The story of Iran, a murdered hacker and me
The killing of Masoud Molavi Vardanjani, one in a string of Iranian dissidents killed by suspected regime operatives in Europe, is a little too close to home for Borzou Daragahi
His tone was frantic. He was scared and paranoid, deleting his WhatsApp messages as soon as I had read them. Masoud Molavi Vardanjani wanted to speak to someone “in Washington”. I was cautious, too. I am just a journalist, I insisted. Who would I know “in Washington”? And how can I even be sure it’s you, I asked, and not some Iranian regime operative up to some trickery?
It had happened to me before. Shadowy figures in the Tehran government reaching out online, pretending to be friends or sources in attempts to draw out information. And Vardanjani, a computer whiz, engineer and hacker, had been an adviser to Iran’s ministry of defence, a source who had helped me out with a story – never published – about Iranian cyber defences that had caused me quite a bit of grief just months earlier.
Though we had never met, we had spoken several times via video chat, and I had checked him out on Instagram and social media channels, where he kept a high profile. To verify our identities, I suggested we each take pictures of ourselves holding up three fingers and send it to each other. He wanted to talk by voice, but I was aboard a plane that was about to depart.
That was 24 February 2019, eight months after he had left Iran in June 2018, and gone into exile in Turkey, launching a Telegram channel called Black Box in which he revealed what he described as Iranian state secrets and corruption allegations. He said he had reached out to a US official in Turkey a month earlier, “but probably they did not take me seriously” and never got back to him.
Did he feel in danger, I asked? Not immediate danger, he said, but, yes, he felt threatened. He declined to tell me where in Turkey he was, and did not offer to meet. I kept screenshots of that conversation, the last I would ever have with Vardanjani. Less than nine months later, Vardanjani was dead, shot multiple times by a gunman on foot running past the apartment where he was staying in Istanbul.
He was 34. His killing took place not far from where Saudi regime operatives abducted and murdered Washington Post journalist Jamal Khashoggi a year earlier. Vardanjani’s killing, captured on security cameras, appeared to be a precise professional job – lethal, but with no bystanders wounded or killed.
Vardanjani became one in a string of Iranian dissidents and former officials killed by suspected regime operatives or contractors in Europe. Each assassination is a message that the authorities in the Islamic republic can reach their enemies far beyond their borders.
The killing, and subsequent accusations by unnamed Turkish officials that two employees of Iran’s consulate in Istanbul had ordered or organised the assassination, also compelled me to tell the entire story of Vardanjani, the Iranians and me – an on-and-off narrative that has stretched on now for three years.
For at one point, officials of the same Iranian consulate in Istanbul that allegedly ordered Vardanjani’s had demanded to know what I had learned about Iran’s cyber defences.
Well, here it is.
I first encountered Masoud Molavi Vardanjani in July 2017 while researching a story about Iran’s cyber defence capabilities. I found his profile on LinkedIn and, impressed by his resume as a US-educated adviser to Iran’s Ministry of Defence, I reached out. He got back to me quickly, insisting we connect via the Signal messaging app, known for its high-security features.
I was expecting humdrum quotes about Iran’s ability to defend itself from the United States and Israeli cyberattacks after the election of president Donald Trump. But Vardanjani took me on a wild ride. He didn’t want to talk about Iran’s cyber defences at all. He wanted to talk about Iran’s cyber warfare capabilities, and just how good they had become. And he wanted money; thousands of dollars for detailed information about Iran’s cyberwar abilities wired to an HSBC account in Hong Kong.
There was no way that my news organisation at that time would pay, and I explained that to him. But he kept talking, and I took extensive notes. To prove his bonafides as a hacker, he had me watch as he broke into the website of the Iranian historical archives within minutes.
In general, he claimed that Iran – thanks in part to the effort of geeks and hackers like himself – had made dramatic strides in its cyberwar efforts. “Iran’s security and intelligence apparatus knows that if they formally declare they have formed a very organised force for cyberattacks and intelligence and security operations, they can be prosecuted or even sanctioned through the UN Security Council or International Court of Justice,” he told me. “It may even be war! That’s why no news of these powers and abilities is published.”
Vardanjani made three highly explosive claims about Iran’s cyber capabilities. The most explosive was that Iran had hacked and infiltrated the Common Link Integration Processing (CLIP) system, also called Link 16, the real-time satellite-based communications network used by the Pentagon and its allies to coordinate tactical moves on battlefields such as Iraq and Afghanistan. Developed by defence industry giant Northrop Grumman for the US Air Force, the system is used by American forces to coordinate battlefield and surveillance manoeuvres from the sky.
Vardanjani claimed that “Iran has full access to CLIP.” And, he said, “a limited number of Americans know. And they are very afraid that the issue will come out in the media.”
