A hacktivist collective, “GhostSec, has claimed credit for successfully taking down Iran’s FANAP Behnama software, a privacy-invading tool allegedly used by the Iranian government for citizen surveillance.

This tool was initially launched as a native Iranian banking system but now has been expanded by the Iranian government to monitor and track its citizens, thereby shedding light on the country’s significant advancements in surveillance capabilities.

According to the hacking group, the breach exposed approximately 20GB of compromised software, including source code, relating to face recognition and motion detection systems from Iranian software company Fanap.

“FANAP software, Behnama, was entirely breached,” said GhostSec on its Telegram channel. “A total of around 20GB [of] compressed [files] have been analyzed during the last two months.”

GhostSec, says it plans to make the data public not just for the interests of the Iranian people but also for the broader implications this breach has on privacy worldwide.

The cybersecurity analyst firm Cyberint believes that GhostSec’s actions are consistent with hacktivist principles, aiming to promote equality in the fight for human rights for privacy.

“This exposure seeks to empower the Iranian populace to demand privacy rights in the wake of increased awareness about government surveillance. While GhostSec’s actions align with hacktivist principles, they also position themselves as advocates for human rights,” Cyberint said.

GhostSec says that its move is not just about technology but about the privacy of the people, civil liberties, and a balance of power.

To this end, the hacking collective has set up a dedicated Telegram channel called IRAN EXPOSED, which it plans to use to publish segments of the breached data. It has already uploaded portions of the compromised Behnama code, including configuration files and API data.

GhostSec says it will provide in-depth explanations about its findings and the justification behind its actions once all the data has been uploaded.

The uploaded data allegedly includes tools for facial recognition-based video surveillance (used in the Pasargad Bank Car GPS and tracking system), a Car number plate recognition system (which might have implications for hijab alerts), and an ID card printing face recognition system.

Moreover, even a system linked to the Single Sign-On (SSO) platform employed by the regime for online user authentication is connected to the FANAP system.

“This integration compiles intricate aspects of citizens’ lives, not only to determine access privileges for services but also to construct a virtual profile for facial recognition,” says Cyberint.

“The group maintains that this evaluation is rooted in the software code, substantiating indisputable evidence of the software’s capabilities and deployment.”

GhostSec alleges that the tools are actively utilized by the Iranian government, law enforcement agencies, and military personnel, marking a considerable advancement in the country’s enhanced surveillance capabilities.

It’s important to note that GhostSec initially claimed responsibility for the shutdown of the fanap-infra.com website but later revealed that another website related to the FANAP software company was only accessible within Iran.

Meanwhile, the main GitHub repository of the company was made private, possibly in response to the GhostSec attack.

“That mean[s], they are scared. That mean[s] it’s time to hit harder,” says GhostSec.