Telegram traffic was hijacked

Ddos August 2, 2018 2 minutes read

On July 30, the data of the encrypted chat program Telegram was hijacked by the Iranian state-owned telecommunications company. This action appeared to be a BGP hijacking, that is, an intermediary illegally controlled the IP address group, and the original data line was changed.

The July 30, 2018 attack was confirmed by multiple Internet tests such as Oracle Internet intelligence map and Cisco’s BGPMon. The following is the Oracle Internet Intelligence Map Twitter post:

https://twitter.com/InternetIntel/status/1023942714436538368

On the night of the BGP hijacking incident, the Iranian Minister of Information and Communication Technology confirmed the report on Twitter. He said: “in the event of an error, whether inadvertent or intentional, the Telecommunication Company of Iran will be severely penalized.”

بنابر گزارشهایی که تاکنون دریافت کردم، مخابرات ایران روز هشتم مردادماه از ساعت ۴ تا ۶ بامداد درگیر تغییر توپولوژی و تجمیع شبکه استانی خود در شیراز و بوشهر بوده است. در صورت تائید خطا، چه سهوی یا عمدی، مخابرات ایران جریمه سنگینی خواهد شد. سازمان تنظیم مقررات مامور رسیدگی شده است

— MJ Azari Jahromi (@azarijahromi) July 30, 2018

Alan Woodward, a professor at the University of Surrey, believes that once a government controls the entire network, BGP becomes vulnerable at the national network boundary. Woodward adds that organisations that have hijacked data in this way have not found useful technology to stop such attacks.

The current investigation into this matter is underway. Hijacking BGP is a common strategy used by cybercriminals to achieve economic ransomware, monitoring and censorship.

Woodward said “By diverting traffic like this, you can obviously then try to intercept it or you can simply block it. For example, if you know the destination of data you can simply redirect it at the border of your country. It’s an effective way of stopping people in the country from using the app.”

Via: cyberscoop