Dominic Jainy is a seasoned IT professional with deep expertise in artificial intelligence, machine learning, and blockchain technology. His work frequently intersects with the geopolitical landscape, where he analyzes how emerging technologies—from decentralized networks to satellite internet—are being leveraged by both state and non-state actors in modern conflict. As digital and physical battlefields merge, his insights provide a crucial understanding of how specialized technical tools influence the security of sovereign nations and the safety of global infrastructure.
This conversation explores the complexities of “dual-use” technologies in high-stakes environments, specifically focusing on the recent activities of Iranian-linked hacking groups like Handala. We delve into the mechanics of black-market hardware smuggling, the legal friction between social media platforms and international sanctions, and the inherent resilience of digital operations against traditional kinetic warfare. By examining the technical signatures of state-sponsored hacktivism and the psychological impact of breached civilian applications, we uncover the evolving nature of cyber warfare in an increasingly connected world.
Approximately 30,000 satellite internet terminals currently operate within restricted borders due to thriving black markets. How do these smuggling networks typically function, and what measures can be taken to ensure technology intended for civilian dissent doesn’t inadvertently empower state-aligned cyber groups?
The reality is that these smuggling operations are highly organized, driven by an intense demand for uncensored communication that overrides local prohibitions. In regions like Iran, thousands of terminals move through clandestine channels, often with the silent backing of external political entities aiming to support local protestors. However, when 30,000 devices are active in a restricted zone, it becomes nearly impossible to vet every user, allowing groups like Handala—which is tied to the Ministry of Intelligence and Security—to hijack that same bandwidth for their operations. To mitigate this, providers must implement more granular geographic monitoring and signal analysis to identify clusters of activity that match the behavioral patterns of state actors rather than civilian dissidents. It is a delicate balancing act because aggressive geofencing might cut off the very people the technology was meant to protect.
State-linked entities often maintain premium social media presences despite being under international sanctions that prohibit business transactions. What are the legal responsibilities of tech platforms in identifying these accounts, and how does the payment for “verified” status complicate the enforcement of trade restrictions?
Under current U.S. sanctions, it is strictly illegal for American companies to engage in financial transactions with sanctioned entities like the MOIS or its leadership. The introduction of the $8 monthly premium subscription creates a direct paper trail of “doing business” that simply didn’t exist when verification was a manual, free process. When media outlets like Al-Alam or high-ranking judicial officials purchase these statuses, the platform is essentially accepting prohibited funds, which puts them in a precarious legal position. Tech companies have a fundamental responsibility to cross-reference their payment data with global sanctions lists, yet the sheer volume of automated transactions often allows these groups to slip through the cracks. This creates a bizarre scenario where a regime can be sanctioned by the government while simultaneously being a paying “verified” customer of that country’s most influential social media platforms.
Conventional military strikes frequently fail to permanently disable digital infrastructure or decentralized hacking cells. When a group remains operational immediately following a kinetic attack, what does that reveal about their geographic resilience, and how should defensive strategies evolve to address this persistence?
A kinetic strike might level a building, but it rarely destroys a distributed digital network, as we saw when Iranian-linked groups stayed online even as missiles were in the air. This persistence reveals that these cells are not tied to a single physical “command center”; they utilize mobile hardware like satellite terminals to maintain a presence from virtually anywhere. To counter this, defensive strategies must shift away from trying to “kill” the source and instead focus on neutralizing the group’s ability to reach their targets. We need to evolve toward a “zero-trust” architecture at the infrastructure level, assuming that the adversary will always be online and active regardless of what happens on the physical battlefield. The fact that groups like Handala or Hamas-linked hackers reappear so quickly proves that digital resilience is now a primary component of modern statecraft.
Many hacking collectives operate under the guise of independent hacktivism while maintaining deep ties to national intelligence ministries. How do these groups select critical infrastructure targets like fuel or energy sectors, and what specific technical signatures distinguish state-directed operations from genuine grassroots activism?
State-directed groups typically select targets that offer the maximum psychological and economic leverage, such as Jordan’s fuel infrastructure or regional gas sectors, to signal their reach and power. Unlike genuine grassroots activists who might focus on website defacement or social media “shouting,” state-linked cells like Handala display a level of technical sophistication and persistence that points toward professional training. You can often see this in their “wiper” malware, which is designed not just to disrupt, but to systematically erase data and paralyze entire industrial control systems. These operations require long-term reconnaissance and specialized payloads that are rarely available to independent hobbyists. When a group claims to be “independent” but moves with the precision of a national intelligence agency, the technical signature of their malware usually gives the secret away.
Retaliatory cycles often involve “wiper” malware and the exploitation of popular consumer applications to spread propaganda or instructions to surrender. What technical vulnerabilities make mobile prayer or calendar apps prime targets for such breaches, and what are the long-term psychological effects on the civilian population?
Consumer applications like BadeSaba, which has over 5 million users, are prime targets because they sit at the intersection of daily life and personal trust. These apps often lack the rigorous, multi-layered security protocols of banking or enterprise software, making them easier to breach and use as a megaphone for mass psychological operations. When a user receives a notification to “surrender” or sees fake “safe zone” coordinates on an app they use for daily prayer, it shatters their sense of digital sanctity and security. This creates a pervasive “climate of fear” where the civilian population no longer knows which digital signals to trust, leading to long-term societal anxiety and a breakdown in local communication. The breach isn’t just a technical failure; it is a direct strike on the collective psyche of millions of people who are simply trying to navigate their daily routines.
What is your forecast for the future of satellite-enabled cyber warfare?
My forecast is that we are entering an era of “ubiquitous connectivity” where traditional borders and internet shutdowns will become largely obsolete, for better and for worse. We will see a surge in “ghost networks”—fleets of smuggled or unauthorized satellite terminals that allow state-sponsored hackers to operate with total geographic immunity from within their targets’ own backyards. As satellite technology becomes smaller and harder to detect, the distinction between a civilian’s tool for freedom and a soldier’s tool for disruption will vanish entirely. This will force a radical shift in international law, as nations struggle to hold satellite providers accountable for the traffic crossing their constellations. Ultimately, the battle for the “high ground” in cyber warfare will no longer be fought on land-based fiber optics, but in the low-earth orbit where the data of both dissidents and dictators flows through the same hardware.