There is quite a substantial hacking community within Iran. The skills of these hackers range from unskilled amateurs that can use software tools that are developed to exploit already known vulnerabilities to skilled hackers that find new vulnerabilities and exploitations. Due to government filtering, all the sites found during the research were hosted in countries outside Iran. A substantial number of websites posted vulnerabilities, exploits and downloadable software tools in Iran. Several of them stood out due to increased level of sophistication and number of attacks credited to them. These website were the Iran Hacking Sabotage Team, Aysahne Digital Security Team, and Iran Babol- Hacking Team.

1. Iran Hackers Sabotage Team
The Iran Hackers Sabotage (IHS) Team is one of the most active hacking groups in Iran. It is listed with Zone-H.org as one of the world’s top attackers. According to Zone-H, IHS has conducted 3551 attacks of which 481 were single IP attacks and 3069 were mass defacements. The target of attacks that IHS have attacked include commercial, local and federal government, and academics domains within the United States. IHS has also conducted attacks on foreign domains throughout the world. [Zone 05] According to their website, they were established in early 2004 to put Iran on the map with regards to hacking ability. After being able to successfully penetrate servers throughout the world, they decided to offer vulnerability assessment services and secure web hosting. The team consists of three hackers named NT, C0d3r, and LorD. According to the biographies on the website, NT and C0d3r are university students at an unnamed university. LorD claims that he is a security researcher and a programmer. All three express an interest in networking and exploitation coding. Several original exploitation programs were available for download. Each download was uncompiled code written for Visual C++ and contained comments providing the history of the bug/exploit. All of the exploitations available on the IHS website were based on bugs found by other people or organizations. Typically each exploitation code was generated by IHS within a few days of public release of the vulnerability on various security sites. Some examples of exploitations found include a local root exploit for IBM AIX, 3Com 3cdameon BOF exploit, Internet Download Manager remote stack overflow exploit, and PMsoftware Web Server version 1.0 remote stack server overflow exploit. The exploitation code also contained the name Kaveh Razavi as the name for C0d3r. According to Zone-H, IHS is responsible for the July 25th, 2005 attack on the U.S. Naval Station Guantanamo’s public website. According to the text in the attack, the IHS expressed disagreement with US foreign policy. As of August 10th, 2005, the Naval Station’s website was still not available. Other attacks by IHS upon U.S. government sites include the Armed Forces Institute of Pathology and various local county websites.

2. Ashiyane Digital Security Team
Another of the more well known Iranian hacking teams is the Ashiyane Digital Security Team. According to Zone-H, the Ashiyane DST is accredited with 3,007 attacks of which 396 were single IP attacks and 2611 were mass defacements. [Zone 05] Their website is included below. A simple Google search of the team name yields numerous web sites that have been hacked by the Ashiyane DST. Like the IHS, this team’s principle motivation is to sell its security consultation, web hosting, and network consulting services. There was also some evidence of this team having using political motivations to hack. A defacement of a National Aeronautics and Space Administration (NASA) website below also questioned the United States’ Middle East foreign policy. Other attacks by Ashiyane were simply used to put their name with links to their website on the world-wide web. According to their website, the Ashiyane DST appears to be fairly well organized. They have several teams including management, training, defacement, and software programming teams. There were biographies listed for 15 members of the team. The team leader is Behrooz Kamalyan who goes by the nickname Behrooz_Ice. The team member’s ages ranged from 16 to 28. The member of this group had a wide variety of computer related skills. Most of the team members boast experience in the major operating systems such as Windows, UNIX, Cisco IOS, and LINUX. Many of them had programming experience in languages such as C, C++, VC++, Delphi, and Perl. All of them claimed some sort of hacking capabilities to include firewall penetration, social engineering, php database hacking, operating system penetration, shareware cracking,
and decoding program executables. Several of these members conducted classroom training for a fee on topics such as basic, advanced, and professional levels of hacking, hacking tools, and a list of other programming languages, operating systems, and professional certifications. These classes were taught in an audio/visual classroom at a vocational school in Tehran. The cost of hacking training varied by the level of instruction; the basic course cost approximately $200.00 for 40 hours of instruction while the professional level course cost approximately $355.00 for the same amount of instruction time. The Ashiyane DST appears to a very active and a well structured organization for hacking in Iran. Its members have a vast amount of technical knowledge and experience that could be used to develop a government sponsored CNA/E capability.


3. Iran Babol-Hackers Security Team
Very little is known of the Iran Babol-Hackers Security Team (BHST). Zone-H attributes 297 attacks with 278 as single IP attacks and 20 as mass defacements. A Google search of Iran Babol-Hackers Security Team yields many websites that have been defaced by them. Their website was very well designed but contained very little information about the team. A picture of the site is included below. While no biographies were posted, the team members appear to be Ezrael, The Undertaker, Black- Ice, FaOp, and PoPo. Most of the site was still under construction, but a statement on the site claims that it will post training videos and computer security related topics in the future. While very little information could be determined from their website, the BHST has shown that it has the necessary skills to conduct attacks on the internet.

Activity by hacking groups such as the Iran Hackers Security Team, Ashiyane Digital Security Team, and the Iran Babol-Hacker Security Team indicate a substantial hacking community within Iran. There was evidence of many more hacking group’s webpages or web logs. The groups listed above were the most active and well-known groups found. This malicious hacking activity indicates that an organic CNA/E capability exists. Although there was no evidence that the activity by these groups were supported by the Iranian government, a potential exists for Iran to hire the individuals involved to join a government CNA/E group.