Tapandegan Explained

Tapandegan (تپندگان)
Native Name:Palpitaters in Persian
Founding Location:Iran
Type:Hacker group
Vat Id:(for European organizations) -->
Owners:-->

The Tapandegan (Palpitaters in Persian) is an Iranian hacker group known for hacking twice the arrival and departure monitors at two major international airports in Iran (Mashhad and Tabriz) on May 24, 2018 and June 6, 2018 respectively, posting anti-government messages and images, forcing the airports’ authorities to turn off manually those monitors one-by-one.[1] [2] [3]

The Tapandegan refers to its acts as an act of protest demanding from the Iranian leadership to improve the economy and to stop ignoring the demands of the Iranian people.[4] News agencies categorized this group's acts as “a new form of protest in Iran.”[1]

History

The Tapandegan first appeared publicly on May 24, 2018 when they hacked the arrival and departure monitors at Mashhad International Airport and on June 6, 2018 when they also hacked the arrival and departure monitors at Tabriz International Airport.[1] The group posted anti-government messages and images, forcing the airports’ authorities to turn off manually those monitors one-by-one.[1] Airport officials in both cities turned off the sign boards for several hours after the hacking and made apologetic public statements.[1]

The Iranian authorities confirmed both cyber-attacks shortly after they took place and they were widely reported by the Iranian official press and the international news wires and agencies.[5]

Name and alias

The group's name is in the Persian language meaning Palpitaters. Based on the messages they posted on those hacked monitors, the news sources noted that the group supports the national protests of the people in Iran demanding economic improvements.[6]

Iran had seen frequent nationwide protests in 2018 by demonstrators angered by local and national officials and business leaders who they accuse of corruption and oppression. The two anti-government hacks at Iranian airports are the only incidents of their kind since the protests began in late December.[7]

Hacking history

Hacking attacks in Iran have been on the rise recently. In August 2016, Internet security experts warned that hackers have found access to banking and contact details of millions of Iranians by hacking into their Telegram accounts.[8] However, it is not yet clear whether this was a genuine warning or an attempt by hardliners in the Iranian government to convince people to leave Telegram and migrate to home-grown messaging services, where the government has easy access to users’ private information and can intercept their communications.[9] [10]

First hack: The Mashhad International Airport

According to The Associated Press’ report from Tehran, Iran’s official IRNA news agency reported that The Tapandegan “managed to interrupt routine broadcasts on monitors” at the Mashhad International Airport on Thursday evening, May 24, 2018, “replacing them with images of anti-government protests from January [2018]”“for several hours.”[1]

Sources report that according to a statement posted by the hackers on the monitors, the group protested to “wasting Iranians lives and financial resources in Gaza, Lebanon and Syria by the Islamic Revolution Guards Corps (IRGC).” [11] The message posted on sign boards also protested against the IRGC's presence in Syria, Iraq, and elsewhere in the region.[1] The group also hacked the email of Mashhad airport civil aviation head, Mohsen Eidizadeh and sent the news of its hack from his account.[12]

Mashhad is the city where massive anti-government demonstrations started on December 28 and spread to over 100 other Iranians cities. It is a religious city where the holy shrine of the 8th Shiite Imam is located. Local authorities and clerics in the city are among the staunchest hardliners.[13] The group expressed support for the people of Kazeroon, a city in Fars Province, where people have been demonstrating against the state of months.[14]

Second hack: The Tabriz International Airport

According to The Associated Press’ report from Tehran, Iran's official IRNA news agency reported that on June 6, 2018, the hackers “have disrupted the arrival and departure monitors in the Tabriz international airport in the country’s northwest.”[15] The hackers defaced sign boards in the evening, showing a protest message against “wasting Iranians’ resources" and expressing support for Iranian truckers who have been on strike across Iran for several weeks.[16]

Iranian truck drivers went on strike for more than a week beginning May 22 in several parts of Iran, using social media to mobilize and share images of themselves protesting low wages and rising business costs.[17]

