Iran Spyware Breached and Exposed by GhostSec

This post is also available in: עברית (Hebrew)

The GhostSec cybergang claims to have breached the FANAP Behnama software, exposing 20GB of data including face recognition and motion detection systems it says are used by the Iranian government to monitor and track its people.

Now the group says it intends to make the data public, “in the interests of the Iranian people, but also in the interests of protecting the privacy of each and every one of us.” Cybersecurity analyst Cyberint commented on the group’s statement, saying that while GhostSec’s actions align with hacktivist principles, they also position themselves as advocates for human rights.

According to Cybernews, the group has shared as evidence a portion of the software’s source code, showcasing its distinctive facial recognition functionality that enhances its surveillance effectiveness.

Cyberint further claims that this incident and revelation emphasizes the Iranian regime’s capacity and willingness to put its citizens under intrusive scrutiny in a fundamental breach of the human right to privacy. The group itself even said in its statement: “This is not about technology and software, it’s about the privacy of the people, civil liberties, and a balance of power.”

Furthermore, according to Cyberint, the group also established a Telegram channel titled “Iran Exposed” through which they intend to share information about the breach and have already shared some compromised data accompanied by explanations of their findings and the rationale behind their actions.

GhostSec is believed to be an offshoot of the wider Anonymous hacktivist group that emerged around 2015, thought to be partly in response to the ISIS terrorist attacks in France the same year. Since its emergence, it claims to have sabotaged hundreds of portals and social media accounts promoting Islamist extremism.