A few days ago, information was spread that attempts were being made to hack into the Telegram accounts of opposition figures (the names are not published). Then more interesting details appeared: These are at least three Telegram accounts that have been stolen. And then they spread links that were supposed to take victims to websites, infecting them with Predator spyware.
This one paragraph contains a wealth of interesting information, so let’s turn it over and understand what is important today.
- How do they hack into Telegram?
There is basically one common and easy (for power structures) form. The attacker’s SIM card is cloned. (The original in such a case is deactivated). Then the attacker puts the victim’s number on his phone, activates Telegram, receives the activation code via SMS, and voila, the victim’s account is connected to their phone. We know of cases when the activation SMS was extorted in another way in Armenia, even without deactivating the victim’s number.
Other messengers like WhatsApp, Facebook Messenger, Signal, Viber, etc. can be hacked in the same way. Although, the etceteras are not so important anymore, as these alone already include the main active messengers in Armenia.
b․ Why break into Messenger if it is often not possible to read the previous correspondence?
The very latest case shows that there can be indirect problems. For example, the victim of an attack could be an intermediary through whom other people could be infected with spyware.
That is, someone’s account is hacked, then an infected link is sent on their behalf to the people who need to be followed. And the targets, receiving the link from a close and reliable acquaintance, will most likely follow the link.
c․ It is also important to understand what spyware they are.
Let me remind you that a few months ago there was talk about dozens of infections in Armenia through the famous Pegasus program. However, in this case, there was no clear client. There was a possibility that the infections were coming from neighboring Azerbaijan or Turkey (in the case of Pegasus, most likely, it was about several waves of infections, with different customers).
But now we are talking about the Predator spyware program. In this case, we have the first evidence that the buyer and user is the Armenian government.
d․ What can be done to prevent such an attack?
This is important not only for politicians but also for journalists, activists, and human rights activists. It is necessary to activate two-stage protection in messengers.
It is very easy to do in Telegram. You need to enter the settings, then select the security section, and from there 2-factor authentication and activate the password. After that, even if someone extorts the activation code via SMS, they will not be able to install your Telegram account on their device without a password.
The same goes for other messengers. In the case of Facebook Messenger, it is a common Facebook account. Unfortunately, Viber has a less responsible manufacturer that still does not provide two-stage activation, which means that this messenger is not secure.
Although the manufacturer has promised to finally turn on the two-phase in the coming weeks, until then, Viber is worth using only to send water meter data.
The views expressed in the column are those of the author's and do not necessarily reflect the views of Media.am.