Iranian Hackers Hacked New York Dam in 2013

Iranian hackers attached the security of a dam outside of New York in 2013.
The hack of Bowman Avenue Dam near Rye Brook, New York, was not a sophisticated intrusion, but a test by Iranian hackers to see what they could access. The hackers got into the system through a cellular modem. The breach occurred during the same time that Iranian hackers were targeting US financial institutions.

The attackers were unable to get into the full dam system but could take control of the flood gates. Hackers can easily get into pieces of old critical infrastructure running on retro-fitted software that is connected to the Internet. More than 57000 industrial control systems (ICS) — more than any other country — that are largely unprotected on the Internet.

 
According to researchers at Shodan, a search engine that catalogs each machine online, the systems range from office air-conditioning units to major pipelines and electrical-control systems. Most of the critical infrastructure in the U.S. is privately owned, making it difficult for governments to harden the systems against attack.

Ashiyane Security Team: agent of the Iranian regime

Ashiyane Security Group (officially Ashiyane Information and Communication Technology Company) is one of the oldest cyber security group in Iran (since around 2002).
Ashiyane started with the aim of teaching users and network administrators as well as improving the security level of the computer networks.
During the mass protest against the presidential election in 2009, Iran tried to control the protests in cyber space and since then Ashiyane Security Team trying to do so via hacking and identifying cyber activists which implied that Ashiyane cooperated with the Iranian Revolutionary Guards Corps (IRGC) and other security units leading many to believe that the “Iranian Cyber Army” group is actually also the Ashiyane group.

Before 2009 protests, Ashiyane was involved in activity for the state e.g. in response to the publication of cartoons depicting the Prophet Muhammad in Danish newspapers, over 1000 American, British and French websites were hacked by Ashiyane. News of Ashiyane activities was highly published by some news agencies such as Fars, IRNA and the newspapers such as Iran, Javan and Keyhan and was named as “Iran’s victories in cyber space”.

After changing the home page of this website, Ashiyane mostly displays a political message on the main page so that Behrouz Kamalian (team founder) said in an interview with Fars News Agency about this activity: “In response to the inhumane actions of the terrorism sponsors, headed by US and Britain, the new way of confronting is raised.”

Kamalian has also been quoted deflecting rumors about Ashiyane cooperating with the Islamic Republic Security System, “Ashiyane has also officially worked to improve the security of web sites and intranets and has served many governmental organizations, military and private companies. Unfortunately it has been announced that Ashiyane Group is affiliated to the government by many of the opposition websites with Iran’s government. I have said in my other interviews that our team is an independent group and is not affiliated with any other military or governmental organizations. We act spontaneously based on our bias and when we see a country insults our religion or our nationality, so we display our objection through penetrating into their sites and it does not mean that we have been ordered to do so. If Ashiyane was an affiliated group, it wouldn’t be able to easily interview with the media, and this freedom is a sign of our independency.”

Kamalian contradicted himself by also saying: “We get orders to hack different sites both from legal persons and individuals, but this is not part of our ordinary project and we reject many of these orders. We have never accepted to hack an internal websites to gain money. But there are websites that had insulted Quran and our religion. In these occasions we would also like to penetrate into these sites."

Kamalian has also announced about the corporation of Ashiyane with Department of IRGC Cyber Defense: “We corporate with military organizations in the field of counselling and improving the security, but it is never in the way that we get order to work on their behalf.”

He created Alborz Hackers Group which was among the first groups of Iranian hackers in 2001 and met Mahdi Mirzaei there; this meeting caused the creation of a new group called Ashiyane Group in 2002.

This team started its activity by hacking the university’s websites in the country such as University of Science and Industry (Elm & Sanaat) and Amir Kabir University.

Hacking the Iranian sites would quickly lead the Ashiyane Group to get fame among those interested in Informatics Science and many security companies (in network and internet field) invited them to cooperate.

Increasing economic activities of the group tend Kamalian to decide about registration the Ashiyane Group as an official and legal company and after the registration, in addition to providing network and servers’ security, consulting services and selling security softwares, also hold hacking, cracking and network and server and also security training.

The project of hacking a Persian website called "Balatarin" was one of the Ashiyane’s activities that raised the most negative reactions; Ashiyane declared the project with the cooperation of Virtual Jihad Group affiliated with Basij of Students, but after the negative reactions toward it Bahman Kamalian denied any involvement in the hacking.

