Read Avoiding the kitchen sink: A guide to mixed methods approaches within digital rights governance in this special issue of Internet Policy Review.

This year marks the 25th anniversary of UN Security Council Resolution 1325, a milestone recognizing women’s essential roles in peacemaking, conflict prevention, and post-conflict recovery. Yet, as the world celebrates this legacy, new realities challenge its celebration.

Digital technologies, once seen as tools for empowerment, have become instruments of surveillance, disinformation, and harassment, used by patriarchal and authoritarian actors to silence women human rights defenders and peacebuilders. Digital threats such as the hacking of devices, the exposure of private information and online abuse expand the spectrum of violence against women, creating new forms of insecurity. Even in exile, women with ties to authoritarian countries face gender-based digital transnational repression (GDTR) that aims to intimidate and silence them across borders.

This webinar brings together Citizen Lab researchers with policy advisors, Women, Peace and Security (WPS) experts, and human rights defenders to reflect on 25 years of the WPS agenda in the age of digital repression. The discussion will explore how gender, technology, and authoritarianism intersect to shape women’s participation in peace and security, and how targets of gendered digital attacks and feminist movements are building resilience and reimagining women’s digital security for the next 25 years.

Join us for a timely conversation on how digital repression and surveillance are reshaping women’s participation in peacebuilding and the Women, Peace and Security agenda.

RSVP TO ATTEND

Meet the Speakers

KEYNOTE

Lara Scarpitta (she/her) is the OSCE senior Advisor on Gender Issues and Head of the Gender Issues Programme in the Office of the Secretary General; Senior Advisor and former Political Advisor on Peace, Mediation and Gender at the EU Delegation to the United Nations in Geneva.

MODERATOR

Urooj Mian, MSc., LL.M (she/her) is the CEO at Sustainable Human Empowerment (SHE) Associates. She holds a Master in Law (LL.M) in International Crime and Justice from the United Nations Interregional Crime Research Institute (UNICRI) and University of Torino, a Master in Social Science (M.Sc) in Peace and Conflict Research, from Uppsala University in Sweden, and a Bachelor of Public Affairs in Policy Management (B.PAPM) specializing in Human Rights and Law from Carleton University. She is respected as a gender, peace and security expert internationally and regularly works with human rights defenders.  She holds a combination of experience as a life-long activist, a policy-maker, and a founding executive director of a national advocacy-focussed not-for-profit forwarding the Women Peace and Security agenda. Urooj is currently the CEO at Sustainable Human Empowerment (SHE) Associates. A boutique consulting firm headquartered in Canada with a mission to empower sustainable impact and enable transformative change in the areas of gender equality, peace and justice worldwide.

PANELLISTS

Noura Aljizawi (she/her) is a senior researcher at the Citizen Lab. Her research focuses on digital authoritarianism, disinformation, and digital transnational repression, informed by her background in human rights activism during the Syrian uprising. Aljizawi holds a Master’s degree in Global Affairs from the University of Toronto and has been recognized for her work in online safety and digital security.

Marcus Michaelsen (he/him) is a senior researcher at the Citizen Lab focusing on digital threats against exiles and diaspora communities. Previously, he was a senior post-doctoral researcher in the research group on Law, Science, Technology and Society at Vrije Universiteit Brussel. He has also held a senior information controls fellowship with the Open Technology Fund, and has worked as a lecturer and postdoc researcher in the Political Science Department of the University of Amsterdam. He holds a PhD in Media and Communication Studies from the University of Erfurt in Germany.

Siena Anstis (she/her) is a senior legal advisor at the Citizen Lab. Prior to joining Citizen Lab, she worked as a litigation associate at Morrison & Foerster in New York City and clerked for the Hon. Justice Cromwell at the Supreme Court of Canada and at the Court of Appeal for Ontario. Anstis holds a B.A. in Journalism and Anthropology from Concordia University, a Bachelor of Laws/Bachelor of Civil Law from McGill University, and a Master of Laws from the University of Cambridge.

Natalia Arno (she/her) is the president and founder of Free Russia Foundation. She is a prominent fighter for the advancement of democracy, human rights, and freedom. From 2004 to 2014, Ms. Arno worked for the International Republican Institute’s (IRI) Russia office. For her work in support of human rights and civil society in Russia, in 2012, Ms. Arno was given an ultimatum by Putin’s security services— to leave her homeland in 48 hours or face 20 years in prison on treason charges. Ms. Arno resolved to continue her fight and, in 2014, she created Free Russia Foundation (FRF) to serve as a platform for pro-democracy Russians. FRF provides support to civil societies of Russia and Belarus and has programs to assist Ukraine. FRF is a powerful global movement with centers in Washington, DC and Brussels; Kyiv, Ukraine; Berlin, Germany; Vilnius, Lithuania and Paris, France.

Sreshtha Das (they/them) is a queer disabled activist and works as a Gender Advisor/Researcher at Amnesty International. At Amnesty they developed the ‘Make It Safe Online for women, girls and LGBTI people’ project, which looks at technology-facilitated gender-based violence (TfGBV) through an intersectional and decolonial lens in different country contexts. Their work has largely been at the intersection of gender, sexuality, SRHR, militarisation and racial justice with various marginalised groups, using a structural and systemic analysis to holistically address social justice issues. 

xeenarh Mohammed (she/her) is a global leader at the intersection of technology, human rights, and governance, with over a decade of experience advancing equity and accountability in digital spaces. She currently serves as Co-Lead of the Digital Defenders Partnership, where she oversees global strategy and operations supporting human rights defenders across Africa, Asia, Latin America, and Europe.

