{"id":14065,"date":"2022-10-27T05:43:09","date_gmt":"2022-10-27T12:43:09","guid":{"rendered":"https:\/\/worldcampaign.net\/?p=14065"},"modified":"2022-11-02T05:49:54","modified_gmt":"2022-11-02T12:49:54","slug":"hacked-documents-how-iran-can-track-and-control-protesters-phones-the-intercept","status":"publish","type":"post","link":"https:\/\/worldcampaign.net\/?p=14065","title":{"rendered":"&#8220;Hacked Documents: How Iran Can Track And Control Protesters\u2019 Phones&#8221;, The Intercept"},"content":{"rendered":"<p><span data-reactid=\"161\">Sam Biddle<\/span>, <span data-reactid=\"164\">Murtaza Hussain,\u00a0October 27 2022<\/span><\/p>\n<p>The documents provide an inside look at an Iranian government program that lets authorities monitor and manipulate people\u2019s phones.<\/p>\n<div class=\"Post-header\" data-reactid=\"79\"><\/div>\n<div class=\"Post-body emailwall\" data-reactid=\"170\">\n<div class=\"Post-content-block-outer\" data-reactid=\"177\">\n<div class=\"GridContainer Post-scroll-container\" data-reactid=\"178\">\n<div class=\"GridRow\" data-reactid=\"179\">\n<div class=\"Post-content-block\" data-reactid=\"180\">\n<div class=\"Post-content-block-inner\" data-reactid=\"181\">\n<div class=\"PostContent\" data-reactid=\"184\">\n<div data-reactid=\"185\">\n<p><em><a href=\"https:\/\/theintercept.com\/document\/2022\/10\/28\/persian-iran-protest-phone-surveillance\">Read this story in Persian<\/a><\/em><\/p>\n<p><a href=\"https:\/\/theintercept.com\/2022\/10\/28\/iran-protests-phone-surveillance\/\"><u>AS FURIOUS ANTI-GOVERNMENT<\/u><\/a> protests\u00a0swept Iran, the authorities retaliated with both brute force and digital repression. Iranian mobile and internet users reported rolling network blackouts, mobile app restrictions, and other disruptions. Many expressed fears that the government can track their activities through their indispensable and ubiquitous smartphones.<\/p>\n<p>Iran\u2019s tight grip on the country\u2019s connection to the global internet has proven an effective tool for suppressing unrest. The lack of clarity about what technological powers are held by the Iranian government \u2014\u00a0one of the most opaque and isolated in the world \u2014\u00a0has engendered its own form of quiet terror for prospective dissidents. Protesters have often been left wondering how the government was able to track down their locations or gain access to their private communications \u2014 tactics that are frighteningly pervasive but whose mechanisms are virtually unknown.<\/p>\n<\/div>\n<blockquote class=\"Pullquote Pullquote--left\" data-reactid=\"186\">\n<div data-reactid=\"188\">\u201cThis is not a surveillance system but rather a repression and control system to limit the capability of users to dissent or protest.\u201d<\/div>\n<\/blockquote>\n<div data-reactid=\"189\">\n<p>While disconnecting broad swaths of the population from the web remains a favored blunt instrument of Iranian state censorship, the government has far more precise, sophisticated tools available as well. Part of Iran\u2019s data clampdown may be explained through the use of a system called \u201cSIAM,\u201d a web program for remotely manipulating cellular connections made available to the Iranian Communications Regulatory Authority. The existence of SIAM and details of how the system works, reported here for the first time, are laid out in a series of internal documents from an Iranian cellular carrier that were obtained by The Intercept.<\/p>\n<p>According to these internal documents, SIAM is a computer system that works behind the scenes of Iranian cellular networks, providing its operators a broad menu of remote commands to alter, disrupt, and monitor how customers use their phones. The tools can slow their data connections to a crawl, break the encryption of phone calls, track the movements of individuals or large groups, and produce detailed metadata summaries of who spoke to whom, when, and where. Such a system could help the government invisibly quash the ongoing protests \u2014 or those of tomorrow \u2014 an expert who reviewed the SIAM documents told The Intercept.<\/p>\n<\/div>\n<div class=\"KeyTakeaways KeyTakeaways--right\" data-reactid=\"190\">\n<div class=\"KeyTakeaways-title\" data-reactid=\"191\">Iran\u2019s Mobile Surveillance<\/div>\n<ul data-reactid=\"192\">\n<li data-reactid=\"193\">\n<div data-reactid=\"194\">Evidence of Iran\u2019s cyber crackdown is everywhere, but little is known about its methods.