Members

Except the name and the photo of the director of the group there isn’t complete information neither about identity and reality of Ashiyane Group nor about other certain photo of its members, although research has revealed the names & handles below:
 

• Behrouz Kamalian (Director, handle: Behrouz_ice)
• Nima Salehi (member/manager, handle: Q7X)
• Mahdi Chinichi (member/manager, handle: Virangar)
• Omid Norouzi (member/manager, handle: Sha2ow)
• Farshid Sargheini (member/manager, handle: Azazel)
• Hamid Norouzi (member/manager, handle: eychenz)
• Iman Honarvar (member, handle: iman_taktaz)
• Keyvan Sedaghati (member, handle: keivan)
• Ali Seid Nejad (member, handle: Ali_Eagle)
• Milad Bokharaei (member, handle: ®Maste)
• Mohammad Tajik (member, handle: taghva)
• Meghdad Mohammadi (member, handle: M3QD4D)
• Erfan Zadpoor (member, handle: PrinceofHacking)
• Mohammad Reza Dolati (member, handle: HIDDEN-HUNTER)
• Kaveh Jasri (member, handle: root3r)
• Navid Naghdi (member, handle: elvator)
• Mohammad Hadi Nasiri (member, handle: unique2world) 
• Amin Javid (member, handle: Gladiator)
• Vahid Maani (member, handle: WAHID 2)
• Sina Ahmadi Neshat (member, handle: Encoder)
• Milad Mazaheri (member, handle: mmilad200)
• Armin (member, handle: n3me3iz)
• Mohammad Mohammadi (member, handle: Classic)
• Mahdi K. (member, handle: r3d.z0nE)
• Mohammad Reza (member, handle: iNJECTOR)
• Mohammad Reza Ali Babaei (member, handle: mzhacker)
• Ramin Baz Ghandi (member, handle: fr0nk)
• Ashkan Hosseini (member, handle: Http://Askn)
• Ali Hayati (member, handle: Zend)
• Milad Jafari (member, handle: Milad-Bushehr)
• Mehrab Akherati (member, handle: AliAkh)
• Amir Hossein Tahmasebi (member, handle: __amir__)
• Amin Bandali (member, handle: anti206)
• Shahin Salak Tootonchi (member, handle: ruiner_blackhat)
• Poorya Mohammadrezaei (member, handle: Hijacker)
  

Mission

Apart from the security and anti-security activities of Ashiyane, it has established its hosting company, believing about the provided services: “Communication and Information Company of Ashiyane has decided to enter the hosting field due to analyzing the present situation of web hosting in Iran and realizing the lack of security and knowledgeable people in this field; in order to gratify the shortage, Ashiyane Host Company is ready to present high quality and security services. 

Considering the strength of the Ashiyane’s security team in hacking and security, being aware of up-to-date methods of penetrating, having access to illegal hacker communities,as well as utilizing these methods, Ashiyane applies its knowledge in security and configuration of the servers so that the company is able to close the penetration ways one step ahead of others and bring satisfaction to the customers.

Despite the remarkable statement of Ashiyane about its ability, while earlier it was also claimed that Ashiyane had discovered the security hole in the Telegram software messenger and the news quickly found a wide reflection in the media close to the Islamic Republic, the website of Ashiyane Security Group was hacked on July 1, 2014 and there was a black page appeared written in English: “This site has been hacked by Iranian Black Hat hackers group:” when the site was visited.

Iranian Hackers Attack State Dept. via Social Media Accounts

Iran launched sophisticated computer espionages leading to a series of cyberattacks against US State Department officials over the past month.

It is possible that cyberespionage is becoming the tool of seeking the type of influence that Iranian hardliners hoped that that country's nuclear program will eventually provide.

According to diplomatic and law enforcement officials who are familiar with the investigation Iranian hackers over the past month identified individual State Department officials who focus on Iran and the Middle East and broke into their email and social media accounts. The State Department became aware of the compromises when Facebook told the victims that the state-sponsored hackers compromised their accounts.

Iran’s cyberskills are not yet equal to those of Russia or China but the attack against the State Department by using the social media accounts of young government employees to gain access to their friends across the administration is a focus that was not seen before.

