Iranian hackers have seemingly managed to hijack over a dozen Telegram accounts, while also trawling the secure messaging service and collecting up to 15 million phone numbers and user IDs belonging to Iranian users.
Cyber researchers, together with Amnesty International have been studying Iranian hacking groups for three years, and they believe that the earlier this year journalists, activists and other critics of the Iranian regime were targeted.
The attacks, perpetrated by a hacking group known as, and this is real, Rocket Kitten, essentially exploited the SMS code that Telegram sends when a user wants to register a new device. Seemingly working together with the phone company, the hackers were able to hijack that code and add their own devices to the service, while getting access to a user’s history and account. Amnesty says there’s evidence that some users were targeted on Telegram before being arrested, though the researchers did no go as far as saying that the hackers are government agents.
The really worrying aspect is the large number of IDs and phone numbers that were seemingly taken from Telegram. For a service that prides itself on secure end-to-end encryption, this breach and possible subsequent de-anonymization of its users is a big issue. Telegram has fought such attempts to use its data in the past, but this looks to be the biggest known breach of the messaging system.
The researchers will unveil all of their findings at the Black Hat conference in Las Vegas this Thursday.