Cyber Warfare – Iran, Demonstrations, Exploding Steel Plants and the Albanian Connection
Hackers again hit Iranian state TV this weekend, posting an image of the Supreme Leader in rifle crosshairs. Who is behind the hacks and what is the Albanian connection in this latest round of an undeclared cyber-war?
Image: Screen grab from Iranian state television broadcast
On Saturday, October 8, various channels of Iranian state TV were briefly hacked in an audacious new move that appears to support the widespread and still ongoing protests stemming from the death of Mahsa Amini. The hack started by momentarily showing a mask in vaguely ‘Anonymous’ fashion before switching to a screensaver photo of the country’s supreme leader Ayatollah Ali Khamenei caught in a sniper’s crosshairs while bathed in flames. A message in Farsi translated as “The blood of our youth is on your hands” was accompanied by photos of Mahsa Amini and three young victims of the heavy-handed government reaction to the demonstrators, a brutal response that is believed by now to have killed over 180 including at least 19 children.
Image: Screen grab from Iranian state television broadcast
The blame (or credit) for this latest attack was claimed by a group called Edalat-e Ali (Ali’s Justice), who had made a similar attack earlier in the year and, back in 2021, had hacked CCTV cameras in an Iranian prison to provide evidence of the abuse of inmates.
The general response of the Western media was one of barely suppressed crowing – hints of “you had it coming” that seem understandable given the awful clampdown that has been perpetrated. However, while not making any excuses for that brutality, the press seem to be overlooking an underlying theme of an undeclared cyber war on Iran - attacks over several years at the hands of a selection of enemies, some of them likely Western-backed proxies.
The Albanian Connection
Almost by definition, a group of hackers is likely to keep its identity secret, but the fact that Iran has been experiencing an almost constant barrage of cyber-attack gets little media attention. At least, not until it retaliates. A fascinating recent case was in July 2022 when a massive cyber blitz hit the national institutions of Albania, essentially knocking out almost all government functions in that country for a while. Though denied by the Islamic Republic, it was widely accepted that Iran orchestrated the attack. The White House officially pointed the finger at Tehran in September, and envisaged “further action to hold Iran accountable for actions that threaten the security of a U.S. ally.” This would include additional sanctions and severing diplomatic relations between Albania and Iran.
As if to show disdain for such an announcement, another big cyber-attack, presumably Iranian, hit Albania’s police computer network a couple of days later, leading to queues at borders as arrivals and departures had to be handled manually.
But is Tehran crazy enough to play with Albania like a cat toying with a mouse, just for the fun of it? Or - to practice its capabilities? Dig a little deeper, and things look rather different.
The Curious Saga of MEK
Hidden away, at the end of just a few western articles on the Albania events, you might find a throwaway comment about “MEK.” That’s a radical dissident group who were due to be part of an anti-Iran meeting in Albania at the time of the July hacker attacks. MEK (Mujahadin-e Khalq, aka the People’s Mujahedin Organization of Iran) was described by CNN as “an Iranian group that advocates the overthrow of the Iranian government.” While that statement may be true, it glosses over some fairly major details. In the 1970s, the group had started as an anti-Shah outfit and was classified as a foreign terrorist organization by Washington and others for “the killing of U.S. citizens in Iran in the 1970s and an attack on U.S. soil in 1992.” However, MEK’s terrorist status was lifted in 2012 after the group, for decades based in Iraq, claimed to have renounced violence. Journalists suggested that intense lobbying from some sections of the US security apparatus had helped their cause and that the group’s leader Maryam Rajavi had “met with prominent US politicians such as Rudy Giuliani [and] John Bolton,” who are known for hawkish positions against Tehran. Informed commentators urged caution, describing MEK as having been “politically irrelevant in Iran since at least the mid-1980s.” At the same time, one anonymous US official was quoted as saying, “we have no confidence that the MEK is an organization that can promote [the] democratic values that we would like to see in Iran.”
PMOI followers demonstrate against the bombing of camp liberty in Iraq. Image: STRINGER Image/Shutterstock
MEK and Albania
OK, so what’s all this got to do with hacking in Albania? Well, part of the conundrum for the US was that 3400 MEK operatives were based at an Iraqi base called Camp Ashraf, from which Baghdad had long wanted the troublemakers ejected. For four years, until early 2016, America housed them at ‘Camp Liberty’ near Baghdad Airport while trying to figure out what to do with these folk who had previously been branded terrorists but might prove useful in Washington’s anti-Iran strategy.
Finally, the group was persuaded to decamp to – you guessed it – Albania, where, judging from Albanian news reports, they have proved rather difficult guests. Photos from a 2016 press conference in Tirana at which the then US Secretary of State John Kerry thanked Albania for accepting the rehoused MEK members, saw the Albanian Prime Minister looking decidedly uncomfortable at the prospect. It’s widely supposed that Tirana had been forced to accept the possibility as early as 2013. The deal was sweetened by a 20 million USD donation made through the UN, and once in place, MEK purchased an abandoned former university campus which it renamed Camp Ashraf 3. They created “a de facto enclave in Albania which is outside the law, just as they did in Iraq” and rekindled “the conditions of isolation and cultic control which have always prevailed for the membership.”
From their new Albanian base, it appears highly likely that the MEK retrained as cyber warriors, adding to other efforts to destabilize Iran’s nuclear efforts. In November 2020, when veteran Iranian nuclear scientist Mohsen Fakhrizadeh was assassinated using a “remote-controlled machine gun… controlled by satellite," Tehran blamed MEK for the audacious, highly technical killing, suggesting that they might have worked in conjunction with the Israeli secret service agency Mossad. Albanian academic Olsi Jazexhi has described the hosting of MEK in Albania as “an American-Israeli affair” and evidence of American hegemony over Tirana. He also told the Tehran Times that the group was highly active in spreading anti-Iranian misinformation within the EU. In 2021 Facebook dismantled a veritable ‘troll farm’ of over 300 accounts aimed at spreading anti-Iranian propaganda. In this light, it is perhaps not surprising that Tehran would fight back against MEK’s reluctant Albanian hosts. Even if the exact source of this week’s Edalat-e Ali hack is unknown, it’s not the first time this year that they have struck. In previous attacks (January 27 and February 1), the hackers included not just anti-Khamenei slogans but also photographs of MEK leaders.