As tensions between the U.S. and Iran continue to mount as Washington looks to further ratchet up pressure on Tehran, Iranian cyber activities have been in the spotlight in recent weeks. U.S. authorities have cracked down on Iranian cyber actors as part of a wide-ranging campaign, going after everything from website defacement to intellectual property theft and imposing targeted sanctions.

Over the past decade, Iran has made a concerted push to expand its cyber capabilities, an effort in which the Islamic Revolutionary Guard Corps (IRGC), the branch of the Iranian military charged with safeguarding the 1979 revolution against internal and external threats, has played a central role. The IRGC reports directly to Supreme Leader Ayatollah Ali Khamenei and acts as the eyes and ears of the ruling clergy throughout all corners of the country, spying both digitally and physically on its own citizens. Given the IRGC’s expansive and growing power, scholars, analysts, and many Iran watchers have long thought that at some point it could take over control in Iran, replacing the theocratic government with a military one. As Iran approaches an inflection point over the issue of succession after Ayatollah Khamenei, that day could be coming soon, and the IRGC is well placed to bring about such a transition given the hybrid mix of physical and cyber capabilities that it has developed and perfected over recent decades.

Cracking down

The IRGC has played a key role in cracking down on protests and curbing dissent in Iran whenever they reach critical mass. This was on clearest display during the 2009 Green Movement, when the IRGC crushed opposition to the contested electoral victory of former President Mohammad Ahmadinejad. That same year also saw the introduction of two new trends. The first was the use of social media, specifically Twitter, to coordinate resistance movements. Indeed, the Green Movement is sometimes referred to as the “Twitter movement” given the key role the platform played in the protests. The second was the overall expanded use of digital communications by those opposing the Iranian government, including messaging apps as well as social media platforms, which resulted in subsequent IRGC monitoring of citizens’ online activities to detect and quash dissent. It is the latter trend, however, that is most concerning, as government monitoring and tracking of Iranian citizens online has only increased in the years since.

The IRGC’s cyber role

In addition to being an armed military force, the IRGC is also one of the country’s leading cyber bodies, controlling the internet and access to it, and using technology as a way to influence both internal security and the ideology of the Iranian population. Along with the civilian Ministry of Intelligence and Security (MOIS), the IRGC monitors all online communications, censors news, and curates the public image and facts that Iran shares with the outside world.

The IRGC conducts surveillance throughout the country in order to track Iranian citizens. This includes monitoring social media such as Twitter, Facebook, and Instagram, as well as other chat platforms, like WhatsApp, and even encrypted ones, like Telegram. Even if a platform is blocked from use in Iran — both Twitter and Facebook have been officially blocked, but savvy users circumvent these restrictions by using virtual private network (VPN) technology — the IRGC can still detect their use and punish people for accessing them.

The Iranian government has created its own internal equivalents to social media and chat apps, encouraging the population to use Iranian apps like Souroush and iGap and avoid “Western” technology and platforms. However, the public is wary of such apps and knows that the government both censors and monitors them, so most informed users don’t share sensitive information on them. These internally created apps are simply another demonstration of the lengths to which the Iranian government will go to intercept information and use it for various purposes.

Preparing for transition

Changes in the upper echelons of the Iranian government beginning around 2018 are likely indications that Supreme Leader Khamenei is preparing for his succession, as IRGC figures have recently assumed key positions. While his ultimate plans are unclear, one potential scenario could be an IRGC takeover. Important recent developments and considerations on this front include expanded control of state-run media and the image it presents internationally (despite the clash with images broadcast by dissidents and protesters on social media), continuous monitoring of various messaging systems, public IRGC criticism of presidential governance, and high-level appointments made by Khamenei himself:

  • Through controlled outlets such as state-run news channels and aforementioned social media, the Iranian government has broadcast the message that a military-run government would solve the country’s economic problems, bridge its international relationships with European nations, and make Iran a stronger power in the Middle East.
     

  • The messaging about the need for political change in Iran is only likely to increase as the June 2021 Iranian presidential elections approach. Since 2016, the world has witnessed Iranian external propaganda missions targeting elections in the U.S. and Europe using fake news sites, fake personas, and other imitations that put out an anti-Western, anti-Israel narrative. The same tactics could also be easily used inside of Iran to sway public opinion in favor of a change in government.
     

  • Khamenei himself has overseen several direct appointments to the IRGC beginning in 2018. By placing loyal clerics to key ombudsperson positions in the IRGC, Khamenei guarantees a direct flow of information to him, as well as control over Iran’s military apparatus.
     

  • In May 2020, former IRGC Brig. Gen. Mohammad Bagher Ghalibaf was elected speaker of the Iranian Parliament (Majlis). More than two-thirds of MPs in the Majlis are former or current IRGC personnel, again strengthening the tie between the military and other Iranian governmental bodies. Many of these MPs were active in suppressing the 2009 Green Movement, attacking and arresting participants.
     

  • The clerics continue to fault the presidential administration of Hassan Rouhani, especially his handling of the coronavirus pandemic, which has hit Iran hard. They have also criticized Rouhani’s economic policies, as well as his “pro-Western” stance and his “elitist” infighting, which, according to the IRGC, detracts from efforts to work for and benefit the Iranian population.
     

  • When more drastic measures are needed, the Iranian government can simply shut down the internet, as it did during the November 2019 protests, preventing Iranians from posting images or content on social media. The IRGC is well versed in controlling the government’s narrative, or, if need be, simply preventing citizens from accessing the internet altogether.
     

Looking ahead

By introducing and maintaining a narrative that faults other government bodies while celebrating its own successes in governing, as well as touting the “benefits” of military rule through online news and social media sources, the IRGC is well equipped to make the case for a potential takeover. Beyond the media narrative, the IRGC also has considerable hard power and has demonstrated a willingness to use it to quash dissent and imprison protesters, as the images of physical abuse circulating on social media make all too clear. Its control extends to the digital realm as well, where the IRGC has implemented and perfected technology over the past decade enabling it to spy on the Iranian people. 

Having enhanced and expanded its physical and digital powers over the years, the IRGC has the media control, digital tools, and physical forces on the ground to bring about a transition to military rule should it so desire. Moreover, given the chaos of world events — from the economic hardship at home due to international sanctions to the devastation of the 2020 coronavirus pandemic — as well as the upcoming 2021 Iranian elections, it is unlikely to have a shortage of opportunities to exploit.

 

Steph Shample is a Non-Resident Scholar with the Middle East Institute's Cyber Program and Senior Analyst at Team Cymru. The views expressed in this piece are her own.

Photo by Iranian Supreme Leader Press Office/Handout/Anadolu Agency via Getty Images