About UNSCR 1325

The United Nations Security Council (UNSC) adopted resolution (S/RES/1325) on women, peace and security on October 31, 2000. UNSCR 1325 calls for women’s meaningful participation in peace and security processes; however, 25 years later, the world faces new and complex realities that challenge the spirit of this resolution. Digital technologies have introduced new forms of communication and alternative public spaces. They have also become tools of surveillance, control, harassment, and violence in the hands of patriarchal, authoritarian, and militarized powers. 

The widespread use of mercenary spyware, targeted digital surveillance, online harassment, and disinformation campaigns has created an environment in which women journalists, human rights defenders, and peacemakers are systematically targeted. These technologies enable state and non-state actors to extend gender-based violence beyond physical spaces and into the digital sphere. Even when women are in exile, digital technology enables harmful actors to threaten and silence women from afar.

While the international community celebrates the progress made on the WPS agenda, women who engage in peacebuilding and human rights work still face multi-layered forms of violence that are simultaneously gendered, political, and technological.This webinar situates these realities within an intersectional feminist framework, recognizing that women from marginalized communities, including those defined by race, ethnicity, sexuality, class, religion, or migration status, experience compounded forms of exclusion and vulnerability. Understanding how these intersecting systems of power operate in digital environments is essential to advancing an inclusive and transformative WPS agenda for the next 25 years.

Generative AI is transformational technology, but lack of oversight poses ethical risks.  “It’s astonishing how the industry is able to experiment on human populations with such far-reaching technology and largely unrestrained. We need some kind of wrapping around it to control for the harms and consequences,” says Deibert.

Read the article

In a brief submitted by the Citizen Lab to the Standing Committee on Public Safety and National Security (SECU) of Bill C-8, senior research associate Kate Robertson sets out targeted recommendations to respond to constitutional deficits in the bill that were not addressed during the study and amendment of Bill C-26.

According to Robertson, “addressing the warrantless nature of this collection power should be this committee’s priority in studying the legislation.” Adding that Bill C-8 also “needs to be amended to make certain and clarify that its orders cannot be issued to compromise the security of Canada’s communication networks.”

On November 4, 2025, Robertson will testify on Bill C-8 in the House of Commons’ SECU Committee Meeting.

Read the Citizen Lab’s submission.

Read related coverage in The Hill Times:
“Bill aimed at protecting telecom infrastructure against cyberattacks strikes at privacy rights, say civil society groups“

• A coordinated network of more than 50 inauthentic X profiles is conducting an AI-enabled influence operation. The network, which we refer to as “PRISONBREAK,” is spreading narratives inciting Iranian audiences to revolt against the Islamic Republic of Iran.
• While the network was created in 2023, almost all of its activity was conducted starting in January 2025, and continues to the present day.
• The profiles’ activity appears to have been synchronized, at least in part, with the military campaign that the Israel Defense Forces conducted against Iranian targets in June 2025.
• While organic engagement with PRISONBREAK’s content appears to be limited, some of the posts achieved tens of thousands of views. The operation seeded such posts to large public communities on X, and possibly also paid for their promotion.
• After systematically reviewing alternative explanations, we assess that the hypothesis most consistent with the available evidence is that an unidentified agency of the Israeli government, or a sub-contractor working under its close supervision, is directly conducting the operation.

Timeline 

Background

Influence Operations in the Geopolitical Contest Between Israel and Iran

In the geopolitical and ideological competition between the Islamic Republic of Iran and its international and regional adversaries, control over and strategic manipulation of the information environment has always played a key role.

While relatively little is known about influence operations (IOs) run directly by the Israeli government, military, or intelligence services, both independent press and social media platforms’ investigations have previously exposed several highly sophisticated Israeli covert influence operators, and their alleged connections to the country’s government. Two notable examples are Team Jorge and Archimedes Group. Both companies offered their services to a wide array of clients globally, used advanced technologies to build and conduct their covert campaigns, and advertised existing or prior connections to the Israeli intelligence community.

For its part, the Islamic Republic considers media and information technologies as a battleground of regime survival. It has muzzled the press, disrupted satellite reception, and developed one of the most sophisticated systems of internet censorship worldwide. In its attempts to control information and shape narratives beyond borders, the Islamic Republic has also produced IOs targeting both the Iranian diaspora and international audiences, and relied on methods of transnational repression to silence critics abroad. 

Prior Citizen Lab research has uncovered Iranian disinformation efforts. In this investigation, we focus on the “other side” of the geopolitical competition: namely, an IO effort we assess as most likely undertaken by an entity of the Israeli government or a private subcontractor working closely with it.

The “Twelve-Day War”

The central focus of the IO examined in this report is the “Twelve-Day War” which began on June 13, 2025, when Israel launched a major military attack against Iran, striking military sites, nuclear facilities, and infrastructure installations. The war was a culmination of a decade-long tension over Iran’s nuclear program, which Israel views as an existential threat. In highly targeted operations, Israel also killed senior commanders in Iran’s military and security apparatus, as well as scientists associated with the nuclear program. Iran retaliated with ballistic missiles and drones.

