Discover more from Zero Day
Hackers Leak Surveillance Camera Videos Purportedly Taken From Inside Iran's Evin Prison
The reported breach comes weeks after computer systems belonging to Iran's railway system were also hacked. The railway incident has been attributed to Iranian hacktivists.
A hacking group calling itself Adalat Ali (Justice of Ali) claims it has broken into computer systems belonging to Iran’s notorious Evin prison, where Iranian and foreign political detainees are housed, and stolen hundreds of gigabytes of documents and images, including video taken from the prison’s CCTV cameras.
The images depict a police officer brutalizing a prisoner and also show a guard inside the prison’s CCTV control room as the live feed on a number of the monitors suddenly cuts out and is replaced by a message in Farsi that reads: “Cyber attack. Evin is a stain on the black turban and white beard of Iranian President Ibrahim Raisi – the nationwide protest [will continue] until the release of political prisoners.”
Another video appears to show several detainees in street clothes and face masks being led into a waiting room or holding cell where they sit down. A male who appears to be in his 40s or 50s enters and reaches out to take the hand of another man who appears to be in his early 30s. A police officer wearing a face mask enters and punches the older man in the face, and he falls to the ground out of frame. When he appears in the frame again, he’s hunched on the ground with his hand to his face. When he pulls the hand away, it’s covered in blood.
A third video depicts a person wearing a medical mask appear to faint and fall to the asphalt in a parking lot before being picked up by the arms and dragged inside and up stairs by a guard and other personnel.
Iran’s UN mission in New York did not respond to a request for comment.
The leaks come weeks after a cyberattack struck Iran’s national railway system causing delays and cancellations of hundreds of trains. The attack struck Iranian Railways and the Ministry of Roads and Urban Development systems last month.
The hackers in that case posted a taunting note on the electronic boards at railway stations telling frustrated travelers to call a phone # for more information — the phone number listed in the messages went to the office of Iranian Supreme Leader Ayatollah Ali Khamenei. That attack, initially believed to be the handiwork of Israel, used a wiper to erase computer systems — making it more difficult for them to recover — and has been attributed to a “regime opposition group” called Indra. The Israeli security firm Checkpoint said the hackers behind the railway attacks had previously hacked into a number of Syrian companies beginning in 2019. It’s unclear if the same hackers are behind the intrusion into Evin prison.
The videos and still images purportedly leaked from Evin have 2020 and 2021 timestamps and were sent to a number of Persian media outlets, as well as to the Associated Press and Radio Farda (Radio Free Europe) — a media organization funded by the U.S. Congress. The AP says sources have confirmed that the detention facility in the images appear to match other images from Evin; former prisoners of Evin have also indicated that the images are similar to facilities they recall from their detainment.
The hackers didn’t indicate how they broke into the prison’s systems, but Iranian systems often use bootleg or out-of-date software, due to sanctions that make it difficult to keep systems up to date. The Associated Press notes that the control room in the video appears to be running Windows 7, which is no longer supported by Microsoft.
The hackers told media outlets that they leaked the images to call attention to abuses at the prison and are calling for the release of political prisoners held in Iran. Adalat Ali is a reference to Ali ibn Abi Talib, the revered son-in-law of the Prophet Muhammad.
Evin prison is on US and European sanctions list since 2018 for severe human rights violations, which include sexual assault, physical assault and electric shock. Raisi, who the hackers called out in the messages that appeared on prison screens, was recently elected president of Iran. He played a role in Iran's "death commission" which executed thousands of prisoners at Evin and Gohardasht Prisons after the Iran-Iraq War in the 1980s.
Journalists, artists, students, academics, dissidents and foreign nationals are held at Evin. Past prisoners have included American student Matthew Trevithick, who was studying Farsi at Tehran University in 2015 when police seized him as he was leaving the university one day. They also included the Washington Post’s Tehran bureau chief, Jason Rezaian, and his wife. Rezaian’s wife was released three months after she was imprisoned; her husband spent 18 months at Evin before he and Trevithick were released in 2016 as part of a prisoner swap between the U.S. and Iran.