Many virtual resistance cells formed on the Internet and in social media in Iran with the outbreak of civil unrest in December 2017 in the holy city of Mashhad.
A group of Iranian computer hackers calling themselves Tapandegan disrupted the communication systems at Mashhad International Airport on May 24 for several hours by posting images of anti-government protests.
The group also posted a message on airport monitors that read: “Attention, attention. We are Tapandegan. We have taken control of the computer system at Mashhad Airport as an act of protest. It has been five months since unrest has gripped the country. However, the Islamic Revolutionary Guards Corps (IRGC) continues to waste money, lives, and resources in Syria, Gaza, and Lebanon. We will continue our protests until they cannot silence our voices any longer. We are acting in solidarity with the courageous people of Kazerun [in the southern province of Fars, site of a violent protest on May 16]. We have just started our campaign. If you support our cause, then we ask that you share with us any crucial information including footage of protests around the country.”
Authorities at Mashhad Airport reportedly had to turn off every single monitor manually.
On June 6, the group also hacked the arrival and departure monitors at Tabriz International Airport [the northwestern province of West Azerbaijan], posting anti-government messages. Tapandegan use Twitter to disseminate their message. They followed their post at Tabriz airport with hashtags that translate into English as #nationwide-protest #protest-truckers.
Tapandegan has also said that it has hacked the email accounts of senior managers and employees of all the airports in the country. Documents released by the group show that Iranian authorities are concerned about Tapandegan’s ability to hack the computer systems of the government agencies, financial institutions, and the military.
Domestic and foreign news outlets have reported extensively on the group’s activities.
Tapandegan has also hacked the emails of the Mayor of Tehran Pirouz Hanachi, the Speaker of the Majlis (Iranian Parliament) Ali Larijani, the Second Deputy of the Parliament Ali Motahari, a deputy representing, Tehran, Ray, Shemiranat and Iranshahr Mahmoud Sadeghi and dozen other Majlis deputies, demanding that they investigate and put an end to the rampant corruption in the country.
On June 22 the group tweeted: “We @tapandegan have taken control of the email and the Twitter accounts of Tehran Municipality. To expose corruption, send your emails to [email protected] or share your information at #tapandegan.”
One email posted by the Tapandegan was from the Tehran Municipality to Majlis deputies complaining about mismanagement of the country’s economy and social injustices. The group tweeted: “We @tapandegan have also hacked the Twitter account of Tehran Municipality. To expose corruption, send your emails to [email protected] or share your information at #tapandegan.”
In a tweet on July 23, the group said: “Following our call to action, we’ve received information that exposes the widespread corruption in the country. We have posted secret documents revealing IRGC’s control over private companies with the blessing of the [Supreme] Leader [Ayatollah Ali Khamenei].”
Documents reveal that the IRGC’s engineering wing Khatam al-Anbiya Construction Headquarter (KAA) holds assets worth of $500 million. The records also list Khatam al-Anbiya’s subsidiaries — including Gharagahe Sazandegi Ghaem (GHAEM), Ghorb Karbala, Makin, Oriental Oil Kish (OOK), Rah Sahel, Rahab Engineering Institute, Sepanir, and Sepasad Engineering Company, the Imensazen Consultant Engineers Institute (ICEI) and the Fater Engineering Institute. The last two are on the list of entities that have been sanctioned by the U.S. Department of Treasury.
Tapandegan also published a copy of a contract between the IRGC and Syrian President Bashar al-Assad. In a tweet dated September 23, the group said: “Repeat of the [Treaty of] Turkmenchay [an agreement reached at the end of Russo-Persian War (1826–28) which forced Persia to surrender the control of several areas in the South Caucasus to Russia.] The regime has forgiven Syria’s $30-billion debt to Iran in exchange for a 50-year contract. How long will this bribery continue? Please send us any information you’ve uncovered.”
According to the contract, President Assad does not have to pay Iran for the exploration and extraction of phosphate mines in the southeastern region of Syria near Homs until 2068.
Tapandegan alleges that it has in its possession irrefutable proof that shows Iran has been giving the Lebanese Hezbollah $500 million a year. The group has allegedly secured the documents by hacking the IRIB [Islamic Republic of Iran Broadcasting] computer network and the email accounts of Abdolali Ali-Asgari, the director-general of the IRIB, and two of his deputies Mohammad Massoud Aboutalebi and Mehrdad Seyyed Mehdi, as well as the email account of Iran’s consulate-general in Berlin.
In a tweet dated December 22, the group said: “The documents prove the unprecedented hacking of the IRIB computer network system #IRIB and email #Iran-Consulate-General. Continue to expose corruption #corruption.”
Tapandegan has sent email messages to Majlis Speaker Larijani, a dozen deputies, reporters, and media outlets alleging that a senior advisor to Foreign Minister Javad Zarif and Iranian ambassador to Beirut and a special team of agents have been funneling funds to the Lebanese Hezbollah. The group has said the funds are twice the Foreign Ministry’s annual budget.
In the emails, Tapandegan has also highlighted the plight of striking workers at the Khuzestan Steel Company and the Haft Tappeh Sugarcane Factory in Ahvaz, capital of the southern province of Khuzestan, who have not been paid their wages and salaries in months.
Translated from Persian by Fardine Hamidi