walk past one. It will be picked up by a cellular interceptor/stingray almost immediately.

You could be 200 feet away from the protest on a separate street, but your phone can still be picked up. If your phone was there, you were there, even if you were walking by one day. If you are worried, you can put your phone into a homemade faraday cage to block its connections while walking in the vicinity. They are easy to make, and you can read more HERE.

Help Iranians bypass Internet Censorship.
If you want to help Iranians bypass internet censorship, the great news is that you can help. Follow the advice in one of my previous tips HERE.

All the best,

Max Roberts,
Incognito Privacy Care Team