Iranian Hackers Attack Iranian Government Portals & Banks

The IRGC Organized Cyber Crime Investigation Center have reported that over 3,000 Iranian websites have been hacked by a group called the Mafia Hacking Team.

According to Tasnim news, IRGC Organized Cyber Crime Investigation Center spokesman Mostafa Alizadeh stated that, “The person who recently hacked state bodies’ websites managed to access banks’ data bases, including 3,000 pay slips… the person who introduced themselves as ‘Mafia Hacking Team’ in cyberspace and hacked websites of state bodies had identified well-known sites more than a year ago”

Alizadeh also added that, “This hacker tried to make these bodies realize that the security hole that exists in their portals but they did not pay any attention to this”. In other words, Iran has been caught with her cyber-underwear exposed and is very red faced!

Mostafa Alizadeh stated that the attacker had also hacked various bank information, but did not publish the information (including 3,000 payslips) as the attacker “did not have criminal intentions”, according to Alizadeh.
So it seems that Mafia Hacking Team are not black hat hackers but perhaps gray hat hackers?

The IRGC said that of the 3,000 websites attacked, 38 were Government sites, including the National Organization for Civil Registration (reported by the Iranian Young Journalists Club), Roads and Urban Development, Customs, Industries and Mines organizations. In addition, 370 University sites were also attacked.

Alizadeh was at least honest enough to admit that those “organizations do not use firewalls and lack enough experts for updating their security means”. Not the best cyber security policy perhaps…


Iranian Hackers Find Security Bug in Telegram

The Iranian Young Journalists Club (YJC) report that the popular messaging application Telegram has a security hole which has been exposed by Iranian white-hat hackers (ethical hackers). The vulnerability could cause smartphones to crash.

Telegram’s security claims challenge anyone to try and undermine its security. Two Iranian hackers have discovered a security hole in Telegram, in which it is possible to send files much larger that the existing permitted limit (set at 4,096 bytes).

The Iranian hackers uploaded a video to prove their exploit. In the video, they say that there are two responses from a recipient’s phone when Telegram messages larger than 4,096 bytes are sent. Firstly, the recipient’s internet bandwidth is accordingly reduced in relation to the size of the message until it finishes and secondly, the receiving device runs out of memory and then the application crashes the smartphone.

The hackers stated that the sender does not need to be in your contacts so you may never know the true attacker if they are using an additional SIM card, for example.

Telegram is very popular with over 25 million users in Iran and its popularity is mainly due to many rival applications being subject to Iran’s filtering restrictions.
Also, Iranians like Telegram because of the ability to create private or public “channels” and broadcast ideas through those.

However, can you really trust the encryption that Telegram uses, compared to applications like WhatsApp which use Signal standard end-to-end encryption? This article shows that maybe Iranians should think twice about using Telegram…