<\/div>\n<\/li>\n<li data-reactid=\"195\">\n<div data-reactid=\"196\">A software program imposed on Iranian mobile companies allows the government direct access.<\/div>\n<\/li>\n<li data-reactid=\"197\">\n<div data-reactid=\"198\">SIAM allows mobile\u00a0operators to track users\u2019 locations and restrict their data usage.<\/div>\n<\/li>\n<li data-reactid=\"199\">\n<div data-reactid=\"200\">A function called \u201cForce2GNumber\u201d targets\u00a0individual users for slower speeds that are susceptible to surveillance.<\/div>\n<\/li>\n<\/ul>\n<\/div>\n<div data-reactid=\"201\">\n<p>\u201cSIAM can control if, where, when, and how users can communicate,\u201d explained Gary Miller, a mobile security researcher and fellow at the University of Toronto\u2019s Citizen Lab. \u201cIn this respect, this is not a surveillance system but rather a repression and control system to limit the capability of users to dissent or protest.\u201d<\/p>\n<p>SIAM gives the government\u2019s Communications Regulatory Authority \u2014 Iran\u2019s telecommunications regulator \u2014 turnkey access to the activities and capabilities of the country\u2019s mobile users. \u201cBased on CRA rules and regulations all telecom operators must provide CRA direct access to their system for query customers information and change their services via web service,\u201d reads an English-language document obtained by The Intercept. (Neither the CRA nor Iran\u2019s mission to the United Nations responded to a requests for comment.)<\/p>\n<p>The SIAM documents are drawn from a trove of internal materials from the Iranian cellular carrier Ariantel, including years of email correspondence and a variety of documents shared between Ariantel employees, outside contractors, and Iranian government personnel. The cache of materials was shared with The Intercept by an individual who claimed to have hacked Ariantel, and believed the documents were in the public interest given the ongoing protests\u00a0in Iran and the threat SIAM might pose to demonstrators. (Ariantel did not respond to a request for comment.)<\/p>\n<p>The details of the program reported here are drawn largely from two documents contained in the archive. The first is a <a href=\"https:\/\/www.documentcloud.org\/documents\/23199209-irans-siam-manual-in-persian-for-tracking-and-controlling-mobile-phones\">Persian-language user manual for SIAM<\/a> that appears to have originated from within the Office of Security of Communications Systems, or OSCS, a subdivision of the CRA. Emails reviewed by The Intercept show that this SIAM manual was sent to Ariantel directly by the CRA and repeatedly forwarded between the mobile carrier\u2019s employees in recent years. The emails show that the CRA and Ariantel discussed SIAM as recently as August. The second document, produced during a proposed deal with a Spanish telecom contractor, is an <a href=\"https:\/\/www.documentcloud.org\/documents\/23199197-irans-siam-manual-for-tracking-and-controlling-mobile-phones\">English-language manual<\/a> that documents many of the same SIAM capabilities.\u00a0Miller told The Intercept that the English SIAM manual appeared to be written by a person or people with specialized technical knowledge of mobile networks.<\/p>\n<\/div>\n<p><a class=\"DocumentPreview\" href=\"https:\/\/beta.documentcloud.org\/documents\/23199197-irans-siam-manual-for-tracking-and-controlling-mobile-phones\" target=\"_blank\" data-reactid=\"202\"><img decoding=\"async\" class=\"DocumentPreview-image\" src=\"https:\/\/s3.documentcloud.org\/documents\/23199197\/pages\/irans-siam-manual-for-tracking-and-controlling-mobile-phones-p1-normal.gif\" data-reactid=\"203\" \/><\/a><\/p>\n<div class=\"DocumentPreview-meta\" data-reactid=\"204\">\n<div class=\"DocumentPreview-iconBlock\" data-reactid=\"205\"><\/div>\n<div class=\"DocumentPreview-textBlock\" data-reactid=\"207\"><span class=\"DocumentPreview-title\" data-reactid=\"208\">Iran&#8217;s SIAM Manual for Tracking and Controlling Mobile Phones<\/span><span class=\"DocumentPreview-pageCount\" data-reactid=\"250\">42 pages<\/span><\/div>\n<\/div>\n<div data-reactid=\"251\">\n<p>Experts on mobile security and Iranian government censorship say the functionality revealed by the SIAM program poses a clear threat to protesters demonstrating against the government over the past month.