Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 15 submissions in the queue.

Hackers Compromised Telegram Accounts, Identified 15 Million Users' Phone Numbers

posted by cmn32480 on Wednesday August 10 2016, @10:51AM   Printer-friendly
from the it-used-to-be-a-good-idea dept.

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

The accounts with Telegram, a secure messaging service based in Germany, were compromised by exploiting the fact that Telegram sends would-be users an SMS with authorization codes so that they can activate their devices.

The researchers believe the attackers have intercepted these text messages, and this allowed them to add new devices to the targets' account, and access everything in it.

This SMS interception has been performed either by compromising Iranian phone companies, or by colluding with them. The researchers believe that the latter theory is not far-fetched, as Rocket Kitten – the hacker group that they believe performed the attacks – is believed to be composed of Iranian hackers, possibly tied to the Iranian Revolutionary Guard Corps...

Rocket Kitten is known for targeting individuals, businesses and government organizations across the the Middle East, but also researchers (Iranian and European), Iranian citizens/activists, and Islamic and anti-Islamic preachers and groups, political parties and government officials.

The same group apparently also managed to misuse Telegram's API to identify 15 million Iranian phone numbers and user IDs tied with Telegram accounts earlier this year. This information can come in handy for orchestrating future attacks and help with investigations.

Source: https://www.helpnetsecurity.com/2016/08/03/compromised-telegram-accounts/

Original Submission

 
This discussion has been archived. No new comments can be posted.
Hackers Compromised Telegram Accounts, Identified 15 Million Users' Phone Numbers | Log In/Create an Account | Top | 8 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1, Insightful) by Anonymous Coward on Wednesday August 10 2016, @01:06PM

    by Anonymous Coward on Wednesday August 10 2016, @01:06PM (#386238)

    I'm so damn tired of all these "secure messaging" apps using your telephone number as your id. For one thing, that means you must have a telephone# and for another it means you are pretty much stuck using the same id to communicate with everyone which makes metadata analysis way too easy. We need a system that treats each line of communication as unique, including the logical endpoints.

    Starting Score:    0  points
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Total Score:   1  

  • (Score: 2) by GungnirSniper on Wednesday August 10 2016, @04:43PM

    by GungnirSniper (1671) on Wednesday August 10 2016, @04:43PM (#386315) Journal

    That's a strength of using it to the Marketing droids.

  • (Score: 2) by Capt. Obvious on Wednesday August 10 2016, @11:09PM

    by Capt. Obvious (6089) on Wednesday August 10 2016, @11:09PM (#386426)

    While that makes sense from a security point of view, a unique identifier (like telephone number) makes it far easier to find out if an acquaintance has a secure account, and to connect with them. While it makes the ideal case less secure, it means it is far more likely to be used. A computer without an Internet connection is a lot safer, but a lot less useful.