On July 30, the data of the encrypted chat program Telegram was hijacked by the Iranian state-owned telecommunications company. This action appeared to be a BGP hijacking, that is, an intermediary illegally controlled the IP address group, and the original data line was changed.
The July 30, 2018 attack was confirmed by multiple Internet tests such as Oracle Internet intelligence map and Cisco’s BGPMon. The following is the Oracle Internet Intelligence Map Twitter post:
At 06:28 UTC earlier today (30-Jul), an Iranian state telecom network briefly leaked over 100 prefixes. Most were Iranian networks, but the leak also included 10 prefixes of popular messaging app @telegram (8 were more-specifics). pic.twitter.com/MjN2itdpTS
— InternetIntelligence (@InternetIntel) July 30, 2018
On the night of the BGP hijacking incident, the Iranian Minister of Information and Communication Technology confirmed the report on Twitter. He said: “in the event of an error, whether inadvertent or intentional, the Telecommunication Company of Iran will be severely penalized.”
بنابر گزارشهایی که تاکنون دریافت کردم، مخابرات ایران روز هشتم مردادماه از ساعت ۴ تا ۶ بامداد درگیر تغییر توپولوژی و تجمیع شبکه استانی خود در شیراز و بوشهر بوده است. در صورت تائید خطا، چه سهوی یا عمدی، مخابرات ایران جریمه سنگینی خواهد شد. سازمان تنظیم مقررات مامور رسیدگی شده است
— MJ Azari Jahromi (@azarijahromi) July 30, 2018
Woodward said “By diverting traffic like this, you can obviously then try to intercept it or you can simply block it. For example, if you know the destination of data you can simply redirect it at the border of your country. It’s an effective way of stopping people in the country from using the app.”