<\/p>\n<p>\u201cThese functions can lead to life-and-death situations in a country like Iran, where there is no fair judicial process, no accountability, and we have a huge pattern of violations of people\u2019s rights,\u201d said Amir Rashidi, an internet security and digital rights expert focused on Iran. \u201cUsing the tools outlined in this manual could not only lead to mass surveillance and violations of privacy \u2014 it can also easily be used to identify the location of protesters who are literally risking their lives to fight for their basic rights.\u201d<\/p>\n<\/div>\n<div class=\"img-wrap align-bleed large-bleed width-auto\" data-reactid=\"252\">\n<div data-reactid=\"253\"><img decoding=\"async\" class=\"aligncenter size-large wp-image-412096\" src=\"https:\/\/theintercept.imgix.net\/wp-uploads\/sites\/1\/2022\/10\/GettyImages-1243517410.jpg?auto=compress%2Cformat&amp;q=90&amp;w=1024&amp;h=683\" alt=\"ONTARIO, CANADA - 2022\/09\/23: A sticker saying &quot;Iran: The internet is down and they are killing the people&quot; seen on the back of a road sign during the demonstration. Hundreds gathered to honour Mahsa Amini and to protest against the Iranian government in Toronto, Canada. (Photo by Katherine Cheng\/SOPA Images\/LightRocket via Getty Images)\" \/><\/p>\n<p class=\"caption overlayed\">A sticker that reads \u201cIran: The internet is down and they are killing the people\u201d is seen on the back of a road sign during a demonstration where hundreds gathered to honor Mahsa Amini and to protest against the Iranian government, on Sept. 23, 2022, in Toronto.<\/p>\n<p class=\"caption source pullright\">Photo: Katherine Cheng\/SOPA\/LightRocket via Getty Images<\/p>\n<\/div>\n<\/div>\n<div data-reactid=\"254\">\n<u>IRANIANS REGULARLY COMPLAIN<\/u> of slowed internet access on mobile devices during periods of protest \u2014 an abrupt dip in service that makes smartphone usage difficult if not impossible at moments when such a device could be crucial. Based on the manuals, SIAM offers an effortless way to throttle a phone\u2019s data speeds, one of roughly 40 features included in the program. This\u00a0ability to downgrade users\u2019 speed and network quality is particularly pernicious because it can not only obstruct one\u2019s ability to use their phone, but also make whatever communication is still possible vulnerable to interception.Referred to within SIAM as \u201cForce2GNumber,\u201d the command allows a cellular carrier to kick a given phone off substantially faster, more secure 3G and 4G networks and onto an obsolete and extremely vulnerable 2G connection. Such a network downgrade would simultaneously render a modern smartphone largely useless and open its calls and texts to interception \u2014 both of obvious utility to a government clamping down on public gatherings and speech.<\/p>\n<p>While not directly mentioned in the manuals, downgrading users to a 2G connection could also expose perilously sensitive two-factor authentication codes delivered to users through SMS. The Iranian government has <a href=\"https:\/\/research.checkpoint.com\/2020\/rampant-kitten-an-iranian-espionage-campaign\/\">previously attempted<\/a> to undermine two-factor authentication, including through malware campaigns targeting dissidents.<\/p>\n<\/div>\n<div id=\"third-party--article-mid\" class=\"NewsletterEmbed-container\" data-reactid=\"255\">\n<div class=\"tp-container-inner loaded\"><iframe loading=\"lazy\" id=\"offer_bf057b9fbed721f7d387-0\" title=\"offer_bf057b9fbed721f7d387-0\" src=\"https:\/\/o.prod.theintercept.com\/checkout\/template\/cacheableShow?aid=hsZyoAWmIE&amp;templateId=OTEXERHVRCE9&amp;templateVariantId=OTV276VWLQNA2&amp;offerId=fakeOfferId&amp;experienceId=EX3LBE28N473&amp;iframeId=offer_bf057b9fbed721f7d387-0&amp;displayMode=inline&amp;pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&amp;widget=template&amp;url=https%3A%2F%2Ftheintercept.com\" name=\"offer_bf057b9fbed721f7d387-0\" width=\"300\" height=\"150\" frameborder=\"0\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\" data-mce-fragment=\"1\"><\/iframe><\/div>\n<\/div>\n<div data-reactid=\"265\">\n<p>\u201cGenerally speaking, forcing a phone to use the 2G network would still allow the phone to receive a two-factor SMS authentication message because SMS is sent over the mobile signaling network,\u201d explained Miller. \u201cHowever, the effect of forcing a user onto the 2G network, more importantly, would essentially render the corresponding real-time application services such as P2P communication, social media, and internet useless.