Iranian hackers: Are they targeting opponents of Tehran?
Iranian hackers with suspected ties to听the regime the messenger app Telegram to monitor activists, journalists, and others dissidents, according to cybersecurity researchers.
With the help of an Iranian phone company,听the hackers broke into more than a dozen Iranians' Telegram accounts by intercepting text messages that contained activation codes to link the accounts to new devices, Claudio Guarnieri, an Amnesty International technologist, and Collin Anderson, an independent cybersecurity researcher, told Reuters.
Mr. Guarnieri and Mr. Anderson said the hackers belonged to 鈥淩ocket Kitten,鈥 an infamous group that several cybersecurity firms have previously shown carried out for Tehran.
The Telegram breach shows that unlike the US, Britain, France, and Israel, who have targeted the Telegram accounts of Islamic State (IS) propagandists, Tehran has prioritized going after the accounts of activists听to quell dissension. 听
鈥淎 majority of what the regime calls counterterrorism activity is not focused on what you imagine 鈥 managing threats posed by terrorist groups like the Islamic State,鈥 Michael Smith II, chief operating officer of Kronos Advisory, a defense consulting firm, told 海角大神 on Monday. 鈥淔oremost among the regime鈥檚 concerns is the preservation of its authority. So 鈥榗ounterterrorism鈥 often refers to managing internal anti-regime activism.鈥
More popular than TV
Telegram is an encrypted messenger service that developers tout as highly secure (though some experts have said it doesn鈥檛 live up to this advertisement). Telegram鈥檚 end-to-end encryption is intended to restrict a message so only the sender and receiver can read it.听
With 100 million active subscribers worldwide, Telegram is popular among businesses and even terrorists, including the Islamic State (IS). The app has also attracted a sizeable audience in Iran.
In Iran, both Facebook and Twitter are banned. But Tehran doesn鈥檛 censor or restrict Telegram, which has 20 million users throughout the country. One Iranian telecommunications executive reportedly said the number of Iranians that use Telegram those that watch state television, according to Al Jazeera. Many of these Iranians subscribe to channels on the app to receive and share information, sometimes from sources that would be censored otherwise. It鈥檚 easy to see how Iranian hardliners might worry about these channels and users.
鈥淏ecause it came to power through revolution, survival is , and counterrevolution its ultimate nightmare,鈥 writes Michael Eisenstadt, director of the Military and Security Studies Program at The Washington Institute for Near East Policy. 鈥淭hus, for Tehran, cyber represents both an existential threat and an exceptional opportunity. Tehran believes that cyber enables its domestic opponents to organize, and its foreign enemies to undermine the regime through soft warfare.鈥
Rocket Kitten听
The Iranian hackers, said cybersecurity researchers Anderson and Guarnieri, exploited a security flaw in Telegram to monitor the communications of activists, journalists, and Iranian reformists.
"We have over a dozen cases in which Telegram accounts have been compromised, through ways that sound like basically coordination with the cellphone company," Anderson told Reuters.
He and Guarnieri said the hackers also identified the phone numbers of 15 million Iranian users by searching for phone numbers registered through Telegram.
Telegram did not respond to a Monitor inquiry by press time. In a statement August 2, following the publication of the Reuters article, Telegram Anderson and Guarnieri鈥檚 claims. It said it has frequently warned users in certain countries about the danger of a text message carrying an activation code being intercepted.听Telegram, instead, recommends users require two-step verification, in which they would receive two activation codes via SMS. In the statement, Telegram added that 15 million accounts would have been identified through publicly available data. Telegram said it removed the feature to perform a mass search of numbers.
Though Guarnieri and Anderson declined to comment on whether the hackers were employed by Tehran, numerous other cybersecurity research firms have linked Rocket Kitten to Iranian authorities.
Rocket Kitten is a moniker of a group that has carried out spear phishing email scams fraud campaigns听and malware attacks in the interest of Tehran. Countries targeted included Saudi Arabia, Israel, Yemen, and the US, and victims include defense officials, and embassies, as well as Iranian activists, journalists, and academics, according to Check Point, an American-Israeli cybersecurity firm.
Building upon previous research, Check Point showed last year . In addition to Persian names and words in campaigns and malicious software that Check Point reviewed, the firm discovered one of the software programmers, Yaser Balaghi, said in his resume that he created spear phishing systems for the government. 听听
Activists and the Islamic State听
Experts have warned about Telegram鈥檚 security flaws in the past, and dissidents in other countries have also experienced account breaches. Two Russians who oppose the Kremlin said the country鈥檚 largest mobile operator, MTS, to break into their Telegram accounts. The activists, Oleg Kozlovsky and Georgy Alburov, told The Moscow Times in May that their accounts were compromised when verification codes sent to their phones were intercepted.
Since IS has been known to use Telegram for propaganda, coordinating terrorist plots, and recruitment, American, Israelis, the British, and the French have all tried to gain access to different IS Telegram accounts and channels. Last week, Intsight, an Israeli cybersecurity firm, said it an IS forum on Telegram through 鈥減roprietary technology,鈥 where it found plans to attack hundreds of US military bases.
Iran is high on IS鈥檚 hit list, as well. Tehran has supported the Assad regime in Syria, and shares borders with Iraq and Afghanistan. When asked if Iranian hackers might have tried to access IS communications, Mr. Eisenstadt of the Washington Institute said Tehran is much more worried about a counterrevolution.
鈥淸Iranian authorities] will use every means at their disposal in order to discover potential subversive or anti-regime elements, whether they are liberal, middle-class Iranians who oppose the regime on political grounds, Salafi jihadists, or Kurdish separatists.鈥
听"The opposition threat is not the only threat,鈥 he says. 鈥淏ut it is a significant threat.鈥澨
