From malware and botnets to the latest cybercriminal schemes, check out what today’s black hat hackers are up to.

Blog > Cybercrime > Spokesperson “DarkPassenger” Speaks Out: Second Exclusive Flashpoint Interview with Parastoo

Spokesperson “DarkPassenger” Speaks Out: Second Exclusive Flashpoint Interview with Parastoo


In February 2016, Flashpoint released an exclusive email interview with Iranian hacker collective Parastoo. Parastoo offered insight into its organizational history and objectives. Since the group’s founding in 2010, its current 30 members characterize themselves as “professionals with a code of conduct” who do not target civilians but rather target “players who help Israel, particularly financially and technologically.”

Recently, Flashpoint had the opportunity to conduct a second exclusive interview with “DarkPassenger,” an unofficial “spokesperson” for Parastoo, SOBH Cyber Jihad, and an unknown number of affiliate groups. DarkPassenger hinted that his pseudonym is derived from the popular Showtime television series Dexter, exhibiting a fairly developed awareness of US popular culture (In Dexter, “Dark Passenger” was the main character’s way to describe his insatiable desire to kill).

DarkPassenger also repeatedly denied any connection between the groups he represents and the Iranian government, and he refused to comment on controversial political issues such as the Joint Comprehensive Plan of Action agreed between Iran and Western powers. DarkPassenger’s positions, however, do align with the official Iranian positions of opposition to Israel, the US, Saudi Arabia, and ISIS.

DarkPassenger also promised the imminent release of information about the downing of the Lockheed Martin RQ-170 Sentinel, an unmanned aerial vehicle (UAV) that crashed in Iran in December 2011 under unknown circumstances, and announced that he was working on a number of websites (including the Persian-language hacking forum connected to Parastoo and its affiliates.

Please find the full interview with Parastoo below.

April 2016

Q: What is the relationship between the IRGC and the defunct RCE[.]ir web forum?

A: Please direct your questions regarding any nation-state actor to their spokesperson. I trust you will receive answers. If there is any failing in getting response from a known actor, please let [Parastoo] know; maybe there is a way to coordinate through working channels a way so a media agency can talk to an official.

Q: Why did you decide to start communicating through Telegram?

A: We have used different means of communication when required, including but not limited to good old telephone, fax, web sites, and forums. We also failed to operate some channels due to legal and/or OPSEC-related issues, e.g [high frequency / shortwave], ham radio, or plain IRC. The use of Telegram wasn’t any different than other means of communication and there is no significance in Telegram as a service or a software product, for our purpose. Due to very dynamic nature of cyber space, we have to move rapidly as it moves. We may use other methods as easily.

Q: On your Telegram channel you announced that RCE[.]ir will be returning soon. When will this be?

A: A couple of new websites, along with the forum you referred to, will surface very soon. I don’t have a date [at the moment] — perhaps within a month.

Q: On Telegram you are offering various courses on computer network attack. Why are you offering these courses and how are people taking these courses with you?

A: Recruitment of talent and educating them for our purpose is the reason to offer various courses. Pretty much basically same as any other organized move. Nothing further to add here really. We “mark” people who are motivated same as the rest of us and are willing to learn skills or already got it.

Q: Why has there been a lull in Iranian cyber attacks against the US since the Iran-US nuclear negotiations began?

A: No comment on what’s known on Twitter as the #IranDeal.

Q: Is DarkPassenger the same person behind Parastoo? What is the relationship between the two? What is the relationship between Parastoo, SOBH Cyber Jihad, etc.? Why do you act as spokesperson for many of these cyber groups?

A: SHO’s [Showtime – the premium cable channel] Dexter offers a foggy picture of what is referred to as the DarkPassenger and to answer your very specific questions we find such a reference very relevant. Regarding the other groups, although we only speak for ourselves, but the way we see things, if guys have honest-to-goodness intentions then we may very well say they got a brotherhood relationship, which matters much more than trade-craft…right?

Q: SOBH promised to release details of its alleged hack of the Bowman Dam in Rye, NY. Why has the group not yet release these details?

A: The decision to withhold some releases correlates with upstairs diplomacy.

Q: The US government has indicted seven individuals in connection with the Bowman Dam incident. Are they members of SOBH?

A: The US government got a very huge “body of lies.” It is very concerning to see a superpower showing a blind eye to Zalman Shapiro’s “divert” of weapon-grade nuclear stuff to the occupying land for Israeli nuclear arms now claiming they got evidences on certain people doing s**t against Civilians? As if USG cannot produce those text files themselves for their evil purposes? Oh they can and they have even done even much better PSYOPs with that WMD story. We do not forget and we do not forgive.

Q: Why have you started mentioning Robert Levinson in your recent communiqués? 

A: The case referenced [here was] apparently created by the FBI. We thought maybe they need a reminder of their corruption, which at the time, was actually Langley’s stupid corruption.

Q: Please provide a detailed, technical, and comprehensive description of the downing of the RQ-170. What is your connection to the case of the downed RQ-170 drone? If you are not formally connected to the Iranian government, how did you come across the information you possess on this incident.

A: We promise you’ll get a very detailed report on the issue of Lockheed Martin’s Spy plane very soon. For the moment and to be clear that as we stated before in our first interview regarding “the game of attribution,” lets not forget that “The Beast of Kandahar” has traveled in more than 5 countries as far as we know and [the fact that] its COMSEC [was] already exploited by Parastoo [has been] published before, even wrongly orchestrated by Saudi pwned Propaganda العربیه

In fact, the earliest mention of exploiting MILSATCOM systems by Parastoo goes back to Mar 9, 2013 according to Cryptome (Google “C4ISR” with our name — basic OSINT).

Q: Why hasn’t Parastoo or its sister organizations targeted ISIS?

A: By “ISIS” ..are you referring to the guerilla, Saudi-funded terrorist activities under داعش [Da’esh] flag? If so, we inform you that other brothers, or as you referred to them our “sister organizations,” have targeted them various the name of their members at one point was surfaced and even handed over to certain western players. But since your last question, unlike some other questions, seemed politically motivated, lets not forget that Parastoo’s motive is repeatedly announced (and Parastoo only speaks English since its earliest public message ): the assassin regime, the motorbike-scale, magnet-bomb, backward-thinking, butcher-government of Israel and whoever hands them out billions in foreign aid just to have more weapons and ask the others to let go of their missiles, hehe as if we are f**king retards !

[We] offer you to watch this thought-provoking clip to organize your intelligence reports much more intelligently: hxxp://ow[.]ly/4mYPCe [Video is of a recent speech by Mohammad Javad Zarif, Iran’s Minister of Foreign Affairs, in response to a Japanese journalist’s question about an Iranian missile test. Zarif responded that missiles were necessary for Iran to protect itself, and that the eight-year war with Saddam Hussein showed Iran that the international community would not come to its aid].