Iranians have been less destructive than they could be, but they are getting far more aggressive in cyberespionage, which they know is less likely it will prompt a response from the United States.

Iranian hackers have been responsible for a series of powerful attacks against American banks that took their websites offline as well as a destructive attack on Saudi Aramco, the world’s largest oil producer, that replaced data on employee machines with an image of a burning American flag. American government officials also blame Iran for a similarly destructive attack at RasGas, the Qatari natural gas giant,and for an attack on Sands Casino in Las Vegas, where a large number of computers were destroyed.

Last year Iranians began using cyberattacks for espionage rather than for destruction and disruption. From May 2014 Iranian hackers were targeting Iranian dissidents and later policy makers,senior military personnel and defense contractors in the United States, England and Israel.

The attacks were basic “spear phishing” attempts, in which attackers tried to lure their victims to click on a malicious link, in this case by impersonating members of the news media.
Iranian hackers were successful in more than a quarter of their attempts. The number of such attacks reached its climax in May just ahead of the nuclear talks in Vienna in July and reached more than 1,500 attempts.

In the months before the talks, Iran’s hackers began probing critical infrastructure networks in what appeared reconnaissance for cyberattacks with the objective of causing physical damage but in June and July as American and Iranian negotiators gathered in Vienna to agree a deal on Iran’s nuclear program, attacks against targets in the United States stopped. Instead of this, Iran started targeting victims in Israel as well as members of Daesh in July as the militant group began expanding territory across Iraq.

Then in August just two weeks after the nuclear accord was reached, the trickle of cyberattacks against the group’s usual targets resumed against included 1600 individuals from scholars, scientists, chief executives and ministry officials to education institutes, journalists and human rights activists. If facebook last month had not decided to use a new alert system to notify users when facebook's security team believed state-sponsored hackers had hijacked their accounts, and US State Department officials began to see a troubling new message pop up on their facebook accounts, it is possible that the victims didn't learn of the compromises.

Iran’s Cyber Police Crackdown on Iranian Hackers

Iranian press has reported that the country's cyber police arrested 70 hackers.

According to Iranian Students News Agency (ISNA), the deputy commander of cyber police for legal and international affairs Colonel Hoseyn Ramezani, said that the cyber police carried out an operation from 10 August to 8 September 2015 to identify hackers and individuals who manage websites which provide hacking training and software.

Colonel Ramezani added that cyber police monitored more than 15000 websites and identified 104 violations. Additionally more than 70 hackers were identified and referred to the Judiciary.

It is possible that the cyber police exaggerates claims in an effort to use such propaganda to frighten the Iranian hacking community but time will tell.

Original ISNA Source

Iranian Hackers and Romanian Hackers Work Together

Norse Intelligence Analysis Team identified several indicators that reveal a trend of hacking groups in Middle East working closely with European hackers to share tactics and techniques for conducting attacks.

According to Norse reports this trend shows a pattern of direct and continuous contact between Middle Eastern hackers traveling to Europe to obtain training and experience then staying or returning home to begin political attacks on global targets.

Norse offers three cases to support this theory, including one case of Iranian hacking group Ashiyane Digital Security Team -ADST-.

According to Norse reports Ashiyane Digital Security Team and Romanian Security Team -RST-, which is the largest online hacker community based in Romania, have been exchanging exploit and target data.

A series of posts on the RST forum announced a list of compromised Simple Message Text Protocol -SMTP- systems. A large number of the same compromised systems appeared six months later in a post on the Ashiyane forum from a hacker, who it is known he operates in France. Some of the compromised SMTP systems were identified by Norse that they are used in phishing campaigns as well as other malicious activity.

Reference:

The Ottoman Hackers? Middle Eastern and Eastern European Exploit Exchange Program

Links:

Ashiyane Digital Security Team
Romanian Security Team

Iranian Dark Coders Hacking Team: Everywhere and Anywhere but not Harmless

A presentation at American security conference BlackHat USA in Las Vegas, has said that Iran appears to be actively seeking for critical national infrastructure systems connected to the Internet to exploit them.

At BlackHat USA Trend Micro researchers Kyle Wilhoit and Stephen Hilt revealed how their honeypot version of a Vedeer-Root Guardian AST gas gauge monitoring system (nickname «Gaspot») apparently fooled some Iranian hackers.