While the stated objective of Israel’s attack was to degrade Iranian nuclear and missile capabilities, the airstrikes expanded to other critical infrastructure, including oil industry facilities and the national broadcaster in Tehran. Speculation that Israel was aiming for regime change was further fuelled by Prime Minister Netanyahu’s call to the Iranian people to stand up against their oppressive regime. The United States entered the conflict on June 22, striking three nuclear facilities in Iran. After Iran’s limited retaliation against a U.S. base in Qatar, a ceasefire took hold on June 24, ending the 12-day conflict. 

The day before the ceasefire, on June 23, the Israel Defense Forces (IDF) carried out multiple air strikes on Evin Prison in Tehran. The detention facility is notorious for the mistreatment of political prisoners with frequent reports of solitary confinement and torture. Among the detainees are dual and foreign nationals held for leverage in the regime’s “hostage diplomacy.” The daytime attack caused severe damage and disruption within the facility, raising concern for the safety of inmates, among them high-profile dissidents. According to Iranian authorities 80 people were killed in the strike. A group of prominent Iranian human rights defenders, including Nobel Peace Prize laureate Narges Mohammadi, as well as international human rights organizations condemned the attack as a serious violation of international humanitarian law.

Later that day, the Israeli military confirmed in a press briefing that they had carried out a “targeted strike” on Evin Prison as a “symbol of oppression for the Iranian people.”  Israeli government officials also mentioned the strike in social media posts. Foreign Minister Gideon Saar described the attack as a response to Iran’s targeting of civilians and tied it to a call for liberation.

The IO examined in this report synchronized its activities closely with the airstrikes on Evin Prison to advance a narrative of regime change in Iran. 

A “Kinetic” Influence Operation: the Evin Prison Bombing

The influence operation described in this report was initially identified through the interactions by a number of X accounts with what appeared to be a highly sophisticated deception attempt: an AI-generated video of the Evin Prison bombing. The deepfake video was thought to be real and republished by multiple international news outlets.

What follows is a description of this activity, as well as its timeline:

1. According to public reports, the prison was hit multiple times between 11 a.m. and 12 p.m., Tehran local time. Human Rights Watch “confirmed, based on satellite imagery, thermal anomaly data, accounts of informed sources, and first online reports and videos, that the Israeli strikes on Evin Prison took place on June 23 between 11:17 a.m. and 12:18 p.m.”
2. The first reference to an explosion at Evin Prison that we identified as published by PRISONBREAK was posted at 11:52 a.m., Tehran time. A confirmed PRISONBREAK account – @kavehhhame – posted the following. The hashtags translate to: “#8_o’clock_cry #We_don’t_forget”. We will return to the significance of the first hashtag – #8_o’clock_cry – later in this report.

   

3. At 12:05 p.m. (Tehran time), when the strikes were reportedly still underway, another confirmed PRISONBREAK account – @KarNiloufar, the oldest account in the network – published a post including a video of the alleged moment of the strike on the prison’s entrance.

4. The video was later flagged as “fabricated” by BBC Persian. However, it did initially trick the press into republishing it as real. 

• • • The exact timing of the video’s posting, while the bombing on the Evin Prison was allegedly still happening, points towards the conclusion that it was part of a premeditated and well-synchronized influence operation. 
    • The first organic video we could identify on X as appearing to show the aftermath of the prison’s bombing was posted at 8:36 AM UTC, one minute after the AI-generated video published by PRISONBREAK.

5. In the minutes following the initial posting of the video, other accounts in the PRISONBREAK network added their own contributions, claiming to have heard the sound of the explosions hitting Evin.

“Free Evin” – Inciting an Uprising

It was at this stage – beginning at 12:36 p.m. Tehran time, with the bombings having reportedly ended at 12:18 p.m. – that the network started explicitly calling for the capital city’s population to reach Evin and free the prisoners. The X accounts also posted reassuring statements such as “the attack will end now” and “the area is safe”.

This series of posts by the PRISONBREAK network’s accounts following up to the AI-generated video and calling for people to reach the prison achieved virtually no organic engagement, and a very low amount of views, with one exception: the following post by the original video sharer, @KarNiloufar, which also included a video, managed to accrue 46,000 views and more than 3,500 likes. The PRISONBREAK network reshared the post several times.

This second video about the Evin Prison, which shows the hallmarks of professional editing and was posted within one hour from the end of the bombings further strongly suggests that the PRISONBREAK network’s operators had prior knowledge of the Israeli military action, and were prepared to coordinate with it. 

A Broader Narrative: Overthrowing the Iranian Regime

The Evin Prison deepfake proved to be just one of the many pieces of content produced and amplified by the network in relation to the Twelve-Day War. Upon further analysis of the PRISONBREAK network’s posting timeline and posts content, we assess that their primary narrative was one of regime change in Iran. This appears consistent with other efforts promoting the overthrow of the Islamic Republic observed as happening in the same timeframe, attributed to Israeli government agencies, and exposed in a recent press investigation.¹

In the early morning of June 13, 2025, Israel began its first bombing campaign of Iran. At the same time, we observed the PRISONBREAK network sharing images and videos of alleged civil unrest and instability in Iran. This footage included, for example, alleged Iranian military vehicles exploding. The network shared at least nine similar posts on June 13 in what appeared to be an attempt to force a public perception of instability during the initial Israeli attacks. We cannot verify the authenticity of any of the videos and it is possible that some of them were AI generated. 

