The Iranian hacker-activist Cyber Anakin – named after the Star Wars character – used his digital abilities to stage a highly visible online protest against Iran’s government after it was accused of shooting down a passenger aircraft earlier this month.
On January 8, 2020, Iran’s Revolutionary Guards (IRGC) shot down a Boeing 737-800 passenger aircraft operated by Ukrainian Airlines, resulting in the deaths of 176 passengers. Flight 752 took off from Tehran’s Imam Khomeini International Airport, bound for Kiev, but disappeared from radar just a few minutes after take-off.
Iranian authorities initially denied suggestions that the flight was downed by a missile – but western intelligence agencies and witnesses soon revealed that the flight had indeed been shot down by a Tor-M1 missile. On 11 January, after three days of denials and obfuscation, the IRGC admitted they had shot down the aircraft after mistaking it for a US cruise missile. In an unusual reversal, Iranian President Hassan Rouhani made an official statement describing the accident as an "unforgivable mistake".
Shortly after the admission, thousands of Iranian protesters, angry at the incompetence of their own government, poured into the streets of Tehran and other cities such as Urmia, Shiraz, Isfahan and Hamadan.
Protests also broke out online when websites and servers belonging to the Iranian regime were hacked by Iranian and non-Iranian hacker-activists – or hacktivists.
This interview with Cyber Anakin, who targeted Iranian government websites including the Water and Power Organization of Khuzestan, placing the names of each of the 176 victims of Flight 752 on the website’s landing page, explores his work and wider hacktivist thinking.
What made you target the Iranian case involving Ukraine Airlines?
Flight 752 felt too much like [downed 2014 Malaysian Airlines flight] and I had avenged MH17 about 4 years ago [by hacking Russian websites]. I thought the Iranian government would deny their involvement as like the Russians did with MH17 so I moved quickly to avenge the flight once more.
How did you choose your Iranian government targets?
I accidentally came across vulnerable Iran government websites. I thought I’d hack into website backends and deface the front pages that way. But official Iranian websites only had amateur HTML/CSS code that works like XSS but is much simpler. You can introduce HTML code into the comment boxes that corrupt the strings, and ends up causing the site to execute a question and corrupt the page.
Injecting HTML to deface websites might sound amateurish to experienced hackers; but as it happened, that was the technique that gave me an opportunity to put the names of the Flight 752 victims online, to create a kind of memorial.
How many official Iranian websites and servers have you hacked?
All the defaced pages I’ve hacked on at http://kwpa.gov.ir domains i.e. belonging to the Khuzestan water organization. I have listed the defaced links together with an archive on a /r/iran thread at Reddit.
You also participated in online efforts around the #FreeHKSaveKorea movement.
In exchange for China allowing Hong Kong to give in to the demands of its #5DemandsNot1Less protesters – or at least the most important demands, at a minimum – a kind of strategic relief could be offered to #China in the form of a peaceful Korean reunification.
This can be achieved by setting up a Reunification Investment Fund as first described in Professor Shepherd Iverson 2017 book "Stop North Korea! A Radical New Approach to the North Korea Standoff".
I initially thought that the idea would be very controversial, or unpopular, as it involved a counter-intuitive devil's bargain; so after I posted it on my blog, I let it sit idle for several months. Before taking a leap of faith, I ardently hate Kim Jong-un very much.
Then in November, I was nudged by the Anonymous collective when they accessed some computer databases in China and leaked these to a breach directory site. In an ensuing ActivistPost.com article they publicized my blog post and revived the idea.
That's around the time I started so-called printer hackings and Twitter spoofings ... in order to prevent more senseless losses. The printer hacking was similar to what was done by Pewdiepie hackers at late-2018, by exploiting open printer ports. One of my printouts ended up on a Taiwanese Lennon Wall. Then I pulled a Twitter spoofing trick on South Korean and UN websites – just to get their attention. These printer hackings and Twitter spoofings show how obsessed I was with #FreeHKSaveKorea before the plane crash.
Describe the way these hacks work.
Printer hacking is easy – here's how to do it. You need Shodan account, and to download the results of all printers with port 9100, exposed into a json file. Then you download the Printer Exploitation Toolkit (PRET) along with a script that parses all the IP strings in that json file, appending PRET commands before finally putting these in a text file and running it as a shell.
Twitter spoofing? Easy! You just scoop up an empty username that the webmaster neglected on his site and there you go! If Twitter decides to implement its dreaded "inactive account policy" then it's expected that this kind of spoofing will become commonplace.
Finally, HTML Injection. The Iranian government did not properly sanitize HTML strings in its comment boxes, so it made it possible to executed HTML scripts, making it possible to deface their websites.
I felt that the Twitter spoofings at the South Korean and UN websites are not “attacks" in the classic sense. I just wanted the ideas behind my actions to get mainstream attention so that the situations in Hong Kong and Korea wouldn't deteriorate.
But regardless of your intentions, “hacktivism” is a crime; how do you justify what you do?
Interestingly enough, there is actually a debate on exactly that issue on the comments section of my /r/iran thread. One user, vatanparast, said: “What is legal and what is morally right are not always the same. Governmental laws should absolutely be disobeyed and actively fought against when the society is fundamentally unjust against the people. If the laws do not allow for freedom for all to have the best lives, with liberty and the pursuit of happiness that the country can provide, then they are worthless and must be disobeyed and thrown out.”
What do you want to say directly to the Iranian people?
I'd like to thank all the brave Iranians who stood up against the Iranian government’s initial cover-up attempt in the aftermath of the Flight 752 crash.