Late last night the popular micro-messaging service Twitter was attacked and had its website defaced by a group calling itself the Iranian Cyber Army. The Twitter homepage and the main application service page were replaced with a bold pro-Iranian and anti-American message. The message was loud, and very clear – the attack was in response to what Iran saw as internal meddling by the west during the recent presidential elections and associated demonstrations in Tehran.
During the post-election turmoil Twitter was used by anti-government protestors to co-ordinate demonstrations and comunicate with the outside world. The Iranian government attempted to crack down on the communications networks with Internet filtering and cell jamming, but these efforts were mostly in vain. As a service from the USA, the use of Twitter by the protestors had a greater symbolic impact on the Iranian government, who viewed it as a tool being provided by one enemy to assist another internal enemy. The US State Department intervened to assure that Twitter was available and accessible, which likely further infuriated the government in Tehran.
The attack last night on Twitter was clear retribution for the role that the service played during the demonstrations, and the role that it continues to play today. We have spoken to a number of sources overnight who have told us that the Iranian Cyber Army, unlike other groups with similar national monikers, is a group name that is to be taken literally – ie. it is an Iranian government group. Little is known about how the group operates, but previous attempts to shut off Iranian citizens from Twitter and other web services demonstrate that Iran has the capability and will to use almost any means to control the flow of information on the web both within and outside of its own borders.
The defacement page included an email address – an unusual move, which suggests that there is a media element to the attack and the hackers, the Iranian government, wish to send their message out far and wide.
Other sources told us that the timing of the attack on Twitter is part of a concerted effort across the Iranian government and military to take a stronger diplomatic stance against the United States and European Union in the lead up to negotiations on Iran’s nuclear plans. Since receiving the initial tip that there might be a larger and broader story in development, Iran has gone on to announce this morning that it will have a new generation of Uranium enrichment centrifuges online and operational by 2011. Further, there are reports from Iraq ia Reuters that Iranian troops crossed the border into southern Iraq last night and raised an Iranian flag over an oil well that is part of a disputed oil field. The websites of anti-government Iranian organizations were also hacked, with the website of Mowjcamp having three of its primary domain names stolen and pointed to the same defacement message that appeared on Twitter (we will not link to it since it is still compromised).
These incidents, along with the attack on Twitter, all occurred in the space of 12 hours and point towards a more aggressive stance from Iran in the lead-up to deadline on negotiations around their nuclear program. With a large-scale attack on a popular global web service, it is the first time that cyber attacks have been used as part of a propaganda campaign to propel the global political agenda of a foreign government. Twitter is a big scalp for the Iranian government, and it allowed them to flex their muscles and inflict damage outside of its own borders and onto those who it blames for much of the country’s internal strife. By selecting Twitter as a target and taking out high-profile anti-government sites at the same time, the Iranian government is being as clear as it possibly can that this war will also be fought on the web. In a web war, Iran has demonstrated that almost nobody is immune, the battlefield is level and it is not afraid to fire the first big shots in full view of the entire world.
Tune into Techcrunch today as we will continue our coverage with a complete description of the web defacements and attacks that have occurred with complete details on how they were carried out.