Two days later, the network published a series of posts highlighting the alleged economic upheaval in Iran after the first few rounds of bombings. The network told followers to head to ATMs to withdraw money, emphasized that the Islamic Republic was “stealing our money to escape with its officials,” and urged followers to rise up against the regime. 

At least two of the observed posts which depict long lines of people waiting at the bank and beginning to riot show elements of AI generation. More specifically, in the example video shown below, one of the bodies blurs and becomes misshapen, suggesting the footage was AI generated.

Between June 20 and June 22, 2025, PRISONBREAK intensified its rhetoric against the Iranian regime. Under the hashtag “8 o’clock cry”, the accounts urged followers to get on their balconies at 8 p.m. each evening and shout “Death to Khamenei” (مرگ بر خامنه ای), in an attempt to capitalize on a previously established form of protest in Iran. An example of one of the posts shared by the network is shown in the figure below. 

We observed at least nine videos and 23 posts shared by PRISONBREAK between June 20 to 22 of citizens allegedly participating in the “8 o‘clock cry”. The videos relating to the “8 o‘clock cry” have viewership well outside their normal rates, ranging from 20,000 to 60,000 views per post. Almost all of the videos are low quality, and do not include visible images of people shouting. Based on evidence outlined in the next section, we are able to conclude that at least some of the videos were manipulated. As we could not identify them as posted anywhere else, we conclude that the videos were likely created by the account operators.

These posts appeared to be a buildup to the Evin Prison deepfake, again pushing narratives promoting regime change in Iran. The network failed² to drive Iranians to Evin Prison to free the political prisoners, but that did not stop their dissemination of content promoting an uprising against the country’s leadership. On June 24, Israel and Iran agreed to a ceasefire. The PRISONBREAK network then appeared to make another push to trigger unrest by questioning the ceasefire, suggesting that Iranian citizens had not received their salaries. 

The PRISONBREAK operators subsequently pivoted to content related to the country’s ongoing water and energy crisis. Iran has faced a five-year drought and, in July, government officials announced that Tehran’s water supply was likely to run out in a matter of weeks. The water crisis and energy shortage made life increasingly difficult for Iranians following the Twelve-Day War. It appears that the network sought to escalate these tensions by creating and sharing content related to these issues. At the time of writing this report, PRISONBREAK is still consistently posting about both the water crisis and energy shortage, in a likely attempt to continue to escalate tensions between Iranian citizens and their government. We share two examples of this content posted by the network below. 

A Synthetic Network

The Pervasive Use of AI

The Evin Prison deepfake was not an anomaly for the PRISONBREAK network’s use of AI, which appeared to be routinely used in the operation. In one occasion, the network utilized AI to distort the lyrics of a known Iranian protest song, and accompany the manipulated sound with deepfake representations of three Iranian singers.

Starting in August 2025, several confirmed network accounts shared a Youtube video³ impersonating famous Iranian singers Mehdi Yarrahi (مهدی یراحی), Toomaj Salehi (توماج صالحی), and Shervin Hajipour (شروین حاجی پور). All three singers live in Iran and have spent time in prison for their support of the 2022-23 “Woman, Life, Freedom” protest movement. In particular, Rapper Toomaj Salehi was severely tortured during his incarceration and sentenced to death in April 2024, a sentence later overturned. In the video, they allegedly perform a joint interpretation of Hajipour’s song “Baraye” which criticized social and political realities in Iran and became an anthem of the protest movement. The song in the video, however, changes the lyrics of the original, turning it into a direct call for an uprising. The main chorus in the manipulated version of the song roughly translates to “revolution for life, revolution for hope, revolution for freedom” while discussing the ongoing water crisis in Iran and other perceived or real grievances of the Iranian population. 

The video and a short extract from it were the only ones posted on the YouTube channel⁴ “جنگ زندگی” (“The War of Life”) – which was created the same day it uploaded the song (August 13, 2025). The clip features several distinct AI failures – including a person walking backwards (who appears to be a “double” of Hajipour), crowds of people moving as a singular sliding unit, and misplacement of Toomaj Salehi’s tattoos (either duplicated or not present). We provide one example of the AI mistakes below. 

At the time of writing this report, the YouTube account has 287 subscribers and the video has 466 views. We observed the PRISONBREAK network sharing the video on X one day after it was posted on YouTube, August 13, 2025, and seeding the link into Twitter Communities with over 15,000 members. 

This video was just one of the many examples of PRISONBREAK spreading AI-generated imagery emphasizing the water crisis. At times, such content was of a caricatural nature. One post from the confirmed network account @feridounazari shared an AI video depicting Khamenei stealing water from a baby. Another account, @firoz_soltani, shared a video of water bottles attached to a timer meant to resemble a bomb. When the timer explodes, the caption reads “Water is our inalienable right, thirst is the end of our life.” Regardless of the post, the goal seemed to be to create and share content that deepens the political discontent in Iran and pushes the population towards revolting against the regime. 

