- Table of contents
The Cyberint Research Team work round the clock to unearth the latest threats to SMBs and enterprises. They are on top of the latest TTPs and monitor rising threat groups, malwares and trends.
Table of contents
GhostSec’s Revelation of Iranian Surveillance Software
GhostSec has reported a successful breach of the FANAP Behnama software, which they describe as the “Iran regime’s very own Privacy-invading software”.
This breach has resulted in the exposure of approximately 20GB of compromised software. The group alleges that the Iranian government employs the software for citizen surveillance, representing a significant advancement in the nation’s surveillance capabilities.
As evidence, the group has shared a portion of the software’s source code, showcasing, among other capabilities, its distinctive facial recognition functionality that enhances its surveillance effectiveness.
Over the past two months, the group claims to have meticulously analyzed around 20GB of compressed data, file by file.
Ghostsec’s objective is to ensure that this information can be readily accessed, aiding the Iranian citizens whose privacy has been compromised and upholding the necessity for comprehensive privacy protection.
This Sunday, GhostSec made a significant announcement on their official Telegram channel. They disclosed a successful breach they executed on the Behnama software by the FANAP, a noteworthy occurrence that has the potential to trigger substantial consequences within Iran’s regime. GhostSec has exposed that the Iranian regime utilizes the Behnama software to conduct surveillance on its citizens. By revealing portions of the software’s source code, GhostSec has brought to light enhanced surveillance capabilities that the software possesses that may have broader implications in the near future.
It all began with GhostSec’s official announcement of the breach, during which the group disclosed their successful compromise of a substantial 20GB of the software breach. They accompanied this revelation with a selection of breach screenshots and a commitment to release the software’s source code. This act aims to unveil the methods through which the Iranian government conducts surveillance on its citizens, with the group intention of supporting privacy and human rights.
As a further step in their campaign, the group established a dedicated Telegram channel titled “IRAN EXPOSED” Through this platform, they intend to share information on this breach and have already shared portions of the compromised software data, accompanied by explanations regarding their findings and the rationale behind their actions.
Beyond their sharing of screenshots and providing comprehensive insights into the software’s functionalities, GhostSec has taken the initiative to commence uploading segments of the Behnama code to their dedicated Telegram channel. This upload includes various components such as configuration files and API data. The group is presently actively involved in this process and has made a commitment to delivering in-depth explanations once the uploading procedure concludes.
Revealing the Software’s Capabilities
GhostSec’s initial message on the “IRAN EXPOSED” channel provides an official overview of the FANAP software’s intended purposes. However, GhostSec underscores that the software’s actual activities extend well beyond its official description.
The group proceeded to reveal various developments within the FANAP software company. These include tools for facial recognition-based video surveillance (implemented across Pasargad Bank Car GPS and tracking system, a Car plate recognition system (which might have implications for hijab alerts), and a Face recognition system for ID card printing. Moreover, the group contends that the Single Sign-On (SSO) platform employed by the Regime for online user authentication is connected to the FANAP system. This integration compiles intricate aspects of citizens’ lives, not only to determine access privileges for services but also to construct a virtual profile for facial recognition. The group maintains that this evaluation is rooted in the software code, substantiating indisputable evidence of the software’s capabilities and deployment.
GhostSec alleges that the tools are actively utilized by the Iranian government, law enforcement agencies, and military personnel. This marks a noteworthy advancement in the country’s surveillance capabilities.
GhostSec’s official statement regarding their motives for this breach and subsequent exposure is in line with their aim to promote equality in the fight for human rights for privacy. This exposure seeks to empower the Iranian populace to demand privacy rights in the wake of increased awareness about government surveillance. While GhostSec’s actions align with hacktivist principles, they also position themselves as advocates for human rights, generating attention for their cause through this revolutionary revelation.
It’s important to note that GhostSec actively monitored the FANAP responses to the breach as part of this disclosure campaign. Initially, GhostSec claimed responsibility for the shutdown of the fanap-infra.com website, a step taken as part of their revenge campaign on the company. Following that, the group revealed that another website associated with the FANAP software company was only accessible within Iran and that the main GitHub repository of the company was made private, potentially due to the unfolding events.
Cyberint and the Dark Web
Cyberint excels in accessing high-tier sources that remain elusive to most companies. Our unique ability to penetrate these hidden corners enables us to collect and analyze invaluable data. We enrich our automated collection with a human approach, through research and analysis of our military-grade expert team.
Find new sources in deep and dark web marketplaces, forums, and sites, even if those sources are volatile and difficult to track. Get deep analysis and reports, that allow you to understand a specific threat actor and group profiling, including the places of operation, targeted countries or verticals, TTPs and more. Get a demo and see what assets you have exposed on the deep & dark web.