\u201d<\/p>\n<p>While current 5G and 4G cellular connections have more robust built-in encryption systems to thwart eavesdropping, the 2G cellular standard, first introduced in 1991, generally does not encrypt data or uses outdated encryption methods that are easy to crack. Law enforcement agencies in the United States have also employed this technique, using hardware like the <a href=\"https:\/\/theintercept.com\/2020\/07\/31\/protests-surveillance-stingrays-dirtboxes-phone-tracking\/\">controversial \u201cstingray\u201d device<\/a> to create a bogus 2G network blanketing a small area and then trick targeted phones into connecting to it.<\/p>\n<p>Miller pointed out that the target of a 2G downgrade might experience the attack as little more than spotty cell reception. \u201cIt can be viewed as a method to appear as if the network is congested and severely limit a user\u2019s data services,\u201d Miller said.<\/p>\n<p>Slowing connectivity is only one of many telecom tools available to Ariantel \u2014 and the CRA \u2014 that could be used to monitor political dissent. SIAM also provides a range of tools to track the physical locations of cell users, allowing authorities to both follow an individual\u2019s movements and identify everyone present at a given spot. Using the \u201cLocationCustomerList\u201d command allows SIAM operators to see what phone numbers have connected to specified cell towers along with their corresponding IMEI number, a unique string of numbers assigned to every mobile phone in the world. \u201cFor example,\u201d Miller said, \u201cif there is a location where a protest is occurring, SIAM can provide all of the phone numbers currently at that location.\u201d<\/p>\n<p>SIAM\u2019s tracking of unique device identifiers means that swapping SIM cards, a common privacy-preserving tactic, may be ineffective in Iran since IMEI numbers persist even with a new SIM, explained a network security researcher who reviewed the manuals and spoke on the condition of anonymity, citing their safety.<\/p>\n<p>SIAM\u2019s location-tracking power is particularly alarming given the high-stakes protests taking place across Iran. The Intercept reviewed undated text messages sent to Iranian mobile phone users from local police in the city of Isfahan informing them that they had been confirmed to have been in\u00a0a location of \u201cunrest\u201d and warning them not to attend in the future. Many Iranian social media users have reported receiving similar messages in recent weeks, warning them to stay away from the scene of protests or from associating with \u201canti-revolutionary\u201d opponents of the government online.<\/p>\n<p>Armed with a list of offending phone numbers, SIAM would make it easy for the Iranian government to rapidly drill down to the individual level and pull a vast amount of personal information about a given mobile customer, including where they\u2019ve been and with whom they\u2019ve communicated. According to the manuals, user data accessible through SIAM includes the customer\u2019s father\u2019s name, birth certificate number, nationality, address, employer, billing information, and location history, including a record of Wi-Fi networks and IP addresses from which the user has connected to the internet.<\/p>\n<p>While much of Iran\u2019s surveillance capacity remains shrouded in mystery, details about the SIAM program contained in the Ariantel archive provide a critical window into the types of tools the Iranian government has at its disposal to monitor and control the internet, as it confronts what may be the greatest threat to its rule in decades.