In between being blindfolded, locked in solitary confinement, and interrogated in a wheelchair whereas she was on a starvation strike following her late September arrest, Negin says she had a realization: Iranian officers had been utilizing her personal Telegram chats, cellphone logs and textual content messages to incriminate her.
“They informed me ‘Do you assume you may get out of right here alive? We’ll execute you. Your sentence is dying penalty. We now have proof, we’re conscious of every part,’” mentioned Negin, whose title CNN modified at her request, for her security.
Negin, who says she has been accused by Iranian authorities of operating an anti-regime activist group on Telegram (an allegation she denies), mentioned she has “some associates” who had been political prisoners. “They put in entrance of me transcribed printouts of my cellphone conversations with these associates,” she mentioned, and “questioned me on what my relationship with these individuals had been.”
Negin thinks Iranian brokers hacked into her Telegram account on July 12, when she realized one other IP handle had accessed it. Whereas Negin was in jail, she mentioned, Iranian authorities reactivated her Telegram account to see who tried to contact her and reveal the community of activists with whom she was in contact.
Negin was one in every of a whole lot of protesters detained at Iran’s notoriously brutal Evin jail in northern Tehran within the first few weeks of demonstrations following the dying in custody of Mahsa Amini. Amini, a 22-year-old lady, had been apprehended by Iran’s morality police for apparently not carrying her hijab correctly.
As protests unfold within the nation, a lot of the eye has centered on the Iranian authorities’s efforts to close down the web. However behind the scenes, some fear the federal government is utilizing know-how in one other method: accessing cell purposes to surveil and suppress dissent.
Human rights activists inside and outdoors of Iran have been warning for years in regards to the Iranian regime’s capacity to remotely entry and manipulate protesters’ cell telephones. And tech firms is probably not effectively outfitted to deal with such incidents, consultants say.
Amir Rashidi, Director of Digital Rights and Safety on the human rights group Miaan Group, mentioned the strategies described by Negin match the Iranian regime’s playbook.
“I personally documented many of those circumstances,” he mentioned. “They’ve entry to something past your creativeness.”
CNN has reached out to the Iranian authorities for remark about Negin’s allegations however has not heard again.
The Iranian authorities could have used related hacking techniques to surveil the Telegram and Instagram accounts of Nika Shahkarami, the 16-year-old protester who died after an indication in Tehran on September 20. The Iranian authorities have all the time denied any involvement in her dying, however a earlier CNN investigation discovered proof suggesting she was detained on the protests shortly earlier than she went lacking.
Iranian authorities nonetheless haven’t responded to CNN’s repeated inquiries about Nika’s dying.
No less than one tech firm, Meta, has now opened an inside inquiry into exercise on Nika’s Instagram account after her disappearance, CNN has discovered.
After Nika went lacking, her aunt and different protesters informed CNN that her common Instagram and Telegram accounts had been disabled. Per week later, her household discovered that she was useless. However the thriller over who had deactivated her social media accounts remained.
On October 12, two of Nika’s associates seen her Telegram account briefly again on-line, they informed CNN. Nika’s Instagram account was additionally briefly restored on October 28, greater than a month after her disappearance and dying, based on a screengrab obtained and verified by CNN.
As with Negin’s case, the reactivation of Nika’s accounts raises questions on whether or not Iranian authorities had been liable for accessing her social media profiles, allegedly to phish different protesters or compromise her after her dying.
“Telegram is every part in Iran,” defined Rashidi. “It was greater than only a messaging app earlier than being blocked and nonetheless they managed to keep up their presence in Iran by simply merely including a proxy possibility within the app.”
“If customers don’t have entry to something due to censorship, they nonetheless have entry to Telegram,” he continued. “As outcomes there are loads of customers’ knowledge in Telegram and that’s why the Iranian authorities is inquisitive about hacking Telegram.”
