Iran’s Digital Surveillance Tools Leaked

It’s Iran’s turn to have its digital surveillance tools leaked:

According to these internal documents, SIAM is a computer system that works behind the scenes of Iranian cellular networks, providing its operators a broad menu of remote commands to alter, disrupt, and monitor how customers use their phones. The tools can slow their data connections to a crawl, break the encryption of phone calls, track the movements of individuals or large groups, and produce detailed metadata summaries of who spoke to whom, when, and where. Such a system could help the government invisibly quash the ongoing protests ­—or those of tomorrow ­—an expert who reviewed the SIAM documents told The Intercept.

[…]

SIAM gives the government’s Communications Regulatory Authority ­—Iran’s telecommunications regulator ­—turnkey access to the activities and capabilities of the country’s mobile users. “Based on CRA rules and regulations all telecom operators must provide CRA direct access to their system for query customers information and change their services via web service,” reads an English-language document obtained by The Intercept. (Neither the CRA nor Iran’s mission to the United Nations responded to a requests for comment.)

Lots of details, and links to the leaked documents, at the Intercept webpage.

Tags: , , ,

Posted on November 1, 2022 at 6:24 AM9 Comments

Comments

Petre Peter November 1, 2022 7:46 AM

I wonder what does the “morality police” think of human rights. I lived in a similar system in communist Romania. Know your exits, seek asylum. No tyranny has ever survived without censorship.

John White November 1, 2022 1:40 PM

Obvious CIA hack and dump operation. The Intercept is completely compromised.

Iran is far freer than any nation under the control of the ammurrican empire.

Ted November 1, 2022 5:47 PM

Is this SIAM program common knowledge among Iranians, particularly protestors? The Intercept reported that some protestors received text warnings to stay away from places of “unrest.”

Wow, though. Did you see all the data that can be collected from a cellular network? It’s more than just location tracking, but also detailed call records, website visits, VPN usage, and… well this still accounts for only a few of SIAM’s capabilities.

Boris November 3, 2022 2:09 AM

I expect it’s no different to the capabilities deployed by almost every government with a moderately capable intelligence service – especially in the so-called ‘free’ West.

Clive Robinson November 3, 2022 12:01 PM

@ Bruce, ALL,

These sorts of system are in effect practicing “asymetric warfare” on society. Thus like virtually all asymetric warfare a form of “Terrorism”.

The only difference is that those committing the acts of terrorism are in a position of “control” thus “power”.

Rob them of “control” and thrir ability to terrorise is diminished, and so in turn is their “power”.

Which brings up the question,

“Csn we have electronic communications without terroristic control?”

And,

“If so, how do we get it put in place against political and corporate wishes?”

Something we need to think about not just urgently but carefully.

As some here will remember the Internet was touted as just such a system, but I think most now upon a little reflection will conclude that wr are now actually worce off privacy wise than we were prior to the Internet.

As for the “bug&tracker in your pocket” Mobile/Smart Devices they in no way give privacy and worse can be used to “make you guilty” by the use of data and meta-data over which you as an individual have no control (and can not challenge for accuracy etc even if you knew how to).

We have been cursed by just a very few to,

“Live in interesting times”

And for the small minority who are aware they are truly frightening times.

We need to consider taking control away but it is problematical. For instance one idea might be for our mobile/smart devices to,

“PKcert sign location markers that get held in the service provider records.”

It sounds good untill you start thinking about

“PKcert sign what?”

In effect you have no reliable source of location data comming in, so anyone who has even moderate technology skills can taint the data upstream of your mobile/smart device signing it.

I’m known to have a very long term distrust of “Code Signing” for similar reasons and have had time to think about it. Sadly all signing systems at the end of the day are hierarchical in several ways. As with all hierarchies control thus power accumulats at the top and every one bellow that is vulnerable.

Switching over to a “Net of trust” system actually does not remove the hierarchical control system except very locally to an individual. So in practice is little different to a direct hierarchical control system.

Essentially we currently don’t have a way to defeat hietarchical control structures, nor do we appear to be putting any effort in so doing.

The unfortunate problem of this is,

“As technologists we are sleepwalking into a trap of our own making…”

Hence I think we should put a lot more effort into waking up to this and turning things around, as we now have very little time to do so, before the door of the cage is slamed shut behind us…

Phillip November 4, 2022 12:16 AM

So, technically speaking, what else is new? All right: real people, I do get it. I am not exclusively going techno-wizard when it comes to baiting anybody for human understanding. Technology should just work, right?

- November 6, 2022 12:49 PM

@noname:

“Is this a mirror I see before me?”

Are you channeling Julius Ceaser or Snow White’s step mom?

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.