<\/p>\n<p>\u201cThese documents prove something that we have long suspected, which is that even devices that use encryption for messaging are still vulnerable because of the nature of internet infrastructure in Iran,\u201d said Mahsa Alimardani, a senior researcher with the internet freedom organization Article\u00a019. \u201cSecurity measures like two-factor identification using text messages still depend on telecommunications companies connected to the state. Average internet users are forced to connect through nodes controlled by these companies, and their centralization of authority with the government makes users vulnerable to insidious types of surveillance and control.\u201d<\/p>\n<\/div>\n<div class=\"img-wrap align-bleed large-bleed width-auto\" data-reactid=\"266\">\n<div data-reactid=\"267\"><img decoding=\"async\" class=\"aligncenter size-large wp-image-412095\" src=\"https:\/\/theintercept.imgix.net\/wp-uploads\/sites\/1\/2022\/10\/GettyImages-1243377054.jpg?auto=compress%2Cformat&amp;q=90&amp;w=1024&amp;h=768\" alt=\"TEHRAN, IRAN - SEPTEMBER 19: People gather during a protest for Mahsa Amini, who died after being arrested by morality police allegedly not complying with strict dress code in Tehran, Iran on September 19, 2022. (Photo by Stringer\/Anadolu Agency via Getty Images)\" \/><\/p>\n<p class=\"caption overlayed\">People gather during a protest for Mahsa Amini, who died after being arrested by morality police for allegedly not complying with strict dress code, in Tehran, Iran, on Sept. 19, 2022.<\/p>\n<p class=\"caption source pullright\">Photo: Stringer\/Anadolu Agency via Getty Images<\/p>\n<\/div>\n<\/div>\n<div data-reactid=\"268\">\n<u>THE LATEST ROUND<\/u> of protests in Iran kicked off in mid-September, after a young woman named Mahsa Jina Amini was killed while in the custody of the country\u2019s notorious morality police, following her arrest for wearing her mandatory head covering improperly. While the movement originated with women opposing the brutality of hijab enforcement, anti-government outrage quickly spread among Iran\u2019s youth, from universities to secondary schools across the country. The government\u2019s crackdown took a variety of shapes, including brute force, with security services in riot gear squaring off with demonstrators in the street and a quieter effort to shut down civilian communications.Internet shutdowns have by now become a familiar tool of political control in the hands of the Iranian government and <a href=\"https:\/\/www.aljazeera.com\/features\/2019\/6\/16\/internet-blackouts-the-rise-of-government-imposed-shutdowns\">other states<\/a>. A violent Iranian crackdown against protests over fuel prices in November 2019 was accompanied by a nationwide shutdown lasting nearly a week, the first-ever use of an internet blackout <a href=\"https:\/\/apnews.com\/article\/technology-middle-east-russia-iran-international-news-adbef9e66f3d4911b7486f84a090d292\">to isolate an entire country<\/a>. That shutdown severed tens of millions of people from the global internet. It was a chilling demonstration of the broad technical powers that Iranian authorities had quietly engineered.<\/p>\n<\/div>\n<div class=\"PromoteRelatedPost-promo\">\n<div class=\"PromoteRelatedPost-promo-link-thumbnail\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/theintercept-static.imgix.net\/usq\/3e75a273-9997-441d-ae25-1884e97b2b59\/3e75a273-9997-441d-ae25-1884e97b2b59.jpeg?auto=compress,format&amp;cs=srgb&amp;dpr=2&amp;h=440&amp;w=440&amp;fit=crop&amp;crop=faces%2Cedges&amp;_=d8f8e3c5c830ad2d96d4cf73de34dae9\" alt=\"\" width=\"440\" height=\"440\" \/><\/div>\n<div class=\"PromoteRelatedPost-promo-link-text\">\n<h2 class=\"PromoteRelatedPost-promo-link-eyebrow\">Related<\/h2>\n<h3 class=\"PromoteRelatedPost-promo-link-title\">The Dark Odds Facing Iran\u2019s Brave Protesters<\/h3>\n<\/div>\n<\/div>\n<div data-reactid=\"321\">\n<p>The CRA is known to play an integral role in filtering Iran\u2019s internet access. In 2013, the agency was among a list of Iranian government entities <a href=\"https:\/\/home.treasury.gov\/news\/press-releases\/tg1847\">sanctioned<\/a> by the U.S. Treasury Department for its role in the \u201cblockage of hundreds of public Internet websites\u201d around the time of the disputed 2009 Iranian presidential election. The agency\u2019s powers are believed to have grown since then, as the Iranian government has embraced the concept of \u201c<a href=\"https:\/\/www.aei.org\/research-products\/report\/whatever-it-takes-to-end-it-irans-shift-toward-more-oppressive-governance\/\">internet sovereignty<\/a>\u201d as a means of social control. A <a href=\"https:\/\/www.article19.org\/ttn-iran-november-shutdown\/\">report<\/a> on the November 2019 cyber crackdown by Article 19 found that the shutdowns were carried out in large part by officials from the CRA ordering internet service providers to shut down during the unrest.