There are alternative ways the federal government might achieve entry to an individual’s accounts or their community of contacts, based on consultants. Negin, for instance, mentioned authorities “saved creating Telegram accounts utilizing my SIM card, with a view to see who I’m in touch with.” In different circumstances, authorities might try to co-opt the two-factor authentication course of, which is designed to supply larger safety by texting or emailing a login code.
“Normally what occurs is, they do the goal cellphone quantity, then they ship a login request to Telegram,” Rashidi informed CNN. “In the event you don’t have 2-step verification, then they’ll intercept your textual content message, learn the login code and simply get into your account.”
That’s why some Iranian activists cheered when Google launched Google Authenticator within the nation in 2016. It’s a two-step verification course of that provides a layer of safety for cell phone customers.
Crucially, nevertheless, the Iranian regime doesn’t even want telecommunication firms to work with them, based on Rashidi. “The Iranian authorities is operating your complete telecommunication infrastructure in Iran,” he mentioned.
After Nika’s disappearance, Meta launched an investigation into whether or not Nika herself had disabled the account or whether or not another person was accountable. The investigation lasted 9 days, from October 6 to October 14, based on a supply at Meta who spoke to CNN on situation of anonymity.
The conclusion: “Whereas we are able to’t share particular particulars about Nika Shahkarami’s account for privateness and safety causes, we are able to verify Meta didn’t initially disable it,” a Meta spokesperson informed CNN.
Meta additionally confirmed to CNN that Nika’s account “was briefly reactivated and memorialized for lower than 24 hours” on October 27 “on account of an inside course of error, which we addressed by re-disabling the account.” Meta informed CNN it discovered this error after CNN reached out for this investigation.
Meta additionally mentioned it obtained route from Nika’s household by way of one of many firm’s trusted companions in Iran that they wished Nika’s Instagram account to remain offline.
Nonetheless, references in Iranian state media point out authorities did entry Nika’s Instagram account and direct messages, stating they’d permission from the judiciary to entry them.
A relative of Nika, who wished to stay nameless for worry of repercussions, informed CNN the Tehran prosecutor’s workplace has been holding Nika’s cellphone since her dying. “We went to the prosecutor’s workplace and came upon that Nika’s cellphone is with Mr Shahriari (title of the prosecutor); I noticed with my very own eyes that it was of their fingers,” the member of the family mentioned.
Meta’s investigation highlights each the seriousness of the case and the constraints that American tech firms seem to have in addressing activists’ considerations about Iran’s dealing with of accounts.
Mahsa Alimardani, senior web researcher at Article 19, a freedom of expression group, additionally raised considerations about Telegram. “One time we requested them to reverse some edits that had been achieved on an individual’s account after her dying, and so they weren’t useful. They didn’t get again to us. They didn’t attempt to repair the difficulty. No sort of assist or assist into that,” Alimardani mentioned.
In response to CNN’s request for remark, Telegram spokesperson Remi Vaughn mentioned: “We routinely course of dozens of comparable circumstances referred to us by activists from trusted organizations and disable entry to compromised accounts. In each case we’ve investigated, both the system had been confiscated or the person had unwittingly made such entry doable — by not setting a 2-Step Verification password or utilizing a malicious app impersonating Telegram.”
“In international locations with authoritarian rule, reminiscent of Iran, authorities can probably intercept any SMS message,” Vaughn continued. “It’s due to this fact vital for customers to allow Two-Step Verification, which requires an extra user-created password to be entered every time logging in, along with the SMS login code. Additionally it is vital that such customers use official Telegram apps from trusted sources.”
“To guard protesters, now we have blocked 1000’s of posts that had tried to deanonymize protestors and will have reached a whole lot of 1000’s if not for our intervention. We’re all the time proactively monitoring public-facing elements of our platform to search out such misuse,” she concluded.
“Tech firms should work with civil society,” Rashidi mentioned. “There are such a lot of points that they’ll work with us on them to ensure these platforms are protected, particularly for individuals who are in danger.”