The Iranian state-run site, Young Journalists’ Club (YJC), “quoted Tabriz Governor Aliyar Rastgoo as saying the incident happened Wednesday at 9:30 p.m. local time.”[4] A Tabriz airport official Mostafa Safaei confirmed the day after the cyber-attack that the monitors turned off following the hack and engineers quickly restored the system, and the incident was under investigation.[4]

Translation of the message posted by the hackers on the monitors in Persian reads:

Attention, attention. We, Tapandegan, in another protest action, are currently taking control of the computer systems of this airport. Two weeks ago, in protest against the wastage of the Iranian people’s money and lives by (Iran’s) Islamic Revolutionary Guard Corps, we took control of the computer systems in Mashhad airport. Today, by voicing our support for Iranian strikers, we are doing the same thing. Until when will this regime deprive people of their rights to have a better livelihood and economic situation?! Until when?! We will not choke off our voices. We will continue these actions. If you support us, take a photo of this and share it

The Tapandegan assumed responsibility for the hacking in a tweet on June 7.[18] [19] News of the hacking broke almost immediately on social media as Iranians posted tweets and pictures of the incident. However, the posts came under pseudonyms as users inside Iran fear a heavy-handed clampdown by the government.[5]

Sources report that The Tapandegan sent an email to Iranian journalists saying, “Two weeks ago, we took over the computer systems of Mashhad Airport in support of the national protests. We protested against wasting Iranian lives and assets by IRGC [The Islamic Revolutionary Guard Corps]. And, today, we support the truck drivers, the bazar, and the strikers”.[20]

Third Attack: Hacking into the Islamic Republic International Broadcasting (IRIB) and the Iranian Embassy in Berlin

Chief of Iran's cyber police, Seyed Kamal Hadianfar, claimed that the hackers who attacked Mashhad and Tabriz airports have been identified and arrested.[21] According to a report by AsiaOnline, on January 17, 2019, the Tapandegan hacked allegedly into IRIB's computer systems, including IRIB's director Mr. Asgari, his deputy Mr. Abutalebi, and IRIB's political news director Mr. Seyyed Mehdi, and the email of the Iranian counselor in Berlin Mr. Zamani, and sent out emails and SMS through them to IRIB's employees, the Majlis speaker Ali Larijani and other Majlis members, as well as journalists. This email, according to this report, claims that top secret information is leaked regarding the transfer of two Trillion Touman each year in USD, double to Iran's Foreign Ministry annual budget, by Iran's Foreign Minister Javad Zarif to the Lebanese Hizballah, via his advisor Shirkhodaei, his special team, and the Iranian ambassador to Lebanon. The group claims that they got hold of documents related to this information while hacking into IRIB's computer systems and the email of the Iranian counselor in Berlin. Tapandegan blamed Zarif for money laundering while he himself had been accusing other offices in Iran of money laundering. AsiaOnline.ir published the entire email allegedly sent by The Tapandegan.[22]

Documents Exposed

This group hacked the emails of the Islamic Republic's authorities.  They hacked Tehran Municipality's Gmail account, and this way entered the Municipality's Twitter and Instagram accounts, and sent an email through the municipality's email system to the members of the Iranian Parliament Majlis including the Speaker Ali Larijani, Ali Motahari, Mahmoud-Sadeghi and ten other Majlis members, complained concerning the economic mismanagement and absence of social justice, and asked for the trial of the corrupt individuals and for putting an end to the rampant corruption in the country. The Tapandegan calls to stop corruption by the Iranian leadership through exposing allegedly top-secret related information received from insiders and whistleblowers. August 2, 2018, the Tapadengan exposed a letter received from a whistleblower, which claimed that ministries and IRGC have been ignoring the direct order, by Iran's Supreme Leader Khamenei to limit and downsize IRGC's involvement and control over the private sector and the economy.  The leaked information included names of IRGC's subsidiaries, which operated as private companies. August 20, 2018: The Tapandegan exposed a top secret document, which was leaked to the group, regarding the purchase of a 5-star-hotel in the city of Mashhad for a price of US$28 million for the vacation of IRGC officers.  The purchase was taking place in 2018 as the national protests broke out throughout Iran protesting the deteriorating economic conditions.[23] [24]

