Iran spyware breached and exposed by GhostSec


The GhostSec hactivist group claims it has taken down what it describes as the “Iran regime’s very own privacy-invading software.” The group was formed around a decade ago with the specific aim of combating Islamist extremism online.

Now, GhostSec claims to have breached the FANAP Behnama software, exposing 20GB of data including face recognition and motion detection systems that it says are used by the Iranian government to monitor and track its people.

Given the outrage following the death in custody last year of Mahsa Amini — after she was arrested by the morality police of Iran for allegedly failing to wear appropriate religious dress — and the wave of protests since that have seen hundreds more killed or detained, the revelations by GhostSec are timely.

“FANAP software, Behnama, was entirely breached,” said GhostSec on its Telegram channel. “A total of around 20GB [of] compressed [files] have been analyzed during the last two months.”

Now it says it intends to make the data public, “in the interests of the Iranian people, but also in the interests of protecting the privacy of each and every one of us.”

Telegram message from GhostSec claiming Iran hack
Telegram message from GhostSec claiming Iran hack, which includes software used for face recognition and motion detection

Commenting on the Telegram statement issued on August 27th, cybersecurity analyst Cyberint said it believes it to be consistent with GhostSec’s stated aim “to promote equality in the fight for human rights for privacy.”

“This exposure seeks to empower the Iranian populace to demand privacy rights in the wake of increased awareness about government surveillance,” it said. “While GhostSec’s actions align with hacktivist principles, they also position themselves as advocates for human rights.”

It added: “As evidence, the group has shared a portion of the software’s source code, showcasing, among other capabilities, its distinctive facial recognition functionality that enhances its surveillance effectiveness.”

Cyberint says the revelation further underscores the Iranian regime’s capacity and willingness to put its citizens under intrusive scrutiny in what observers say is a fundamental breach of the human right to privacy.

“This is not about technology and software, it’s about the privacy of the people, civil liberties, and a balance of power,” said GhostSec. At the end of the Telegram message it shared a link to a separate channel where the data can be accessed, “to continue the expose and the attacks against Iran"

Telegram message taunts Iran
"I know you're crying." GhostSec taunts Iranian regime on its Telegram channel

“As a further step in their campaign, the group established a dedicated Telegram channel titled IRAN EXPOSED,” said Cyberint. “Through this platform, they intend to share information on this breach and have already shared portions of the compromised software data, accompanied by explanations regarding their findings and the rationale behind their actions.”

GhostSec is believed to be an offshoot of the wider Anonymous hacktivist group that emerged as a separate entity around 2015, thought to be partly in response to the ISIS terrorist attacks in France the same year. Since then it claims to have sabotaged hundreds of portals and social media accounts promoting Islamist extremism.

Iran has been under strictly authoritarian theocratic rule since a revolution in 1979 removed the corrupt Shah of Iran from power. The latter was himself installed as a puppet dictator after a coup backed by the CIA and MI6 in 1953 overthrew the democratically elected reformist government of Mohammad Mosaddegh.


More from Cybernews:

What does the latest friend.tech hype say about crypto friends?

NordVPN Introduces NordLabs to explore AI realms

OpenAI releases ChatGPT-4 for big business

UK flights grounded due to tech issue, massive delays

Polish stock exchange, banks knocked offline by pro-Russian hackers

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are markedmarked