Impersonation of National and International News Outlets

Along with AI-generated content, the PRISONBREAK network impersonated legitimate news sources. For example, we identified one screenshot and two videos impersonating BBC Persian. In the caption to a screenshot of an alleged article, the original poster @KarNiloufar claimed that BBC Persian deleted it within five minutes of posting it. The headline of the article translates to “Officials flee the country; High-ranking officials leave Iran one after another”. We have verified with the BBC Persian that this article was never published by the broadcaster. 

A few days after sharing the alleged article, the network posted two other videos they claimed to have been published by BBC Persian. The first video summarizes the events of the Twelve-Day War, specifically highlighting heavy traffic, gas shortages, and suggesting that Iran’s government and allies have abandoned the regime. The second video begins with a title that translates to “Special daily summary of the attack on the regime’s repressive forces,” and shares the network’s own Evin Prison deepfake, as well as other alleged explosions in Iran. 

The BBC confirmed to us that they did not create or publish this content.⁵

We provide screenshots of the two news clips fabricated by PRISONBREAK below.

BBC Persian was not the only media outlet impersonated. We observe two other instances of media impersonation with the accounts providing links to articles from Afkar News (پايگاه خبری افکارنيوز) accompanied by a screenshot of the headline. In both instances, the links do not lead to a news article, nor were we able to locate archived versions. 

Recycled or Intentionally Misleading Content

AI-generated videos were just one of the tactics employed by PRISONBREAK. We observed several instances of videos edited and shared to mislead viewers about protest activity occurring in Iran. In three of the videos shared, the accounts imply they have filmed the videos in their neighbourhood. We found that these videos were recycled content – and not authentic as the users claimed – and had been posted by accounts that appear to be unrelated to PRISONBREAK almost a week before. In addition, two of the videos were cropped and edited from the original, possibly to prevent discovery of its reuse. We additionally cannot verify the authenticity of the original videos. 

The operation not only recycled content, but possibly edited videos to fit their narrative. In the example below, the video loops several times, while the audio does not. The lack of continuity suggests that the audio has been added overtop of the video, pointing to its manipulation. The picture is also grainy, and appears to be filmed from another screen. Most notably, the audio appears to be a cut and processed version of the audio in both the VOA Farsi video and the video shared by @nnikafaz43 in the example above, suggesting that the PRISONBREAK operators have intentionally cut audio from different videos and placed it on new content. 

Some edits were even less sophisticated. In the example below the “protest” audio pauses at 9 seconds, while the video continues on. At 10 seconds someone can be heard speaking in the background – presumably the creator of the video – followed by a few seconds of silence before the intended audio begins again at 12 seconds. The pause in audio, and the grainy video quality, signals that the video and audio were combined from two separate sources, and not recorded as the account claims. 

Artificial Amplification

Many of the recently discovered influence operations have relatively low rates of engagement. The PRISONBREAK operators employed several tactics to help increase the rate of engagement and viewership. We outline them below. 

Seeding of Content into X Communities

As described by X, Communities are “a dedicated place to connect, share, and get closer to the discussions they care about most.” They essentially consist of discussion groups that can be created and run independently by an X user.

Relative to this influence operation, Communities allowed for the network to spread their message of discontent to people who are already interested in similar topics. We observe PRISONBREAK sharing posts into communities specifically targeted at anti-Iranian regime groups including: 

• Constitutionalist Association Twitter (انجمن مشروطه خواهان توییتر) with 2,900 members 
• Iranian Youth Union (اتحاد جوانان ایران) with 6,700 members
• Jina Mahsa | Iran’s Revolution (ژینا مهسا | انقلاب ایران) with 5,400 members. 

The network also frequently shared posts into a Persian-language “Follow Back” community with 17,600 members. This type of Community typically offers a rapid (and artificial) way for an X user to achieve a follower base by promising mutual “follows” for all its members.

By using X Communities to spread their content, PRISONBREAK artificially inflated the viewership on several posts, increasing their chances of influencing their target audience through the community members’ resharing. 

Mutual Resharing

In addition to posting in X Communities, PRISONBREAK frequently reshared the network’s own posts – especially their likely AI-generated content. This appears to be an attempt at self-amplification by the network.

At least seven different PRISONBREAK accounts reposted this video – originally posted by @Sepideh7895 – which we assess above to have been edited with repurposed audio. At least nine PRISONBREAK accounts reposted, quoted, or replied to other posts with the AI-generated photos of Khamenei in an ambulance – originally posted by @azad_leylaas, another PRISONBREAK account. This technique can be observed on nearly all of the network’s accounts, in an attempt to spread their content to as many users as possible and increase the effectiveness of their covert influence campaign.  

Tagging Mainstream Media

While PRISONBREAK focused on amplifying their posts to audiences on X, they also tried to gain the attention of mainstream media. We observe several instances of PRISONBREAK accounts tagging popular news outlets like BBC Persian, VOA Farsi, and Iran International in videos shared by the network. Given the success of the Evin Prison deepfake in tricking mainstream media, tagging news accounts on other videos allegedly produced by the network demonstrates a persistent attempt to deceive the media with inauthentic Twelve-Day War content in line with the network’s narratives. We provide two examples of these efforts below.

Inauthentic Accounts and Personas 

We assess with high confidence that the PRISONBREAK network is both coordinated and inauthentic. It does not represent existing individuals, and was almost certainly orchestrated  by a professional team, following a specific playbook.

We reach this conclusion through the analysis of a series of strong indicators that we summarize below.

