(Image Credit: iStockPhoto/Rob Broek)
Two high-level members of Russian opposition activist groups have claimed their accounts on encrypted messaging service Telegram were hacked by telecoms provider MTS, with involvement from the Russian government.
Georgy Alburov, a leading member of the Anti-Corruption Foundation, and Oleg Kozlovsky, the director of the Vision of Tomorrow Center in Moscow, believe their accounts were accessed by exploiting the application’s SMS login feature.
The activists were first alerted to unauthorised access of their accounts by Telegram, who notified them a new device had accessed them using SMS authorisation. Both of the accounts were compromised on April 29th from the same IP which offers evidence that at least one party was targeting Russian opposition activists in particular.
However, the activists believe the Russian government hacked their accounts through collaborating with telecoms provider MTS. In a Facebook post, Kozlovsky provided a timeline of how the events unfolded after grilling technical support at MTS:
2:25am – the technical security department of MTS disables the text message delivery service for my number.
2:40am – someone uses a Unix console via the IP-address 126.96.36.199 (this is a Tor anonymizer exit node) to send Telegram a request to authorize a new device to work with my phone number. I was then sent a text message with the code, which was not delivered (since the service was disabled for me).
3:08am – the hacker enters the new authorization code and gains access to my account. Telegram sends me an automatic notification of this (which I will only see in the morning).
3:12am – Zhora Alburov’s account is hacked in a similar fashion from the same IP-address (and through the same Tor session).
4:55am – the MTS technical security department reactivates the text-message delivery service for my number. MTS refused to name the cause of disabling and reactivating the service to me, and suggested I send a written request for information.
Zdolnikov Vladislav, a technology expert with the Anti-Corruption Foundation, provided his thoughts on how the SMS message with the authorisation code may have been intercepted. Vladislav believes the message was either intercepted using a clone of the SIM card, or directly at MTS’ SMS gateway which the authorities have access to using a technical surveillance initiative known as SORM (System of Operative-Investigative Measures)
SORM has been in-place since 1996, when it was originally designed to enable wiretaps of telephone communications. The system has since evolved to access a much broader and modern range of electronic communications – including direct access to Russian ISPs through installation of black boxes in their networks.
After the revelations from Edward Snowden and other privacy activists surrounding the extent of Western surveillance agencies’ operations – such as that of the NSA and GCHQ – few would be surprised if they also have access to national telecommunications networks. Telegram founder, Pavel Durov, called on users in “troubled countries” to enable two-step verification so that SMS alone cannot be used to access your account.
What are your thoughts on the Russian hacking allegations? Let us know in the comments.