The Iranian hacking group Iranian Dark Coders, so called IDC-Team, modified the names of two pumps situated in Jordan. The IDC-Team which is best known for defacements and malware distribution, renamed two different tank names in the systems, one as «H4CK3D by IDC-TEAM» and other as «AHAAD Was Here». 

IDC-Team

This is not a new thing. As a Google search will show IDC-Team has been hacking websites for a long time. According to their Facebook page the team started in 2012 and have grown since then in to a team with many members on its forum talking about hacks and bugs and computer security.

Over the last year IDC-Team have submitted more than 950 website defacements of targets all over the world. Many of these defacements are government sites (gov.pl, gov.co, gov.in) or companies with famous products (Jeep). This shows that the team have hacking skills that are enough advanced to damage to secure websites.

Why do they hack?

Despite the amount of hacks by IDC-Team and who they hack it is clear their agenda is little more than publicity. Their defacements are advertisements for their community and the individuals involved and they are not messages of hate and violence.

IDC-Team is everywhere and goes anywhere as Trend Micro revealed. However they appear to be looking for recognition as computer security experts and not hacktivists.

Iran claims to stop Dino Malware attack

Iran confirms that spy malware called Dino is targeting sensitive centers inside the country since one and half years ago.

Masoud Biglarian, head of the Computer Emergency Response Team Coordination Center (CERTCC), said that after malware was discovered the CERTCC which is subset of the Information and Communication Technology (ICT) sent a secret report to the countrys officials about the issue.

According to Irans Mehr news agency Biglarian said: «We took appropriate measures to prevent damage to the strategic centers of the country by Dino».

He also said that Dino is a type of Spyware such as Stuxnet that is designed for specific purposes and launches targeted attacks.

He rejected claims that the malware infected some sensitive centers inside the country.

Last week some western media outlets reported that Dino malware which searches for specific data and steals it has infected some organizations inside Iran.

Security firm ESET researchers in Bratislava, Slovakia identified the sophisticated Dino Trojan that attacked Iranian and Syrian targets in 2013 and it is rumor that the group is a secret part of the French Intelligence service.

Dino was supposedly created by the so-called Animal Farm Group which also created other Trojans like Bunny, Casper and Babar. Casper malwares claim to fame is that it was involved in a large scale attack on computer systems in Syria last autumn.

ESET claims that Dinos main goal seems to be the exfiltration of files from its targets.

Large scale cyber attacks on Iranian facilities started in 2010 after the US and Israel reportedly tried to disrupt the operation of Irans nuclear facilities through a worm that later became known as Stuxnet.

US intelligence officials revealed in June 2013 that the Stuxnet malware was not only designed to disrupt the Irans nuclear program but also was part of a wider campaign directed from Israel that included assassination of the countrys nuclear scientists.

Stuxnet is the first discovered worm that spies on industrial systems and reprograms them. It is written specifically to attack SCADA systems that are used to control and monitor industrial processes.

In September 2013 the Islamic Republic of Iran said that the computer worm Stuxnet infected 30 000 IP addresses in Iran but it denied reports that the cyber worm had damaged computer systems at the countrys nuclear power plants.

Duqu 2.0: ‘Almost Invisible’ Cyber Espionage Tool Targeted Russian Co., Linked to Iran Nuclear Talks

 

A Russian cyber security company says that it has discovered a highly-technical, “almost invisible” cyber espionage tool that targeted the company’s own servers and other systems around the world, including some linked to the controversial Iranian nuclear negotiations.

Kaspersky Labs which is based in Moscow announced that the discovery of the worm, called Duqu 2.0, which the company said it found this spring after the worm had penetrated through its system for “months.”

Kaspersky claims that after discovering the worm, started its investigation to find out other victims of the attack and found that some of the “infections are linked to the P5+1 events and venues related to negotiations with Iran about a nuclear deal.”

The Wall Street Journal was the first news agency to publish the news about Duqu 2.0. According to the Wall Street, computers at three luxury European hotels where negotiations had been held were among the worm’s victims.

Eugene Kaspersky said that the company cannot say definitely who is behind the attack, but he believes that due to its sophistication and technical links to previous next-generation computer worms, the attack is most possibly been carried out by a government.

Kaspersky said that the name of the Duqu 2.0 was chosen for this worm because it appeared to be an upgraded version of the Duqu worm which was another highly-sophisticated espionage tool discovered in 2011.

