Skip to main content

Iranian cyber-commander found dead days after US Navy hack

A commander in the Iranian Cyber War Headquarters has been found dead.

Mojtaba Ahmadi was discovered in a forested area near the city of Karaj, and early reports from the Iranian police and the Revolutionary guard website Alborz disclosed that he had been shot. The Karaj police commander claimed that two men on motorbikes were also involved. However, the Revolutionary Guard released a statement this morning claiming that his death had been due to a "horrific accident", and not an assassination.

The death comes just five days after US officials accused Iranian hackers of breaching the Navy Marine Corps Intranet (NMCI), the largest internal network in the world. It also comes amid a historic thaw in Iran-US relations.

Ahmadi, a leading specialist in cyber defence, was last seen leaving for work on Saturday morning. An eyewitness reported that there were "two bullet wounds on his body", and that "the extent of his injuries indicated that he had been assassinated from a close range with a pistol", although the testimony has not been corroborated since, and the eyewitness has not been named.

In the past, Iran has accused Israel of working in cooperation with dissident groups such as the MEK (the People's Mojahedin of Iran) to assassinate Iranian nuclear scientists. Since 2007, five scientists and the head of the country's missile programme have been killed. The last assassination, in January 2012, saw two men on a motorbike attach a magnetic bomb to the car of one of Iran's top chemists while he sat in Tehran's traffic, and many news outlets have reported that this incident bears the same hallmarks as previous assassinations.

Tributes to Ahmadi have been pouring into the Facebook page of the officers of the Cyber War Headquarters, but users of Alborz have warned that such condolences were publicly accessible, and could inadvertently provide further intelligence on the Iranian cyber defence programme.

If foreign intelligence services were involved, this latest development suggests a growing concern with the danger presented by Iranian cyber capabilities. Since the infiltration of the NMCI and the hacking of US energy companies, US defence services have been paying increasing attention to the threat posed from that sector.

It has been reported before that the Revolutionary Guard has provided resources and training to the Syrian Electronic Army (SEA), whose attacks against the New York Times and the US Marine Corps earlier this year garnered widespread publicity. The SEA also hacked the Associated Press Twitter feed earlier this year, and falsely reported an explosion at the White House, an action which caused the US stock market to take a sharp, if brief, dive.

It's also possible that an assassination of such a senior cyber defence specialist could be designed to reduce Iran's ability to defend itself against cyber-attacks like the Stuxnet worm that was unleashed on its nuclear centrifuges and discovered in 2010.

While reports are still conflicting and unclear, what we can say for sure is that the lines between cyberwarfare and the traditional battlefield are becoming increasingly blurred.

Image: Flickr (Ensie & Matthias)