<\/p>\n<p>The Iranian government has long viewed internet freedom as a national security issue and has taken steps to securitize Iranians\u2019 online access. As in the United States, where the National Security Agency has used government secrecy and legal coercion to turn the telecom and data sectors into intelligence-gathering tools, the Iranian state compels communications networks to give the government access through required hardware and software. In Iran, where the autocratic reach of central government leadership touches nearly every aspect of the state without even superficial democratic oversight, the powers afforded by this integration are far greater and far more draconian in consequence.<\/p>\n<p>Part of this effort has included directly assigning Iranian intelligence personnel to government bodies tasked with internet regulation, like the CRA. The Article 19 report notes the close personnel relationship between the CRA\u2019s OSCS division and Iran\u2019s Ministry of Intelligence.<\/p>\n<\/div>\n<div class=\"Cta Cta--scrolledPast Cta--scrolledPastLimit Cta--scrolledToBottom\">\n<div class=\"Cta-content\">\n<div class=\"Cta-promos\">\n<div class=\"Cta-promos-container\">\n<div class=\"Promo-container\">\n<div class=\"Promo Promo--cta-small\">\n<div class=\"GridRow\">\n<div class=\"Promo-image-container\"><\/div>\n<div class=\"Promo-text\">\n<div class=\"Promo-title-block\">\n<div class=\"Promo-author\">\n<div class=\"Promo-container\">\n<div class=\"Promo Promo--cta-small\">\n<div class=\"GridRow\">\n<div class=\"Promo-image-container\">\n<div class=\"Promo-image-block\">\n<div class=\"ResponsiveImage Promo-image\">\n<div class=\"Promo-container\">\n<div class=\"Promo Promo--cta-small\">\n<div class=\"GridRow\">\n<div class=\"Promo-image-container\">\n<div class=\"Promo-image-block\">\n<div class=\"ResponsiveImage Promo-image\">\n<div data-reactid=\"323\">\n<p>Though Iranians have complained of slowed data connections and total internet blackouts at times, the telecom crackdown has consequences beyond losing one\u2019s connection. Demonstrators have reported visits from government authorities at their homes, where the agents were armed with specific knowledge of their whereabouts and activities, such as when they were using their phones to record video.<\/p>\n<p>While some of what SIAM does is benign and required for administrating any cellular network, Miller, the Citizen Lab researcher, explained that the scope of the system and the Iranian government\u2019s access to it is not. While most countries allow law enforcement and security agencies to legally obtain, intercept, and analyze cellular communications, the surveillance and control powers afforded by SIAM are notable in their scale and degree, said Miller: \u201cThe requests by CRA go well beyond traditional lawful intercept requirements, at least in non-repressive countries.\u201d<\/p>\n<p><u>SIAM ALLOWS ITS<\/u> operators to learn a great deal not just about where a customer has been, but also what they\u2019ve been up to, a bounty of personal data that, Miller said, \u201ccan enable CRA to create a social network\/profile of the user based on his\/her communication with other people.\u201d<\/p>\n<\/div>\n<blockquote class=\"Pullquote Pullquote--right\" data-reactid=\"324\">\n<div data-reactid=\"326\">\u201cControlling user communications is a massive violation of basic and fundamental human rights.\u201d<\/div>\n<\/blockquote>\n<div data-reactid=\"327\">\n<p>By entering a particular phone number and the command \u201cGetCDR\u201d into SIAM, a system user can generate a comprehensive Call Detail Record, including the date, time, duration, location, and recipients of a customer\u2019s phone calls during a given time period. A similar rundown can be conducted for internet usage as well using the \u201cGetIPDR\u201d command, which prompts SIAM to list the websites and other IP addresses a customer has connected to, the time and date these connections took place, the customer\u2019s location, and potentially the apps they opened. Such a detailed record of internet usage could also reveal users running virtual private networks, which are used to cover a person\u2019s internet trail by routing their traffic through an encrypted connection to an outside server. VPNs \u2014 including some banned by the government \u2014 have become tremendously popular in Iran as a means of evading domestic web censorship.