Governments, military forces and non-state groups use covert action to understand – and influence – what their adversaries and allies are doing. The digital age has created many new opportunities for covert action, but has also made traditional strategies much harder to conceal. Digital capitalism’s thirst for data generates detailed online footprints, whether working, shopping or spying.
In this environment, three key strategies for covert action have evolved. The first is implausible deniability, such as Russia’s ‘little green men’ in Ukraine after 2014 – a course of action forced, in part, by Russian soldiers using geolocated photos and apps on the front line. The second is to use distraction and disinformation, hiding embarrassing or sensitive facts in a forest of false counterclaims. The third is to attempt to shield certain audiences from leaks, imposing censorship to limit domestic impact from international scandal, a strategy more often used by states with authoritarian tendencies.
Countering these changing strategies requires transparency, persistence and international cooperation, as evidenced by the case of Iran.
Iran and covert action
Iran is a focal point for covert action in world politics, from attacks on dissidents in the diaspora to Israeli assassinations of nuclear scientists in the heart of Iran. Iran’s evasion of US and other sanctions, including procurement of nuclear-related technologies, operates through a complex network of front companies. While the outbreak of nationwide protests in Iran last year, and their violent repression, rightfully diverted attention away from its nuclear programme, Iran’s uranium enrichment has continued to increase.
Iran’s use of its state airline and small boats to supply drones for Russia’s war in Ukraine, as well as its ongoing support for actors in several destabilizing regional conflicts, has brought the issue of covert action into the foreground once again. Iran regularly deploys all three strategies above, from cyber-enabled influence operations to complex internet restrictions. But it is Iran’s strategy of implausible deniability that has recently run up against mounting digital evidence, presenting a sharp dilemma for its leaders seeking to repair regional relations and dampen popular revolt.
Seized missiles and digital clues
In early 2022, a UK Royal Navy frigate stopped two speedboats in the Gulf of Oman, seizing parts for cruise and surface-to-air missiles. Similar events also took place in 2019 and 2020, and most recently in February this year.
According to a UN report, Iran rejected any links between ‘the authorities of the Islamic Republic of Iran and those vessels and equipment therein’. However, the UK and other states have tracked Iranian missile construction for years, using public photos of Iranian weapons displays, as well as secret intelligence sources and technical analysis, to understand Iran’s various missile programmes, types, and ranges. This analysis uses key engineering features – such as the smoothness of finishes – to differentiate Iranian homemade parts from foreign versions.
In this case, the UK had a very concrete piece of evidence tying the Iranian state to the smuggled weapons. The missile components were stored alongside a commercial remote-controlled quadcopter made in China, equipped with a high-resolution camera. UK analysts recovered the internal digital memory of the quadcopter controllers and found records of likely test flights at locations owned by the Iranian Islamic Revolutionary Guards Corps (IRGC) in Tehran. The colocation of this quadcopter – including IRGC location data – with missile parts in the same speedboat adds significant weight to the assessment that these were destined for Iran’s Houthi partners in Yemen.
While the users of the quadcopter recognized the potential for digital data to betray their covert action and had removed external memory cards for the controllers, the default for data collection in digital devices left a crucial clue.
Defeating deception
The parts recovered by the Royal Navy also included detailed efforts at deception, a core part of covert action. Previous Iranian surface-to-air missiles had used engines manufactured by a Netherlands-based company. The recovered parts also had this company’s markings but included spelling mistakes that strongly suggest they are in fact Iranian replicas.
In cyber operations, Iranian actors have been uncovered through the discovery of code written in Farsi deep within malware used to target organizations across the Gulf states. However, such inferences must be taken with care as things are not always what they seem. Cyber espionage operations targeting Israel, also using Farsi, were initially thought to be Iranian in origin, until further research found technical links to a Chinese group.