History, Security

2026 information warfare in Iran – what PSYOP looked like in 2006

Leave a comment

Commercial infrastructure was built to push unwanted content through trusted channels. It’s no stretch to say a state can place an order. We sometimes nonetheless hear people talk about PSYOP as novel, as if it’s something more than a premium ad buy on a delivery system that was compromised the way these systems have always been compromised for propaganda.

Nicolai’s personal records lay hidden since 1945 in Moscow’s ‘Special Archive’

The ad network operates as a primitive trust-laundering machine. It abuses a publisher’s credibility to drop a payload that a user would reject if it arrived under its own name. The ad buyer wants attention one day and the next day wants a political defection. Or maybe even the same day. The network bills the same way, either payload.

Compromise it once, reach every device that trusts it. This is what I was talking about in 2012 when I called it “Big Data’s Fourth V”.

By 2005 we were fighting supply chain risks from ads being injected. I remember it well. Malicious banner slots serving exploits through trusted publishers show up, and then landmark recognition events become the 2009 NYT malvertising incident, then the Angler-driven campaigns. Push content tampering was a big pain at the time, not to mention defacements.

By 2016 the security industry was talking malvertising as a constant threat. Pop the delivery platform, serve the payload through borrowed credibility. If you think this wasn’t being used in wars, well I have news to push to you.

When web push went mainstream, browsers had to bolt permission gates onto the Push API because sites were abusing it to deliver scareware and ad spam straight to the desktop. The “fix” was called a trust prompt, which is ridiculous when you think about it. Imagine having a banner on disinformation banners bombers as a trust prompt.

Source: Me on Twitter, 2016

So all the BadeSaba hubub feels like rehashed malvertising with an obvious state as the buyer and defection as their creative intent. The prayer app is a very well-known publisher target surface for military intelligence.

Source: FP. “Above, a giant mujahid with “God is great” written on his jacket is shown defending Islam and God from Soviet assault. The text in the top right says “Shield of God’s Religion,” implying that the faith of the mujahideen will protect him from bullets. “

The notification backend is the ad server. The weeks or months of pre-positioning is barely persistence in a delivery platform, and the ordinary lifecycle of an adware campaign. Establish access, stay quiet, wait for the flight date, serve.

Start at 2009 and we’re talking at least seventeen years of this stuff in disinformation study circles. The Iranian Green Movement was being called a Twitter Revolution in real time. Mobile and social platforms as the delivery layer for regime-change messaging was the defining argument of that period, Iran specifically. And that’s what I was talking about a lot in 2012.

For some reason today, however, I see “nobody had done it” claims like this.

Push notifications on a smartphone are a more effective delivery mechanism than leaflets dropped from aircraft. That much should be obvious, but nobody had done it in a real war until now. In my book PROPAGANDA (CRC Press, 2024) I predict and describe exactly this scenario.

A 2024 prediction about something decades old seems, awkward? I feel bad for the author. He clearly wants to report something new. But what’s new?

Russia was pushing mobile text (apps, if you will) on Ukrainian soldiers through cell site simulators by 2014, with surrender appeals, threats, and fake payment alerts. Raphael Satter alone documented forty-plus of these messages at the front in May 2017, where an IMSI-catcher pushed content directly to phones in a combat zone.

That truly feels like forever ago, so let’s talk about July 2021. Attackers took control of the official Formula One app during Austrian GP qualifying and pushed notifications to the userbase. F1 confirmed Push Notifications Service was the only thing in scope. A trusted app’s notification channel, seized, used to send content the operator never authorized. The backend being the target and the push being the delivery was no joke, although it’s common to frame it that way to avoid investigations. A push backend hijack is in fact still a growing problem, such that BadeSaba is the same attack, different day.

Here’s another way to look at it.

Obscene and racist notifications were pushed to Apple News subscribers by Fast Company in September 2022. It’s not rocket science. A default password is the exploit for an entire delivery system, that gives a ride on Apple News, to hit the whole subscriber base under the provider identity. That is the point.

And even if we talk about synchronization being novel at war, there’s plenty of priors there too. Kursk, 6 August 2024. “I Want to Live” pushed surrender messages to Russian soldiers’ phones the same day Ukraine opened the cross-border offensive. Content to enemy phones, timed to a kinetic operation, calling for defection.

And this is why you should invite an historian to your research instead of waiting for the book promotion novelty party.

Indian troops in the Egyptian desert get a laugh from one of the leaflets which Field Marshal Erwin Rommel has taken to dropping behind the British lines now that his ground attacks have failed. The leaflet, which of course are strongly anti-British in tone, are printed in Hindustani, but are too crude to be effective. (Photo was flashed to New York from Cairo by radio. Credit: ACME Radio Photo)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.