The botnet of fraudulent advertising in Iran (Certfa)

Iran is no stranger to the global digital security community. This week, cybersecurity firm FireEye released a report about a network of Iranian accounts and groups on social media platforms attempting to manipulate users and also hack their accounts. Though big stories like this tend to focus on Iranian cyber attacks against Western government interests and infrastructure, these networks of hackers are also causing major trouble for Iranian citizens as well.

Certfa, a digital security firm focusing on Iranian cyber threats, recently discovered a new range of criminal activities by Iranian hackers, which is costing Iran’s citizens millions of dollars…


Iran’s Cyber Police or FATA is the cyber arm of Iran’s Police which tries to protect Iranian people against cyber criminals and cyber threats.

Today, I tried to check their website and I was shocked. Why?

Because as you can see, their SSL certification has not been valid since 7th of November 2012. It’s nearly 3 years! It means no one in FATA has checked it since 2012 while their main duty is about digital security.


In the last days of 2014, Facenama- an Iranian version of Facebook- was hacked by anonymous hacker(s) and details of more than 116,000 users were published.

Leaked database of Facenama. Note: Due to users’ privacy, I blurred the image.

A few days after disclosing database, I downloaded it due to my curiosity that I really liked to know what kind of passwords is used by Iranians. Why?

Because we had not had such information that helped us to find out the most popular passwords in Iran.

The data volume was massive (more than 160,000 records) and it was difficult to analyse them. …


Since 2009, I have worked in the digital security sector and have been involved in training many people from a wide variety of background and countries. In addition to this, I have had practical experience in helping a number of victims secure their accounts after Phishing attacks.

In my experience, the main reason why the majority of people lose their accounts is due to the increasing incidence of Phishing; a recent high-profile example of this is The Associated Press’ (AP) Twitter account being hacked by the Syrian Electronic Army (SEA).

The fake Tweet was sent by the SEA on @AP (Source: BBC)

So, whenever I talk about Phishing at digital security workshops…


In past few weeks, different reports came out regarding hacking of Gmail accounts of Iranians inside the country. Sometimes even the two factor authentication method of Gmail were discussed. But maybe the most important reasons for these speculations in’t enough information about these attacks in the first place.

What is the story behind the recent attacks?

The recent attacks probably is one of the most sophisticated attacks ever happened. In these attacks, hackers with great deal of information about their target persons tried to hack their gmails accounts and in some cases they were successful, too.

This is obvious that this attacks are systematic and very well planned…


Me, The Economist & Iran- everyday tale

Back on 2nd May, I wrote an article about Iran’s startup bubble and made the point that the startup ecosystem in Iran is still in its infancy and needs more time to mature.

In mid-July, The Economist published a chart and naming the top 3 startups in Iran. The first version of the article listed Digikala, Cafe Bazaar and Anetwork as the most valuable startups. On reviewing the chart, my suspicions were aroused by the data, especially the fact that Anetwork, was valued at USD 3 million.

To find out the source of the data. I tweeted on Twitter…


The word ‘startup’ has become ubiquitous in Iran and I have seen lots of events, workshops, etc. in which the word startup figures, the most famous being Startup Weekend.

One of the questions that I have had from the first day of the startup phenomenon in Iran was “Is this phenomenon is bubble or not?”

My answer is ‘yes’ to this question and I have different reasons for it. The two most important reasons are lack of both financial resources and experience.

Lack of financial resources

The first reason why I think the startup phenomenon is a kind of bubble is funding. By…


When Hassan Rouhani became President of Iran, most Iranian users and media talked about the easing of Internet censorship under Rouhani’s government. Previously, I have written a short post and explained when we can expect users to have unrestricted access to social network websites.

The conversation between Jack Dorsey, Twitter’s co-founder, and Hassan Rouhani about the freedom of information

Rouhani has now been President of Iran for more than 5 months and his policies on freedom of expression in Iran are becoming clearer especially after two recent incidents: The arrest of IT specialists by the Iranian Revolutionary Guard…


Iranian users cannot expect in the short term to open Facebook or Twitter without circumvention tools.

Hassan Rouhani is the first Iranian president that has a Twitter account and the Foreign Minister, Mohammad Javad Zairf, is the first politician in Iran that has a verified account on Twitter. In addition, Zarif is active on Facebook and posts his daily reports regularly.

Rouhani and his cabinet members have been active on social networks whilst most of them like Facebook and Twitter are blocked in Iran. It means Iranian users must use circumvention tools to access Facebook and Twitter and say hello to Mr. Zarif.

Most Iranian people have recently been optimistic due to the government’s use of…


Google Reader was a circumvention tool.

Google Reader has been shut down today and to be honest, it’s not a big issue for most internet users around the world except some of them such as Iranian users.

The main reason is due to the current state of the Internet in Iran which a friend of mine mentioned it previously: “Filternet

Internet censorship is very sophisticated in Iran although after the 2013 presidential elections, the filtering situation is better and users can access Facebook, Twitter, etc. through VPNs and other circumvention tools. But the main issue remaines and most websites and blogs are blocked in Iran. For…

Amin Sabeti

Executive Director @DigiImpactLab , Founder @Certfalab , Digital Security Expert, #Iran’s Internet Expert, Hacker Hunter🕵️

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store