Image for post
Image for post
The botnet of fraudulent advertising in Iran (Certfa)

Iran is no stranger to the global digital security community. This week, cybersecurity firm FireEye released a report about a network of Iranian accounts and groups on social media platforms attempting to manipulate users and also hack their accounts. Though big stories like this tend to focus on Iranian cyber attacks against Western government interests and infrastructure, these networks of hackers are also causing major trouble for Iranian citizens as well.

Certfa, a digital security firm focusing on Iranian cyber threats, recently discovered a new range of criminal activities by Iranian hackers, which is costing Iran’s citizens millions of dollars each year. Their latest scheme is PushIran.DL, a malware that allows fraudulent ads to pop-up on Android devices, the most popular mobile device used by Iranians. …

Iran’s Cyber Police or FATA is the cyber arm of Iran’s Police which tries to protect Iranian people against cyber criminals and cyber threats.

Today, I tried to check their website and I was shocked. Why?

Because as you can see, their SSL certification has not been valid since 7th of November 2012. It’s nearly 3 years! It means no one in FATA has checked it since 2012 while their main duty is about digital security.

Image for post
Image for post

Image for post
Image for post
Leaked database of Facenama. Note: Due to users’ privacy, I blurred the image.

A few days after disclosing database, I downloaded it due to my curiosity that I really liked to know what kind of passwords is used by Iranians. Why?

Because we had not had such information that helped us to find out the most popular passwords in Iran.

The data volume was massive (more than 160,000 records) and it was difficult to analyse them. …


Amin Sabeti

Executive Director @DigiImpactLab , Founder @Certfalab , Digital Security Expert, #Iran’s Internet Expert, Hacker Hunter🕵️

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store