To prove it, he showed me a map that was what he described as real-time imagery of ongoing US operations, though it lacked a timestamp. “This is Afghanistan,” he said. “If I give you a timestamp, it will reveal the account that I have access to in CLIP.”
He said he had gained access to CLIP through another remote laptop to which he had access. His second claim was that Iranians had managed to hack into US military systems and down an RQ-170 Sentinel unmanned surveillance drone. Iran took the spy plane into its possession in 2011, making a big show of capturing the plane and later reverse engineering it and sharing some of its findings with China. US military officials claim the drone crashed while near the Iranian-Afghan border. Vardanjani disputed that, insisting that Iran managed to infiltrate the US communications network and re-programme the device to land on Iranian soil.
“The most advanced spy plane in the United States was hacked by Iran and landed here without the slightest damage,” he said. “What do you know about Iranian power in this area?”
Lastly, he claimed that Iran had hacked the Defence Advanced Research Projects Agency, the Pentagon division that dreams up and designs new weaponry. He showed me a video of “top-secret plans” for the Sea Shadow IX-529, an experimental stealth ship built by Lockheed for the US Navy but scrapped in the 1980s.
None of his allegations could be verified. Sent a detailed list of Vardanjani’s claims, a Pentagon spokesperson declined to comment. “As a matter of policy and for operational security, we do not discuss cyberspace operations, intelligence or cyber planning,” Russell Goemaere, a spokesman for the office of the secretary of defence, said in an email.
Vardanjani had a habit of boasting about his abilities and associations. His Instagram page is filled with photos of himself with top figures in the Iranian government, including former presidents Mohammad Khatami and Mahmoud Ahmadinejad, and the late ayatollah Hashemi Rafsanjani, once the second most powerful official in Iran.
“I am considered one of the recognised figures in Iran and I have friendly relations with all the powerful figures, and many of them use me as a consultant,” he said. He said his position was so sensitive he was not allowed to travel abroad for fear that he would be captured by US operatives. “They know me in America,” he said. “The American security establishment knows completely what capabilities I have.”
It all sounded rather mad. I put my notes away and largely forgot about Vardanjani, until the following year.
“Tell me as a friend,” the official at the Iranian consulate in Istanbul said to me in May 2018. “Like we are two friends talking and doing research on the subject of Iran’s cyber defences. Who do you talk to?”
A month earlier, in April 2018, I had submitted paperwork for a routine matter at the Iranian consulate. I paid the fees. Some weeks later I returned to pick up the document. But instead, I was guided out of the consular services area through a hallway and into a room with no windows where a small bespectacled bearded man in a cheap brown suit was waiting for me. He offered tea. I looked at the fake plastic flowers on the table, and imagined the cameras installed in the ceiling. His questions were mundane, about things that were all matters of public information.
Iran’s security apparatus – whether the Ministry of Intelligence and Information and Security (MoIS) or the Revolutionary Guards – are known for using journalists as a cover for espionage and seeking to infiltrate media outlets with informers. So they assume other governments do as well and treat all journalists with suspicion. Though polite, there was a menacing undercurrent to our conversation. Repeatedly he mentioned that he knew my home address, a statement which seemed to carry an implicit threat. A year earlier unknown gunmen had shot dead a British Iranian television executive outside his Istanbul home.
In any case, the first meeting wrapped up quickly. I was told to return again in a week or two to pick up what I needed. But when I returned, I was again hustled into a back room and seated across the coffee table from the same “political counsellor”. This time the questions took a darker turn. He demanded to know about the research I had done on Iran’s cyber-defences. Who had I spoken to? What had they said? I was polite but firm. He was a representative of a government, I explained. And while I might help a fellow journalist out with sources, I could never share contacts or disclose sources to a government official – whether they worked for Iran, the US or Turkey.
The debate continued back and forth for what seemed like an hour or so, before I was allowed to leave – albeit with him holding onto my consular paperwork pending further enquiries. I was relieved to walk out unscathed. But I was also spooked. I had ultimately never written a story on Iran’s cyber-defences. I had decided that Vardanjani’s material was too outlandish and the other material I had collected was too dull.
So how did they know I had been pursuing the story? Had Vardanjani told them? Perhaps he was an operative all along, attempting to discredit me by planting fake news. Spreading disinformation to sabotage the perceived enemies of the Iranian regime is one of the core duties of the MoIS.
Perhaps Vardanjani was under tight surveillance in Iran and our communications had been picked up. Indeed, he left the country for Turkey shortly after my two encounters at the consulate, I later found out.
I was also impressed with the gall of the Iranian officials. If they were willing to act so brazenly as to try to grill me at their Istanbul consulate, what else might they be up to at diplomatic missions around the world?