Registration Email Domains

Summary: The network’s frequent use of a possibly obscure and/or proprietary email domain for account registration points strongly towards the conclusion that the accounts are closely coordinated.

Using open-source intelligence (OSINT) methods, we observed that approximately half of the X accounts in the network registered using the email domain @b********.***. Among them was also @KarNiloufar, the account who posted the AI-generated video of the Evin Prison bombing.

We were not able to conclusively identify the email domain used for the accounts. We note that it does not appear to be one of the most commonly used webmail services – i.e. Gmail, Outlook, Hotmail, or Office – and the character count does not match other popular services starting with “b”, such as for example btinternet.com.

Lifespan vs. Period of Activity 

Summary: While the accounts were all created in 2023, 99.5% of their posting happened after January 2025. This strongly signals both their coordination and inauthenticity.

All confirmed accounts in this network were created between February and December 2023. However, only a handful of posts were made before the network ramped up its activity in January 2025 and in the following months.

Specifically:

• The network published only approximately 0.5% of the estimated total number of posts before 2025.
• Such posts exclusively consisted of reposts. There was no originally created content being posted.

The network came to life – in terms of its posting activity – beginning in January 2025, possibly responding to a specific directive, and in coincidence with the escalation of geopolitical tensions that eventually led to the Twelve-Day War in June 2025.

Posting Time Patterns

Summary: Posting time patterns are consistent with those of a professional, dedicated team of operators producing posts as part of a regular work day.

A review of the posting time patterns for the network – i.e. the number of posts published in total by the accounts in each hour of the day – shows that the network:

• Typically begins ramping up activity at 6 a.m. UTC (9:30 a.m. Tehran time) each day.
• Significantly escalates the volume of posts starting at 7 a.m. UTC (10:30 a.m. Tehran time).
• Begins winding down posting activity after 3 p.m. UTC (6:30 p.m. Tehran time).
• Has minimal average posting activity between 9 p.m. UTC (12:30 a.m. Tehran time) and 6 a.m. UTC (9:30 a.m. Tehran time).

This behaviour approximately coincides with a regular work day in the Iranian timezone (Iranian Standard Time or IRST, equivalent to UTC+3:30), and even more so in UTC+3, the time zone applying to most of the Middle East (as well as Eastern Europe and parts of Eastern Africa), including Israel.

It is, however, inconsistent with an organic community of users spontaneously posting at random times of the day.

Application Version

Summary:The network’s consistent and prevalent use of X’s desktop application to post its content is more consistent with the work of a professional team than with the activity of an organic community.

We estimate that at least 75% of the posts produced by the network were posted through X’s desktop interface (formerly known as Twitter Web App). This information is visible in the network response provided when loading a given post in a web browser, using the browser’s Developer Tools or equivalent name.

Like the posting timing patterns, the almost exclusive use of the web version of X – a mobile-first platform like other social media – is consistent with a professionally run network of digital assets, where a team is assigned to operating one or more of the accounts through dedicated workstations. Similar behaviour has been previously used as a signal to identify IOs.

Profile Photos

Summary: The network’s profile pictures are often faceless, sourced from stock images, or appear to be lifted from popular blog sites like Pinterest, a strong signal of inauthentic persona development.

We reviewed the profile photos of all accounts associated with the network and found that 30 out of 53 have profile photos where their face is partially or completely obscured. Two of the profile photos were found on various stock photo websites. A reverse image search also showed that a large majority can be found on Pinterest, a popular photo sharing site. The use of stolen or anonymous photos is a common tactic used by IOs to protect the anonymity of the actors behind the operation, and in combination with other elements that we outline here, is a strong signal of inauthenticity.

The Deepfake Account: @TelAviv_Tehran

We identified one X profile that appears to be external from PRISONBREAK, but displays several signals of likely coordination with it. It is an account promoting closeness between the Israeli and Iranian populations, and explicitly using AI to manufacture and disseminate calls to revolt against the Iranian regime and its leaders. This tactic aligns it with PRISONBREAK’s modus operandi and objectives.

@TelAviv_Tehran is an X account (also active on Instagram⁶ with the same username) explicitly⁷ using a deepfake persona – a purported female reporter from Iran, whose appearance and speeches are fully AI generated – to post videos deriding the Islamic Republic’s leadership.

As hinted in the username, @TelAviv_Tehran promotes closeness between the Israeli and Iranian populations, where the latter is depicted purely as an oppressed victim of the Islamic regime. Like PRISONBREAK, @TelAviv_Tehran openly appeals for the Iranian people to rise against the Islamic regime. 

@TelAviv_Tehran appears to connect with PRISONBREAK in a few different ways:

• It is amplified by suspected purchased engagement⁸ accounts that also amplify PRISONBREAK. For example, one post shared by @TelAviv_Tehran had 163 reposts at the time of writing this report. Due to limitations on viewing engagements, we were able to analyze 83 of the accounts which reshared the post. 70 of those accounts fit the criteria of purchase engagement accounts and all 70 of the accounts shared at least one PRISONBREAK post, showing 100% overlap between the engagement accounts’ promotion of @TelAviv_Tehran and PRISONBREAK.