<\/p>\n<p>Though significantly less subtle than being forced onto a 2G network, SIAM can also be used to entirely pull the plug on a customer\u2019s device at will. Through the \u201cApplySuspIp\u201d command, the system can entirely disconnect any mobile phone on the network from the internet for predetermined lengths of time or permanently. Similar commands would let SIAM block a user from placing or receiving calls.<\/p>\n<p>Rashidi, the internet security expert, said participants in the recent demonstrations, as well as Iranians living near scenes of protest, have reported internet shutdowns targeting their mobile devices that have downgraded phones to 2G access, particularly during the late afternoons and evenings when many demonstrations occur.<\/p>\n<p>Rashidi said the widespread use of VPNs in Iran represents another vulnerability the SIAM system could exploit. The program makes it possible to check particular IP addresses against particular VPNs and thereby deduce the identities and locations of the users accessing them. \u201cThe government can easily identify IP addresses in use by a particular VPN provider, pass the addresses to this location function, and then see where the people are who are using this VPN,\u201d said Rashidi.<\/p>\n<p>Although the documents don\u2019t mention SIAM\u2019s use against protesters or any other specific target, Miller said the functionality matches what he\u2019s observed in this and other digital crackdowns in Iran. \u201cCRA has defined rules and regulations to provide direct access to mobile operators\u2019 system, and SIAM is a means to this end,\u201d he said. \u201cIf all telecom operators in Iran are required to provide the CRA with SIAM or similar direct access, they could, in effect have complete control over all user mobile communications throughout the country. Controlling user communications is a massive violation of basic and fundamental human rights.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"Promo-text\">\n<div class=\"Promo-title-block\">\n<div id=\"third-party--article-bottom\" class=\"InlineDonationPromo-container\" data-reactid=\"328\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"Promo-text\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Sam Biddle, Murtaza Hussain,\u00a0October 27 2022 The documents provide an inside look at an Iranian government program that lets authorities monitor and manipulate people\u2019s phones. Read this story in Persian AS FURIOUS ANTI-GOVERNMENT protests\u00a0swept Iran, the authorities retaliated with both brute force and digital repression. Iranian mobile and internet users reported rolling network blackouts, mobile [&hellip;]<\/p>\n","protected":false},"author":1001004,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[53],"tags":[],"_links":{"self":[{"href":"https:\/\/worldcampaign.net\/index.php?rest_route=\/wp\/v2\/posts\/14065"}],"collection":[{"href":"https:\/\/worldcampaign.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/worldcampaign.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/worldcampaign.net\/index.php?rest_route=\/wp\/v2\/users\/1001004"}],"replies":[{"embeddable":true,"href":"https:\/\/worldcampaign.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=14065"}],"version-history":[{"count":1,"href":"https:\/\/worldcampaign.net\/index.php?rest_route=\/wp\/v2\/posts\/14065\/revisions"}],"predecessor-version":[{"id":14066,"href":"https:\/\/worldcampaign.net\/index.php?rest_route=\/wp\/v2\/posts\/14065\/revisions\/14066"}],"wp:attachment":[{"href":"https:\/\/worldcampaign.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=14065"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/worldcampaign.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=14065"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/worldcampaign.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=14065"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}