Kaspersky said, We can’t prove attribution because they’re going through proxy servers. “There are technical attributions we can read from the code. This attack is a relative, it’s a new generation of the Duqu attack, most probably made by the same people, or they shared the source code with others.”

Symantec which is a large cyber security company in America agreed that Duqu 2.0 is a evolution of the original threat that was created by the same group of attackers.

Symantec also reported Duqu 2.0 appears to have targeted European and North African telecom operators and a South East Asian electronic equipment manufacturer. Symantec had reported in 2012 that the Duqu threat had not been eliminated and that a new version of the worm had been discovered then.

Duqu and Duqu 2.0 is closely linked to Stuxnet, which is a revolutionary cyber-weapon that was believed to have physically damaged an Iranian nuclear facility and that was suspected to be a result of the joint US-Israeli top secret operation’s. 

 

When the original Duqu was discovered in 2011, Symantec reported that it “shares large number of codes with Stuxnet” and the same suspicions were raise about whether the attackers were the same or if source code had been shared.

Wall Street Journal in its report today said that Duqu 2.0 was “commonly believed to be used by Israeli spies.”

But according to Kaspersky Labs, Duqu 2.0 code also included a number of “false flag” clues to hide/mislead who was behind it. One was a mention in the code of a nickname for a Chinese military officer who was one of five indicted by the U.S. in an extraordinary move by the Department of Justice against Chinese cyber espionage. Another report mentioned a prolific Romanian hacker.

Kaspersky claims that such false flags are relatively easy to spot, especially when the attacker is very careful not to make any other mistakes,”

Iran’s Cyberarmy: Is “Norse Company” as good as they think they are?

A report has been recently issued regarding Iran’s possible plans to carry out cyber attacks in USA. This report is really surprising not only because of the shocking claims but also the identity of the reporters. A Silicon Valley cyber security Company and a Washington think tank which has been one of the strong oppositions of the nuclear deal with Iran had issued this report. The report warns that if US removed the sanctions against Iran, the Iranian government will use the money to strengthen its Cyber warfare program.

However, it is interesting to know that before publication of the report, the Silicon Valley cyber security company has been sharing his information about Iran’s cyber warfare with US intelligence organisations. According to some US government officials, the information provided by the security company received negative reactions from the US officials that were trying to reach nuclear deal with Iran.

Based on this report, which was written by the cyber security company Norse in January of this year, Norse company claimed that it had data on “more than 500,000 attacks on Industrial Control systems over the last 24 months” referring to the computers that help to run electricity generation companies, hydroelectric facilities, and other critical infrastructure in the U.S.

Norse’s claim of half a million “attacks” is a very large number and they haven’t explained or shown any evidence in the document to prove their claim. They have just mentioned that more details are forthcoming in a report that the company will publish “later this year.” The bulletin also claims that Iran is targeting computer systems and Web sites inside the United States.

It seems that Norse company’s conclusions were based on the idea that Iran was behind malicious cyber activity just because the traffic was emanating from particular Internet protocol addresses located in Iran. But hackers routinely use IP addresses outside their own country to hide their true location.

Iranian cyber attacks against U.S. are not new: the cyber attack on the Sands casino company destroyed some of the company’s information assets and Iran was behind an attack on U.S. bank websites in 2012. However, the Norse document was making some of the most possible serious claims in cyber security accusing Iran as a country hostile to the U.S. targeting industrial control systems. 

 

Later, Norse appeared to remove its findings when its joint report was published in April and the claim of 500,000 attacks is nowhere to be found in that document. The findings also says that Iran specifically targeted Industrial Control Systems (ICS) in the United States 47 times during 2014. Yet again, the final report also doesn’t include that statement.

This report was intended to present a strategic view of Iran’s capabilities in cyberspace—which many U.S. officials have described as growing and dangerous and not to provide evidence for the U.S. to carry out some retaliatory action before any crime has taken place.

Kurt Stammberger, who is a senior deputy managing director at Norse, defended the report by saying that “briefing summaries [such as the bulletin] make theories that sometimes, at the end of the day, aren’t produced by the data”.

Norse’s critics say that it isn’t definitive enough to say that Iran was certainly trying to target industrial control systems. And it could make Iran look like more of a threat than it might actually be.

