A state of perpetual interference: To understand how proxy insurgent groups such as Handala fit within Iran’s modern-day intelligence ecosystem, we first need to look at the historical development of the country’s intelligence operations.In 1953, the United States and Britain (via conduit operations of the CIA and MI6, respectively) instigated a coup in Iran that displaced then-Prime Minister Mohammad Mosaddegh in favor of strengthening the imperialist power of its Shah, Mohammad Reza Pahlavi. The US hoped that by bolstering Iran’s monarchical leader in exchange for underlying influence in a newly pro-Western regime, it would be able to gain access to Iran’s rich petroleum resources.Part of this influence included the establishment and shaping of SAVAK in 1957, the first intelligence agency and secret police of the Imperial State of Iran. Despite being classed as a civilian organization, SAVAK was primarily composed of military figures whose objectives involved suppressing opposition, surveillance of threats to the monarchy and media control within Iran, often operating outside existing laws.When the group was violently dismantled following the 1979 Iranian Revolution, its replacement MOIS, still the country’s dominant intelligence organization, borrowed significantly from its personnel, core philosophy and tactics. All current Iranian entities involved in intelligence are technically required to report to and collaborate with MOIS, including the Islamic Revolutionary Guards Corps (IRGC), which was notably created directly in response to the first Supreme Leader’s suspicions of Iran’s existing military forces.Iran’s modern-day intelligence capabilities have ultimately formed from a mishmash of competing outfits. This includes MOIS, the Islamic Revolutionary Kumitehs, SAVAMA, the IGRC and its paramilitary force the IRGC-QF, all of which were established to support various pro-revolutionary and counterintelligence directives at the end of the 1970s and throughout the 1980s.In short, Iran’s cyber ecosystem has been shaped by decades of political upheaval, revolutionary factioning and calculated external influence. The protective front of a “pro-revolutionary” ideology, therefore, has long been used by the Iranian state to justify acts of political violence, espionage, surveillance and subterfuge.
What do these groups actually represent?: Western perceptions of groups such as Handala Hack Team and CyberAv3ngers are likely distorted by culturally based assumptions. In the US, for example, we tend to associate terms like “insurgent” with anti-authoritarians, not government loyalists. However, historically in Iran, civilian and military intelligence enterprises have been simultaneously enmeshed and compartmentalized by design.While there hasn’t been much discussion of the semantics in this scenario to-date, there’s no real qualifier preventing Handala from technically being considered a “radical hacktivist group” while also being a highly intentional product of the state. Whether they actually carry the values that they espouse publicly is anyone’s guess.Think of it this way: a radical activist organization is created to fight whatever it deems as an “oppressive system”, using symbolic direct action to compensate for its lack of size. And while Iranian APT groups are well-resourced domestically, in a global arena, they are still undeniably small. When held next to cyber superpowers like the US and Israel, even Iran’s most elite task forces are microscopic by comparison.
A captive audience: Experts have noted that Handala’s social media posts often contain exaggerated, near-theatrical claims. One blog post reads: “The slightest aggression against Iran’s vital facilities will mean the beginning of a devastating reaction that will turn all these vital infrastructures to ashes.” The group makes constant, unsubstantiated threats with claims of successful breach operations that quickly fade into the ether, never to be backed with evidence.However, to dismiss Handala’s evangelizing as laughable is missing the point, intentionally or not, Handala’s outsized assertions of its own power to retaliate against its aggressors highlight just how asymmetric the whole conflict really is. If nothing else, readers of Handala Hack’s messaging, conveniently written in English, are forced to grapple with the reality of a massive power imbalance between “us” and “them” just to figure out how safe they are allowed to feel.Americans engaging with Handala’s threats will likely feel alarmed, with that fear quickly turning to frustration that random American businesses are being symbolically attacked on behalf of entire industries due to Iran’s limited targeting capabilities. Suddenly, the imminent specter of Iran as presented by the US begins to fall apart.This is the true advantage of a state entity adopting a radical persona, particularly one with an air of “righteous fury” or a “bleeding heart”. Many have accused Handala of falsely claiming to be a pro-Palestinian group, but from a strategic standpoint, they are, because they are explicitly and violently anti-Israel, for a group with such radical political goals, sometimes ideology just means having a shared enemy.Beneath their seemingly unshakeable veneer, however, it’s only becoming clearer that Handala’s words are those of a state in crisis, one which has been hampered by sanctions into near technological autarky and that is literally struggling to keep the lights on thanks to repeated sieges of its own critical infrastructures.Lest we forget, the “world’s first cyberweapon”, Stuxnet, was created as a joint US-Israeli venture for the express purpose of destroying Iran’s nuclear program by targeting its SCADA and PLC systems. When the US warns that Iran is capable of targeting those same systems, it is merely positioning Iran as an enemy that is capable of doing to us exactly what we are to them.Although its motivations are ultimately multilayered and complex, Handala/the Iranian state’s “goal” is likely not simple fear-mongering. It’s to cause embarrassment, eroding the public’s good faith assumptions of its leaders’ motivations in the Global East as their actions are brought to light. Given the group’s level of media coverage for its minor hacking feats, who’s to say that things aren’t going as planned?This article is published as part of the Foundry Expert Contributor Network.Want to join?
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4160994/the-thin-gray-line-handala-cyberav3ngers-and-irans-proxy-ops.html
