'Hacktivism' in Iran: emails, nuclear facilities, and AC/DC

Iran has been the victim of yet another cyberattack targeting their nuclear energy sector, heralding back to the Stuxnet attack that first targeted Iranian nuclear systems back in 2010. This time, email servers were the target, with activist group Black Reward accessing email servers belonging to Iran’s Atomic Energy Organization at the Bushehr Nuclear Power Plant.

Simon Sharwood of The Register explains that the group claims to have pulled information from over 324 inboxes, leading to a total haul of over 100,000 messages and 50 gigabytes of files.

The hack occurred in the midst of heavy civil unrest in Iran, sparked by recent actions by Iran’s police in enforcing their Hijab policies. Apurva Venkat of CSO explains that despite claims by the Iranian government that the attack was an effort by other countries to gain information on their nuclear program, Iran-based hacking group Black Reward has come out and not only claimed responsibility, but also stated that the hack was in support of the ongoing protests in Iran.

Such protests have become widespread after the death of Mahsa Amini, a young woman who was taken into custody by Iran’s morality police for allegedly not following the conservative dress code and died after being detained. This follows a long timeline of other women being arrested or beaten in the streets if the Iranian morality police don’t believe they are adhering to national policies. Mahsa Amini’s death seems to be the breaking point for Iran, as the country has been racked with violence as massive protests against such restrictive policies and inhumane treatment have been met with police backlash. Many protestors have also been arrested by Iran’s police force as a result of such backlash.

Venkat furthers that Black Reward tried to use their recent hack as a way to pressure the government, threatening to “release hacked information in 24 hours unless the authorities released political prisoners and people arrested during the recent unrest.” Iran did not comply, and statements from the Bushehr plant call the hack an act of desperation to attract public attention.

As a result, Black Reward posted a downloadable link of around 85,000 cleaned emails that they claim is “perfect for researchers and journalists.” Venkat furthers that initial reports of the information claim that it contains management and operational schedules, visa and passport information of Iranian and Russian nuclear experts, and information on finances and company agreements.

For Iran, this is only the most recent attack in a long line of cyberattacks targeting their nuclear energy system. The international community largely views Iran’s nuclear energy system as a stepping stone for their broader plans to obtain nuclear weapons, which is a key goal for a government that is trying to expand their influence abroad and prove they are a key power player. As a result, the program is often attacked by those who want to prevent nuclear weapons development or to simply target the Iranian state.

Such attacks started in 2010 with the Stuxnet virus, which Paulius Ilevicius of NordVPN says targeted the centrifuges of Iran’s nuclear enrichment facilities by taking advantage of zero-day vulnerabilities (i.e., unplugged holes in software) in the Windows system, which severely crippled Iran’s nuclear program at the time. This project is widely considered to be a joint US-Israel cyberattack meant to achieve their political goals. In recent years though, attacks on the system have more been used as warnings to show that outside actors exist. For example, Rich McCormick of the Verge explains one such occasion where hackers hijacked the computers in Iranian nuclear facilities to play Thunderstruck by AC/DC. At full volume. In the middle of the night.

The release of such information to the public only opens up the Iran nuclear program to more attacks, with Venkat describing it as potentially paving the way for another Stuxnet. It also increases international scrutiny on the program to ensure it is solely for nuclear energy development and not nuclear weapons, with the emails giving researchers a novel pathway for analysis.

The true goals of this hack don’t lie in the national security implications for the information, but in what the hack stood for. The Iranian people are rising up against the policies and enforcement mechanisms of the Iran government, and they have hackers on their side.