Even some of Norse’s critics have said that their ability to collect huge amounts of technical data is impressive and important. Although we don’t deny the company’s expertise but they are clearly not an expert on Iran.

Project "Pistachio Harvest"

Months of research in Iranian networks is uncovering at least 16000 systems controlled by Iran outside borders and 2000 of these were infected machines of businesses in the US, Israel and other countries.

Many of the Internet Protocol addresses (IPs) of those machines are hosting .ir websites, domains that are used as platforms for attacks. According to the company, in many cases visitors to those sites are later infected with malware, software designed specifically for surveillance and to obtain valuable data from target organisations.

Most targets are in the US although attacks have also hit including UK, Israel, Germany and Canada. Various US and European hosting companies also have been abused. Cloud and hosting services of industry giants like Amazon and GoDaddy are used to launch the attacks.

Norse believes previous research into Iranian activity may included false assumptions about the actors involved as Iran has been able at creating disinformation and used more than 5000 fake social networking profiles to trick viewers to following tracks to nobody and nowhere.

iSight released a report and claimed that these fake profiles were used to spy on military leaders and political staff across the world.

Norse set up fake systems that appeared to belong to businesses and critical infrastructure providers that was attractive to attackers. The organization collected data of subsequent attacks and traced a large number to Iran. Norse also used "millions of sensors dropped all over the world" and analysis tools for tracing.

Turkey and Iran collaborate on cyber issues and is reported that Turkey in exchange for oil and other goods helped Iran circumvent US and European sanctions that were implemented in response to that country's nuclear programs.

Rival security research firm CrowdStrike says that it tracks four different Iranian groups that it calls Kittens. Each Kitten is separate from the other and has its own modus operandi and target list. Finally there is Cutting Kitten.

Role of Iran’s Universities

Islamic Republic of Iran has other ways in encour aging IT entrepreneurs follow its commands. For example the role of government in Iran’s university system is enormous. The regime invested large amounts in building IT and other scientific infrastructure at the top educational institutions including Sharif Univer sity of Technology, Shahid Beheshti University and IRGC linked Malek Ashtar University and in return can direct research in ways to pursue regime objectives.

The development of Iran’s nuclear weapons program after 2003 is an example for understand ing the evolution of the relationship between gov ernment, security services and universities in IT. When Supreme Leader Khamenei ordered stop to Iran’s state nuclear weapons research program after the US invasion to Iraq in 2003 and his lieutenants built a new structure that spread rel evant research through the university system.

The scale and effects of this effort are visible but assessing the level of awareness and or willingness of all the univer sity participants in it is not easy and Iran’s IT sector works in a similar fashion. Government and secu rity institutions collaborate with universities in research to achieve government aims and make faculties and students components of regime strategic efforts. Students after graduation find themselves in a network of associations and research projects that mostly also supports regime priorities, whether they know or not.

The Islamic Republic also uses incentives created by mandatory military service to encourage aspiring young programmers to support state security efforts directly. At least one scientist involved in research related to development of nuclear weapons writes in his resume that he was exempted from com pulsory military service in exchange for work on a project deemed useful to the armed forces. This pro gram of exemption was developed in 2007.

Therefore Iran’s leaders have carefully and consciously built national IT, education and corporate infrastruc tures that produce excellently educated developers with incentives to pursue government objectives and not use skills against the government. They have involved Iran’s security organs especially the IRGC, through these structures in ways to allow the regime uses these IT and hacking capabilities with plausible deniability. In addition they have built an internet infrastructure designed to hide the sources of malicious activity and give the government the ability to monitor, regulate and control citizens access to the internet in extremely detailed ways.

Full details of the Norse Project Pistachio Harvest report are found here: www.pistachioharvest.com/#/dashboard

Massive Power Cut Brings Turkey To Stop : Iran Cyber Attack

Turkey is in process of recovering from a major power cut that brought the country almost to a stop. According to some media reports from Turkey almost the entire country was affected by the massive power cut. Officials are considering the possibility that they were hit by a major cyber attack that was directed at its critical infrastructure.
 

The Turkish government is currently presenting the power cut as technical issue but some suspect that a state sponsor could have authorized this massive cyber attack against Ankaras electric grid and other features of its critical infrastructure.

Turkish officials said that the issue stems from technical problem with the computer system of the Turkish Electricity Conduction Company which is responsible for controlling power lines.