In a video posted on YouTube, The Tapandegan released information concerning its claimed infiltration to Iran's computer systems and claimed that it has hacked the email accounts of senior managers and employees of all the airports in the country. Documents released by the group show that Iranian authorities are concerned about Tapandegan's ability to hack the computer systems of the government agencies, financial institutions, and the military and "called upon the relevant responsible personnel to check them out quickly.[23] [22] [24]

See also

Notes and References

  1. News: Hackers Post Protest Messages On Mashad Airport Displays . en.radiofarda.com. 25 May 2018 . 26 June 2018.
  2. News: Hackers briefly shut off airport monitors in Iran's Tabriz . seattletimes.com. 7 June 2018 . 26 June 2018.
  3. News: Hackers briefly shut off airport monitors in Iran's Tabriz . foxnews.com. 7 June 2018 . 26 June 2018.
  4. News: Lipin . Michael . Hackers Hit Second Iranian Airport with Opposition Message . voanews.com. 7 June 2018 . 26 June 2018.
  5. News: Screens at Iran airport said hacked with anti-regime messages . timesofisrael.com. 25 May 2018 . 26 June 2018.
  6. News: Hackers post protest messages on Iranian airport monitors . azernews.az. 7 June 2018 . 26 June 2018.
  7. News: Son . Do . Iranian Airport Electronic Display Screened Protest Messages . securityonline.info. 29 May 2018 . 26 June 2018.
  8. News: McGoogan . Cara . Iranian hackers attack Telegram to find 15 million accounts . telegraph.co.uk. 3 August 2016 . 26 June 2018.
  9. News: Iran Poised to Block Popular Telegram Messaging App But Lacks Feasible Alternative . iranhumanrights.org. 5 April 2018 . 26 June 2018.
  10. News: DeGeurin . Mack . What Iran and Russia's Telegram Ban Means for Secure Messaging Apps. nymag.com. 26 June 2018.
  11. News: The site of the Mashhad airport was hacked by the demonic protest. fa.euronews.com. 25 May 2018. 26 June 2018.
  12. News: Waqas . Hackers deface Airport screens in Iran with anti-government messages. hackread.com. 26 May 2018. 26 June 2018.
  13. News: Iranian cities hit by anti-government protests. bbc.com. 29 December 2017. 26 June 2018.
  14. News: Hackers post protest messages on Iranian airport monitors. en.presspark.az. 26 June 2018.
  15. News: Hackers briefly shut off airport monitors in Iran's Tabriz. nydailynews.com. 7 June 2018 . 26 June 2018.
  16. News: ASSOCIATED PRESS . Hackers briefly shut off airport monitors in Iran's Tabriz. Associated Press. 7 June 2018 .
  17. News: Government 'Meets' Striking Truckers Demands To Prevent More Disruption. en.radiofarda.com. 25 May 2018 . 26 June 2018.
  18. News: Tapandegan tweets. twitter.com. 7 June 2018 . 26 June 2018.
  19. News: Hackers Post Anti-Government Messages on Iranian Airport Signs. raytribune.com. 8 June 2018 . 26 June 2018.
  20. News: Hackers post protest messages on Iranian airport monitors. en.trend.az. 7 June 2018 . 26 June 2018.
  21. Web site: Iran's cyber police: Airport hackers were arrested. 2018-10-10. Iran International. en. 2019-02-06.
  22. Web site: افشاگری با ایمیل های هک شده مدیران صدا و سیما – آسیا آنلاین. fa-IR. 2019-02-04.
  23. Web site: از هک تلویزیون‌های فرودگاه تا ایمیل مدیران صدا و سیمای جمهوری اسلامی. لندن. کیهان. 2019-01-24. fa-IR. 2019-02-04.
  24. Web site: نامه‌ای با طبقه‌بندی حفاظتی «خیلی محرمانه»؛ سپاه «هتل توس مشهد» را خرید . amadnews.org . . 19 April 2023 . https://web.archive.org/web/20190207021016/https://amadnews.org/archives/25054 . February 7, 2019 . fa . September 2, 2017.