Five months later, journalist Jamal Khashoggi was lured into the Saudi consulate in Istanbul under the guise of obtaining consular services before he was strangled to death, cut to pieces and disappeared. I shuddered at the thought of how daring the Middle East authoritarian regimes had become, even using diplomatic outposts as interrogation depots and torture chambers.
Vardanjani was becoming a thorn in the side of Iran’s government. In the months after he left Iran, he and others launched a channel on the messaging platform Telegram called Black Box that was growing in popularity among Iranians inside the country and in the diaspora.
Like everything about Vardanjani, it was a wild ride. He leaked documents detailing corruption among Iranian officials and exposed sensitive information about Iranian cyberwar efforts. An April 2019 report by the cyber security firm Clear Sky summarised some of the most sensitive information he was leaking.
The Black Box files detailed efforts by Iranian cyberwarriors to infiltrate the computer systems of airlines in Israel, Malaysia, Ethiopia, Philippines, Azerbaijan, the United Arab Emirates, and Thailand, with the aim of tracking crew members and passengers.
Other targets were a telecommunications firm in Afghanistan, the Azerbaijan Ministry of Healthcare, insurance companies and hotel booking sites in Israel.
The documents, dated from 2016, described the creation of a special cyberwarfare unit called Rana, with aim of recruiting talent, promoting the Islamic republic, and conducting cyber and intelligence warfare throughout the world. The wide range of targets included Sri Lanka, Oman, Egypt, Fiji, India, Morocco, New Zealand, Turkey, Australia, Iraq, Kenya, Colombia, Qatar, South Africa, Lebanon, Mauritius, Syria, Indonesia, Kyrgyzstan, Pakistan, Kuwait, Hong Kong and Bahrain.
Another goal of Rana was spying on Iranians by hacking mobile phones and university networks. The leak, which was deemed authentic by Clear Sky, must have enraged Iranian officials. “[Vardanjani] was releasing pretty sensitive intelligence information,” says a western diplomat close to the situation. “The Iranians had ample reasons to go after him.”
According to Reuters, citing unnamed Iranian sources, he had been warned repeatedly about the leaks and contacts he was making with foreign officials in Turkey. He confirmed to me in February 2019 that he had approached and spoken to a US official at the embassy in Ankara, seeking asylum or protection, and a western official confirmed that Americans had taken notice of him but ultimately decided to take a pass on offering him asylum or embracing him as a defector.
Black-and-white security camera footage shows Vardanjani and a companion walking in the Sisli district of Istanbul at around 10pm on 14 November. A gunman runs past firing shots at him, with the companion taking cover. Vardanjani is hit. He died from his injuries. Turkish media later cited officials as saying he had seven bullets lodged in his body.
Officials in Turkey have been publicly quiet about linking the killings to the Iranian government. The Reuters news agency reported that unnamed Turkish sources had accused two officials at the Iranian consulate in Istanbul of being intelligence officers behind the assassination. Other media outlets have reported that 13 suspects have been identified and eight jailed, including several Iranian nationals. But the reports also say that the ringleader behind the assassination, his companion the night he was killed, managed to flee to Iran before he could be arrested.
US officials say they’re frustrated that the Turks don’t speak out more forcefully about the case. “It’s definitely a concern among the diplomatic community that Iranians can run around shooting people they don’t want any more,” the western diplomat tells me. “It’s obvious that the Iranians have this capability and the willingness to exercise it. It’s also a concern that the Turks would not shut it down. They don’t care all that much if it’s Iranians on Iranians.”
The string of killings of Iranians by suspected Iranian agents abroad did not stop with Vardanjani. On 19 June, former Iranian judge Mansour Mansouri, wanted in Iran on corruption charges, fell or was thrown from his hotel room window in Bucharest and was found dead on the street. He was awaiting an extradition hearing back to Iran.
A day later Iranian Kurdish dissident and longtime exile Sadegh Zarza, 64, was reportedly stabbed 15 times in the Dutch city of Leeuwarden. He survived and is expected to recover. A 38-year-old suspect, an Iranian national, was arrested.
Western governments, including signatories to the landmark 2015 nuclear deal struggling to keep the arms pact alive despite American opposition, have repeatedly asked Iran to stop such attacks and killings, even placing sanctions on Iranian officials deemed to have ordered the hits, but nothing seems to deter it. In addition to Turkey and the Netherlands, overseas killings or attempted attacks on Iranians dissidents have been reported in France, Germany, Albania and Denmark.
The killings, whether or not they can be connected to Tehran, create a climate of fear among the diaspora. Murders pit them against each other and sow mistrust, preventing them from organising opposition, or sharing their experiences and knowledge with others. But that only works if people stay silent, and don’t tell their stories.
Source: The Independent
