Iranian hackers have lifted the details of 15 million Iranian users of the Telegram secure messaging platform.
Telegram attracts security and privacy-conscious users because of its end-to-end encryption, and is favored by activists, journalists and dissidents in Iran as a way to protect themselves against censorship and governmental backlash.
Researchers suspect that telecom operators within Iran intercepted the authorization texts that Telegram sends to users when logging in on a new phone or device, passing the details along to hackers. Those hackers were then able to create mirror accounts on their own devices in order to access the user’s chat histories and messages.
"We have over a dozen cases in which Telegram accounts have been compromised, through ways that sound like basic coordination with the cellphone company," Collin Anderson, an independent security researcher, told Reuters.
As for whether the breach was done in collusion with Iranian authorities, Anderson said that the hackers had the mark of a Persian-language group known as Rocket Kitten whose attacks have "a common pattern of spear phishing campaigns reflecting the interests and activities of the Iranian security apparatus.”
It also dovetails with the fact that Pavel Durov, Telegram’s founder, said last October that Iran’s Ministry of Information and Communications Technology demanded that the app provide the ministry "with spying and censorship tools." Durov did not cooperate.
Regardless of who they are, the hackers were able to access well over a dozen accounts in this way. And further, were able to leverage a programming interface to collect the names of 15 million Telegram users.
As for the latter issue, "Since Telegram is based on phone contacts, any party can potentially check whether a phone number is registered in the system,” a Telegram spokesperson said. “This is also true for any contact-based messaging app, such as WhatsApp and Messenger. Only publicly available data was collected, and the accounts themselves were not accessed."
However, the information could provide a map of the Iranian user base that the government could use in future attacks and spy investigations.
"A systematic de-anonymization and classification of people who employ encryption tools (of some sort, at least) for an entire nation" has never been exposed before, said Claudio Gianieri, a technologist for Amnesty International, speaking to Reuters.
Photo ™ Borna_Mirahmadian