Telegram, the ultra-secure messaging service, has been attacked by Iranian hackers, Reuters reported Tuesday. Researchers found that more than a dozen accounts were compromised by hackers, and the phone numbers of 15 million registered Telegram users were identified, the report said.
Telegram prides itself on its end-to-end encryption for messages, meaning that only the sender and recipient can read them. Users can also create groups on Telegram with up to 5,000 users, or broadcast their messages to an unlimited number of users. In a country like Iran, where the regime controls the media, Telegram offers one of the few means for safely sharing news and ideas.
Understandably, news of the hack had Telegram users worried.
“We have over a dozen cases in which Telegram accounts have been compromised, through ways that sound like basically coordination with the cellphone company,” said independent cyber researcher Collin Anderson, who along with Amnesty International technologist Claudio Guarnieri has been researching Iranian hacking for the past three years.
The hacked accounts belonged to activists and opponents of the government, which puts them at risk of detention. “We see instances in which people… are targeted prior to their arrest,” Anderson was quoted as saying.
The weakness, exploited by the hackers, was the SMS verification message sent to users to confirm their Telegram account. It was possible for hackers to intercept those messages, sent via government-controlled cellphone providers.
In response, Telegram wrote on its blog, “Last year we introduced 2-Step Verification specifically to defend users in such situations.”
Telegram also offered this advice to users: “If you have reasons to think that your mobile carrier is intercepting your SMS codes, use 2-Step Verification to protect your account with a password. If you do that, there’s nothing an attacker can do.”
According to the researchers, the attacks on Telegram security were carried out by a group called Rocket Kitten. A year ago Check Point Software Technologies said that Rocket Kitten had possible ties to the government-controlled Iranian Revolutionary Guard Corps.
More than a quarter of Iranians have Telegram, in a country where YouTube, Facebook, Twitter, and Google Plus are all banned.
Recently the government demanded that Telegram, WhatsApp and other social networks store all messages on servers within Iran, potentially weakening their security.
“Foreign social media active in the country must transfer to Iran all the data they hold on Iranian citizens” within a year, IRNA said.
Unlike other messaging services, Telegram is cloud-based, which means that no information is stored on the phone itself. This allows users to control who sees the messages, and prevent recipients from saving or forwarding them. Users can also send messages that “self-destruct” after a predefined amount of time.
Telegram was launched in 2013 by the Russian Durov brothers, programmer Nikolai and entrepreneur Pavel.
Social media played an important role in 2010’s Arab Spring, allowing activists to coordinate their protests and send messages to their supporters.
More recently, Telegram has been used by Islamic State for recruitment and communication.
Telegram was used by Adel Kermiche and Abdel-Malik Petitjean, the two jihadi terrorists who carried out last week’s murder of a Catholic priest in Saint-Etienne-du-Rouvray in France, who met only days prior to the attack via the app.
In April two Russian opposition activists, Georgy Alburov and Oleg Kozlovsky, claimed that their Telegram accounts had been hacked.