A hacktivist collective, โGhostSec,โ has claimed credit for successfully taking down Iranโs FANAP Behnama software, a privacy-invading tool allegedly used by the Iranian government for citizen surveillance.
This tool was initially launched as a native Iranian banking system but now has been expanded by the Iranian government to monitor and track its citizens, thereby shedding light on the countryโs significant advancements in surveillance capabilities.
According to the hacking group, the breach exposed approximately 20GB of compromised software, including source code, relating to face recognition and motion detection systems from Iranian software company Fanap.
โFANAP software, Behnama, was entirely breached,โ said GhostSec on its Telegram channel. โA total of around 20GB [of] compressed [files] have been analyzed during the last two months.โ
GhostSec, says it plans to make the data public not just for the interests of the Iranian people but also for the broader implications this breach has on privacy worldwide.
The cybersecurity analyst firm Cyberintย believesย that GhostSecโs actions are consistent with hacktivist principles, aiming to promote equality in the fight for human rights for privacy.
โThis exposure seeks to empower the Iranian populace to demand privacy rights in the wake of increased awareness about government surveillance. While GhostSecโs actions align with hacktivist principles, they also position themselves as advocates for human rights,โ Cyberint said.
GhostSec says that its move is not just about technology but about the privacy of the people, civil liberties, and a balance of power.
To this end, the hacking collective has set up a dedicated Telegram channel calledย IRAN EXPOSED, which it plans to use to publish segments of the breached data. It has already uploaded portions of the compromised Behnama code, including configuration files and API data.
GhostSec says it will provide in-depth explanations about its findings and the justification behind its actions once all the data has been uploaded.
The uploaded data allegedly includes tools for facial recognition-based video surveillance (used in the Pasargad Bank Car GPS and tracking system), a Car number plate recognition system (which might have implications for hijab alerts), and an ID card printing face recognition system.
Moreover, even a system linked to the Single Sign-On (SSO) platform employed by the regime for online user authentication is connected to the FANAP system.
“This integration compiles intricate aspects of citizensโ lives, not only to determine access privileges for services but also to construct a virtual profile for facial recognition,” says Cyberint.
“The group maintains that this evaluation is rooted in the software code, substantiating indisputable evidence of the softwareโs capabilities and deployment.”
GhostSecย alleges that the tools are activelyย utilizedย by the Iranian government, law enforcement agencies, and military personnel, marking a considerable advancement in the countryโs enhanced surveillance capabilities.
Itโs important to note that GhostSec initially claimed responsibility for the shutdown of the fanap-infra.com website but later revealed that another website related to the FANAP software company was only accessible within Iran.
Meanwhile, the main GitHub repository of the company was made private, possibly in response to the GhostSec attack.
“That mean[s], they are scared. That mean[s] it’s time to hit harder,” says GhostSec.