Prime Minister Ahmet Davutoglu stated that every possibility including a terrorist attack is being investigated.

Turkish Energy Minister Taner Yildiz added that officials were investigating whether the power outage was result of a cyber attack. The energy minister said: «I also cannot say whether or not there was a cyber attack. The most important thing for us is to bring the system back to life. This is not something we frequently experience. »

If officials do determine that Turkey was hit by major cyber attack, Iran will likely be seen as primary suspect.

The power cut happened as tensions increasingly rise between Iran and Turkey over past few weeks. Although it takes time to determine attribution from a cyber attack some news outlets report that authorities are highly suspicious that Iran has supported the attack.

Turkish President Recep Tayyip Erdogan recently said condemning the Shiite regime: «Iran is trying to chase [the Islamic State] from the region only to take its place». Turkish president also condemned Iran for aiding «terrorist groups» in taking over Yemen. The remarks that reportedly angered Iranian government officials who demanded an apology from Turkey. 

The two countries have also had major falling out in diplomatic relations due to the Syrian civil war. While Iran is strong supporter of the Assad regime Turkey fiercely opposes Assads grip on Syria. The countries also find themselves on opposite sides about the current conflict in Yemen.

Iran dedicated major resources towards expanding its cyber warfare capabilities over past few years.

Some speculated that Iran became one of the number one cyber threats such as China and Russia. Iran was once considered a D-grade cyber threat. Now its almost on the same level as Russia or China.

Iran also showed that it has the ability to breach the United States critical infrastructure network where Iran infiltrated U.S. water, gas, and transit systems while also successfully breaching airport security networks.

In February Irans Ayatollah Khamenei said in an address to his military cyber units: «You are the cyber war agents… get yourselves ready for such war wholeheartedly. »

« Operation Spider » by IRGC attacks alleged cyber criminals

Islamic Revolutionary Guard Corps of Iran has spread widely in its fight against cyber crime by following up individuals with social media pages for alleged cultural misdeeds. But in the Islamic Republics war against what it sees as anti Iranian Islamic activities, the regime could be losing the fight.

On Saturday 30 January 2015 Irans Islamic Revolutionary Guard Corps (IRGC) Center for Investigation of Organized Cyber Crimes made statement in the media about a recent operation on social networks in particular Facebook.

According to the statement IRGC was able to «identify and arrest some of the most important elements and active social networks on the Internet that have a mission to spread corruption and diminish the Iranian-Islamic way of life and targeting the holy institution of the family. »

The statement said that « this network by abusing the domain of the Internet and hidden and indirect support of Western governments » was able to create 350 Facebook pages in two years. Their activities allegedly included:

«Proliferation of the culture of a hedonistic lifestyle, weaken the foundations and negating the institution of the family, mock religious beliefs and values, spread relations outside of moral codes, spread personal images of young girls – which creates conflicts in families and possibly of their disintegration, abusing youths and adolescents, including girls and boys and production and distribution of immoral and anti-religious material in the form of tabloid and popular content on social network Facebook. » Some of those people affected by IRGC centres operation alleged earned «illegitimate income» through their activities.

Cyber crime can take variety of forms and is not unique to Iran and it affects nearly every society with Internet access. But IRGCs Center for Investigation of Organised Cyber Crimes seems to have spread widely in this operation by arresting individuals for activities which in many contexts are not be considered as crimes. This is in part because the IRGC and more broadly Iranian hardliners see such activities as being part of soft war carried out by hostile foreign governments and their Iranian facilitators.

Soft war is not just regime rhetoric but is seen by some people as national security concern and has received massive funding. Cyber space which is a key domain for the spread of ideas is seen as key domain for the broad cast of content which can advanced the perceived soft war against Iran. This is why Iran has not only one but several organizations for oversight of cyber space including FATA police unit which appears to perform the same function as the IRGC Center for Investigation of Organised Cyber Crimes even in relatively more open and transparent fashion. Yet as said in the past when it comes to fighting the soft war the regime only seems to be capable of successfully employment of hard tools such as cyber filtering regime and arrests and interrogations. What the regime appears to be incapable of successfully employing is soft tools to attract Iranians back toward the Islamic Republics vision of Iranian Islamic culture instead of only trying to deter consumption of Western culture.