#iranelection – Part 2 – the beginners guide to cyberwar

Dear friends,

Following from the positive reaction to the first guide, I’ve been asked to follow it up, this time I will go into a bit more detail.  We have learned a lot in the past week about the value (and challenges) of using new social media to show our support for the protest movement in Iran.

In this guide I will segment categories of engagement, and I urge you not to step beyond your capabilities in choosing which category to confine yourself in, there where you can make the most constructive contribution. Below the general principles you will find sections for the three categories of Supporter, Activist, and Cyberwarrior.

General Principles:

  • Immunise yourself from becoming a mis-informant. Knowledge and critical thinking are the key.
  • Separate facts from opinions.
  • Be extremely wary of any messages implicating Israel, advocating violence, asking for money, or making wild claims about tanks or acid from the sky. Check, check, and check again before spreading information. False information kills people.
  • Relational empathy – put yourself in their shoes.  The protesters, the regime, external agitators.
  • Think about your audience, who is your message going to?
  • Do NOT churn out retweets from any of the #iranelection related hashtags unless you are 100% CERTAIN the information is 100% reliable and safe.  False information kills people.


This is the most basic level of engagement.

1. Inform yourself –

First get a basic general understanding of the Iran and the context in which the current protests are happening. A good place to start is this BBC Iran profile page.

Next you want to read recent and accurate updates from the evolving situation on the ground.  The safest way to do this is by reading one of the liveblogs.  All of the information on these has been verified to some extent, and if not, that will be explicitly stated.  Huffington post, Guardian, NYT can be trusted and Andrew Sullivan’s excellent liveblog contains good twitter updates from inside Iran.

2. Inform others

Only once you have  a good grasp of the issues will you be in a position to make a constructive contribution.  Spread the word through your blogs, mailing lists and twitter feeds.  Now that you have done your research, you will recognize those tweets that are confirmed information. You have already seen them confirmed, they are safe to distribute.

3. Show your support

Iranians don’t need or want overt interventions from the outside world, but they do need to know that we are supporting them.  Make noise in your community, gather supporter, go to rallies, wear green, turn your profile pics green, make green ribbons, sign petitions.   Take pictures and post those.  Iranians have thanked us for our moral support and they need to know that is a constant.  The regime can also feel it, but we must be careful not to give them the opportunity to label this support as foreign interventionist meddling in Iranian affairs.

4. Keep the momentum going

We must not tire.  This is a long game.  When the hashtags stop trending, and the next celebrity break up hits the red tops, the brave Iranians still face the batons and the bullets.  We must keep supporting them until they get the change they are after.  They will let us know when our work is done.

Thank you for your continued time and effort as a Supporter of the Iranian election protest movement, it’s really valued!


This level of engagement requires application and a good deal of time investment, it is not a hobby.  If you are not willing or able to make this commitment, please continue to be a constructive supporter.

1. Read around the subject, get a good grasp of the context. Read up on Iran’s history, internal politics, international relations, regional politics, and shia islam.  To understand the legal basis for the protests, read the Iranian constitution, take note of article 27.

2. It is worth understanding the 3, 7, and 40 day cycle of martyrdom.  It will help you understand when certain spikes in protest activity may happen.

3. Understand the layers of complexity in Iranian politics.

4. Monitor hashtags, there are quite a few now.  You want to be on the lookout for consistently good sources of information.  Reports that in time keep getting consistently verified. Resist the temptation to retweet something *new* and *exciting* until you are sure the info is good.

5. Look for disinformation, there has been a lot of secret police activity on twitter lately.  Some of them are even getting quite good.  They will retweet good info for a while and then they they will throw out a really bad one, asking people to call a (Basiji) number for help with wounded protesters. If you spot someone laying traps like this, you must expose them.  I recommend you follow agitators for a while to learn their patterns. Here is a few to get you started @Aminiran , @rey_diaz , @EyeRanProtestr. When you find one you can notify @FindTheRats who keeps a track of them in his follow list.  There is also a list of corrupt twitterers kept at twitspam.

6. Damage limitation. When you monitor someone on the hashtags RTing bad information from regime or other agents, politely send them an @ explaining why they should not trust that source or spread their message. Even better, ask them to delete their message.

7. Confuse government agents and other agitators. Once you have identified one, have fun with them.  Take on a new persona and befriend them.  Start occupying their time with your sympathy to their cause and create wild goose chases for them.  Learn from the anti-nigerian scammer groups.

8. Identify counter-intelligence agents and methods.  This is a cat and mouse game, both sides are learning fast. There are good communities emerging to provide advice for the protest movement.  The starting point for counter-intelligence is getting a grasp of the interest someone is trying to advance.  They can use blunt force or very subtle infiltration techniques.  Look through the previously linked site and see if you can find evidence of an interested country’s intelligence services trying to manipulate the message.

9. Hashtag discipline – let direction come from iran, like #neda, don’t get creative yourself

10. Monitor for legitimate urgent protester requests and channel them constructively

11. If you don’t have trusted contacts in Iran, channel your information to people in the west who do, if you can’t figure out how to find them, better go back up to the supporters group.

Thank you Activists!


This is where I reach the limits of my competencies so I will simply refer you to people who know what they are talking about.  All I will say is that you must only risk hardware you can afford to lose as you face the distinct possibility of attracting a robust counter-attack.  Also please only engage is surgical DOS strikes against targets that are specifically designated by trusted Iranians, and only during the designated windows of time.

1. If you are looking at providing Proxies or TOR components, this is the place to go.

2. If you want to go hardcore, neda has a net, go find ESR.

11 thoughts on “#iranelection – Part 2 – the beginners guide to cyberwar”

  1. Excellent article will now go and read the first.!
    2 Memes 4 Ya
    And as social networking evolves: http://www.therealterrorists.com/2009/06/peer-source-verification/
    by “Adam Selene” (Love the reference! we need a Mike right now!) However times have moved on… so a modern take would be: The Borg Collective???
    Finally “we are where we are” but a global rewrite for the next cyber war may be in order i.e. take out the specifics. Leaving critical examples in, as a historical reference’!
    yach y da

  2. Diolch brobof,

    And thanks for the link, it is very useful context. I want to state here that my resources are by no means comprehensive, so I would encourage anyone to leave additional links to resources in the comments.
    I’ll do my best to forward them to the more comprehensive resource repositories out there.


  3. As you know government of Iran is using a spying technology from Nokia and Siemens called “deep packet inspection” to intercept every single email, websites visited, text messages and phone conversations. To defeat that, you can use “Steganography Free Software” to encrypt and hide secret message (text, image, video and etc.) inside another larger and harmless looking message.

  4. Huff Post is heavily influenced by Iranian lobby in US. They will not post any comments that challenge their articles. We don’t trust it. Current pro opposition papers are WSJ, Atlantic, and Time Magazine (despite not selecting Iran protestors for 2009)

Leave a Reply