• It posted an original AI-generated video purportedly representing the burning of the Evin Prison following the IDF strikes. The post was made only four minutes after @KarNiloufar’s publication of the AI video supposed to show the actual bombing and while the strikes – according to the publicly available calculations discussed earlier in this report – were still happening.

  

• It posted several of the videos posted by PRISONBREAK, and also multiple ones that match closely the network’s modus operandi (i.e. likely AI-generated videos of military attacks on Iran, or of unrest in the country). We provide a list of examples in the Appendix.
• It also posted media that are less overtly AI-generated and rather seem to follow the modus operandi seen with PRISONBREAK. For example, a video of a supposed aerial attack on Tehran by unidentified military forces on June 13, 2025 – the day the IDF struck Iranian locations for the first time, starting the “Twelve-Day War.”

• While some of the registration metadata (for example, the email domain, which seems to be Gmail here) as well as of the behavioural signatures by @TelAviv_Tehran differ from those of PRISONBREAK, the overlaps described above lead us to conclude with medium confidence that the network and this X account operate in, at least partial, coordination with each other.

Attribution

At present, we cannot conclusively attribute PRISONBREAK. The unavailability  of critical identifiers – such as profiles’ metadata – to the research community impedes us from confirming the identity of the network’s operators.

However, the evidence we collected during the course of our research allows us to conclude that the most likely scenario is that of an involvement by the Israeli government, either an agency working alone or with the participation of an outside contractor. 

We also considered two other scenarios: that of a U.S. government’s involvement, and that of a third-party government responsibility. We judge these two hypotheses as having medium-high and low likelihood, respectively.

The table below illustrates our analytical conclusions:

We outline our analytical process through an established analytical technique – Analysis of Competing Hypotheses (ACH) – in the table below.

Analysis of Competing Hypotheses (ACH)

Legend
✅ consistent with [hypothesis]
❌ inconsistent with [hypothesis]
= could be consistent or inconsistent with [hypothesis]

Conclusions

Covert influence operations have been a feature of armed conflict dating back centuries, their characteristics evolving as new technologies open up opportunities for experimentation. Today, we are witnessing a new generation of covert influence operations mounted principally on and through social media and featuring the use of artificial intelligence and related digital tools and techniques. These operations benefit from the distributed nature of social media, their built-in algorithmic engagement properties (which help propel sensational content by design), as well as recent measures taken by many tech platforms to reduce the capacity of, or eliminate altogether, internal teams responsible for removing coordinated, inauthentic content. The growing sophistication and ease-of-use of AI tools has also helped power these campaigns, providing actors with an unprecedented ability to produce increasingly realistic-looking videos and images with far fewer resources than what would have been required in previous eras.

In this investigation, we have identified a coordinated network of inauthentic X profiles that, since 2023, has conducted an influence operation targeting Iranian audiences. The objective of PRISONBREAK appears to be to foster a revolt against the Iranian regime among the Iranian population. One striking feature of this campaign is its synchronization with events on the ground: the content generated by PRISONBREAK appears to have been prepared in advance of and co-timed with military strikes undertaken by the IDF in June 2025. 

Although we cannot attribute this to a particular entity, the advanced preparation required and the timing of the coordinated, inauthentic posts suggests some kind of connection to the Israeli state. We believe that while it is technically possible, it is highly unlikely that any third party without advance knowledge of the IDF’s plans would have been able to prepare this content and post it in such a short window of time. Based on the data reviewed in preparing this report, the campaign we have documented was mostly likely undertaken either by an Israeli agency in-house or a private entity contracted by the Israeli government. However, without additional information we are unable to conclusively attribute the responsible parties.

While attribution around any covert operation is inherently challenging because of the steps taken by perpetrators to conceal their tracks, attribution is also made especially difficult today because social media platforms restrict access to their platforms to outside researchers, and thus to the artifacts and other details that are critical to make conclusive attribution possible. In spite of these restrictions, we were able to use a combination of qualitative and quantitative methods to conclusively determine what we were observing was not spontaneous and organic, as the perpetrators were hoping to be perceived, but rather highly coordinated and inauthentic. 

However, these methods are not readily available to the general public and/or to specific target populations and typically require considerable analytical effort, time and access to special resources and data sources. Additionally, it is now generally accepted that in today’s social media environment, sensational falsehoods spread quickly and are shared widely because they feed off of human emotions and are amplified by the engagement-driven algorithms of the platforms, all of which works to the advantage of those mounting covert influence operation campaigns. These dynamics and their potentially harmful effects are exacerbated in times of political crisis and conflict, such as the military confrontation between Israel and Iran. 

Notification to X

On September 30, 2025, we contacted X and provided them with the list of confirmed PRISONBREAK user accounts. At the time of publication, we had not yet received a response.

Acknowledgements

Special thanks to Alyson Bruce for editorial and graphics support, and to Siena Anstis, Rebekah Brown, and Adam Senft for review. We thank our anonymous reviewers, illustrator, and translators for their contributions.

