A new wave of cyber attacks aimed at hacking the Gmail and Facebook accounts of Iranian political activists and journalists has begun. Amir Rashidi from the International Human Rights Campaign says these attacks are targeted and state-sponsored.
On Sunday night, August 21 (31 Mordad), someone contacted a political activist residing in Paris through Facebook chat and introduced himself as one of his former students. This person sent stickers, which he apparently designed himself, to the political activist. By clicking on these stickers, the activist actually granted the unknown person access to his Facebook account.
An hour later, several Iranian journalists working for Deutsche Welle, BBC, and Radio Farda apparently received Facebook chat invitations from the same political activist, unaware that his Facebook account had been hacked and that the person chatting with them was actually a hacker.
The hacker told one of these journalists that he had some news for him and sent him a fake file. He then tried to obtain the journalist’s email address and mobile phone number to send him a password, but the journalist became suspicious midway and ended the chat.
However, another journalist who fell victim to this hacker lost access to his Gmail account for several hours and was attacked.
Amir Rashidi, an internet researcher at the International Human Rights Campaign, says that based on investigations conducted by the campaign, it has been determined that this hacker or hackers are state-affiliated and were targeting specific individuals.
When asked how one can confidently claim that these hackers are state-affiliated, he told Deutsche Welle: “When an ordinary hacker hacks you, they want to steal your credit card information or your bank details or something else. State-sponsored hackers generally have no interest in stealing your money or accessing your financial information. State-sponsored hackers are primarily interested in eavesdropping on people’s conversations and, through the individuals they hack, conducting attacks on a broader network.”
Mr. Rashidi also emphasizes that by examining the content of the chats that these hackers had with their victims, it has become clear that they speak Persian very well and in current usage, and in most cases introduce themselves as old friends or acquaintances of the victim.
Hacking Mobile Phones Through Fake Applications
Last week, the International Human Rights Campaign also reported a new method for hacking the accounts of political and social activists. According to the report released on August 23 (Mordad), “Hackers contact their victims using phone numbers registered in the United Kingdom. In this method, the attacker introduces himself as an old friend of the victim, and when the victim cannot identify the person, the attacker asks him to install the video chat application IMO on the pretext that video communication will help him remember who he is. The attacker sends a fake file named imo.APK to the victim and asks him to use the sent file to speed up the installation process rather than downloading the original file from the software producer’s official download centers.”
Amir Rashidi told Deutsche Welle that over the past several years, the main methods used by Iranian state-sponsored hackers to attack political activists, journalists, and civil society members have been phishing and sending malware targeting Windows operating systems.
However, in recent weeks, experts at the International Human Rights Campaign have discovered that Iranian state-sponsored hackers are now attempting to hack people’s mobile phones. Mr. Rashidi says: “In the samples we found, we discovered that they embed two types of surveillance and spying tools in files of applications designed for Android, and if users install these applications on their phones, all the information inside the phone falls into the hands of the hacker.”
For example, if the IMO application is used for hacking, the hacker can read all of the victim’s SMS messages, eavesdrop on their phone calls, and in some cases can even eavesdrop on Skype or WhatsApp conversations.
For this reason, Mr. Rashidi emphasizes that users must be very careful about which applications they download and from which sources.
This internet researcher also recommends: “Users must be very careful not to open every link. When opening links, they should pay attention to the address in their browser. For example, a link sent from Google must definitely have google.com in it; if it’s anything other than that, it doesn’t belong to Gmail. And they must be very careful about the files they receive—who is sending them and in what manner. If necessary, they should even call the sender to verify the authenticity of the file. If they do just these few small things, they will see how much it can affect their security.”
Source: DW