Appendix

X Accounts

PRISONBREAK

Other Suspected Accounts

Other Social Media

Shared X Posts Between @TelAviv_Tehran and PRISONBREAK

 ממצאי הדו״ח

• רשת מתואמת של יותר מ 50 פרופילי משתמשים בדויים  ב X מבצעים באמצעות בינה מלאכותית קמפיין השפעה. הקמפיין שמשתמש ברשת שאנו קוראים לה ״Prisonbreak“, מסית את הקהל האיראני להתקומם נגד שלטון הרפובליקה האיראנית.
• הרשת נבנתה בשנת 2023 אך כמעט כל פעילותה  התחילה ב 2025 וממשיכה את פעילותה עד היום.
• נראה כי פעילות הפרופילים תואמה, לפחות באופן חלקי, עם  המבצע הצבאי שצה״ל ביצע נגד מטרות איראניות ביוני 2025.
• למרות שנראה כי פעילות אמיתית של משתמשים עם “PRISONBREAK” היא מוגבלת, חלק מהפוסטים הגיעו לאלפי צפיות.המבצע הטמיע פוסטים עם מסרים בסגנון זה בקהילות רבות ב X, ויתכן כי גם שילם על הפצתם.
• אחרי ניסיון למצוא הסברים אחרים, אנו מעריכים כי ההשערה הסבירה ביותר, בהתחשב בעובדות הקיימות, היא שיחידה לא מזוהה בממשלת ישראל, או קבלן משנה שנשכר לעבוד עבורם, ביצע את המבצע.

הערה לגבי התרגום:

זהו תרגום לא רשמי של ממצאי הדו״ח לעברית. תרגום לא רשמי זה יכול להיות לא מדויק. הוא מיועד רק לתת הבנה בסיסית של מחקרנו. במקרה של אי דיוקים או דו-משמעות,  יש להסתמך על הדו״ח באנגלית.

یافته‌های کلیدی

• شبکه‌ای هماهنگ متشکل از بیش از ۵۰ پروفایل غیرواقعی در ایکس (X)، که ما از آن به عنوان «پریزِن‌بریک» (PRISONBREAK)  یاد می‌کنیم، در حال انجام عملیاتی با استفاده از هوش مصنوعی برای برانگیختن مخاطب ایرانی به انقلاب علیه جمهوری اسلامی است. 
• در حالی که این شبکه در سال ۲۰۲۳ ایجاد شده است، تقریبا تمامی فعالیتش از ژانویه ۲۰۲۵ آغاز شده است و تا به امروز ادامه دارد.
• به نظر می‌رسد فعالیت‌های این شبکه‌، یا دست‌کم بخشی از آن، با کمپین نیروهای دفاعی اسرائیل علیه مواضع ایران در ماه ژوئن ۲۰۲۵  هماهنگ شده‌ بودند. 
• در حالی که تعامل واقعی با محتوای تولید شده توسط شبکه PRISONBREAK محدود به نظر می‌رسد،  برخی از «پست‌های» این شبکه ده‌ها هزار بار دیده شده‌اند. چنین پست‌هایی در «جوامع» عمومی بزرگِ ایکس (Communities) منتشر شدند و احتمالاً برای تبلیغا ت آن‌ها نیز هزینه پرداخت شده است.
• پس از بررسی نظام‌مندِ توضیحات جایگزین، ما ارزیابی می‌کنیم که فرضیه‌ای که بیش‌ترین سازگاری را با شواهد موجود دارد این است که یک نهاد مشخص‌نشده در دولت اسرائیل یا یک پیمانکار فرعی که زیر نظر مستقیم آن فعالیت می‌کند، به طور مستقیم انجام عملیات را برعهده دارد. 
• در رقابت ژئوپلیتیک بین جمهوری اسلامی ایران و مخالفان بین‌المللی آن، کنترل و دستکاریِ استراتژیک محیط اطلاعاتی نقش کلیدی ایفا می‌کند. رژیم ایران یک سیستم جامع سانسور اینترنت ایجاد کرده است و هم‌زمان عملیات‌های نفوذ را با هدف قرار دادن مخاطبان خارج از کشور انجام می‌دهد. در این تحقیق تمرکز ما بر کمپین «پریزِن‌بریک» است که علیه جمهوری اسلامی طراحی شده است.

توضیح دربارهٔ ترجمه: متن حاضر ترجمه‌ای غیررسمی از نسخهٔ اصلی انگلیسی گزارش است و ممکن است از دقت کافی برخوردار نباشد. هدف این ترجمه صرفاً کمک به ایجاد درک کلی از پژوهش ماست. در صورت وجود هرگونه اختلاف یا ابهام، نسخهٔ انگلیسی معتبر خواهد بود.

Over the past decade, the Citizen Lab has published numerous reports examining transnational repression (TNR) across the globe, focusing specifically on its digital forms. 

In response to increasing accounts of foreign governments reaching across borders to harass and silence people in the United Kingdom, the UK’s Joint Committee on Human Rights launched an inquiry into transnational repression.

The Citizen Lab submitted written evidence to the inquiry that draws over ten years of research documenting and examining the methods, impacts, and geo-political landscape of TNR. 

Our submission describes TNR’s impact on victims, identifies the biggest perpetrators of TNR in the UK, urges the British government to adopt a legal definition of TNR, and provides policy suggestions to better protect overseas dissidents from TNR.

Read the report from the UK Joint Committee on Human Rights.

An Analysis of Chinese Censorship Bias in LLMs was published in the Privacy Enhancing Technologies Symposium (PETS) 2025 proceedings.

Hidden Links: Analyzing Secret Families of VPN Apps was published in the Free and Open Communications on the Internet 2025 proceedings, part of the Privacy Enhancing Technologies Symposium (PETS).