(Image Credit: iStockPhoto/Rob Broek)
Two senior members of Russian opposition groups say their Telegram accounts were compromised, and they accuse telecom operator MTS and Russian state actors of involvement.
Georgy Alburov, a prominent member of the Anti-Corruption Foundation, and Oleg Kozlovsky, director of Moscow’s Vision of Tomorrow Center, report that attackers exploited Telegram’s SMS-based login feature to gain access to their accounts.
Both activists were alerted by Telegram when a new device was authorized using SMS verification. The intrusions took place on April 29 and originated from the same IP address, suggesting the incidents were part of a targeted operation against Russian opposition figures.
The activists contend the breaches were possible because of cooperation between the Russian authorities and MTS. In a Facebook post, Kozlovsky shared a timeline based on questions he put to MTS technical support:
-
2:25am – MTS security disables SMS delivery for my number.
-
2:40am – a request to authorize a new Telegram device is sent from IP address 162.247.72.27, which corresponds to a Tor exit node. Telegram attempts to deliver an SMS code to me, but the message does not arrive because SMS delivery for my number had been disabled.
-
3:08am – the attacker submits the authorization code and gains access to my account. Telegram generated an automatic notification that I would only see later in the morning.
-
3:12am – Georgy Alburov’s account is compromised in a similar way, from the same IP address and within the same Tor session.
-
4:55am – MTS re-enables SMS delivery for my number. MTS declined to explain why the service was disabled and reactivated, advising me to submit a written request for details.
Vladislav Zdolnikov, a technology specialist at the Anti-Corruption Foundation, outlined possible methods for how the SMS authorization codes could have been intercepted. He suggests two main possibilities: a cloned SIM card, or interception at MTS’s SMS gateway. The latter could be feasible if authorities accessed the gateway through SORM, the Russian System of Operative-Investigative Measures, which provides law enforcement direct technical access to telecommunications infrastructure.
SORM has existed since 1996 and was initially intended for telephone wiretaps. Over time it has expanded to cover a wide range of electronic communications; equipment installed inside Russian ISPs allows authorities to monitor traffic directly.
Revelations from whistleblowers and privacy advocates about extensive surveillance by Western agencies such as the NSA and GCHQ have made it plausible to assume state actors can access national telecom networks. In response to similar threats, Telegram founder Pavel Durov has urged users in high-risk countries to enable two-step verification (a password in addition to SMS) so that possession of an SMS code alone cannot be used to take over an account.
What are your thoughts on these Russian hacking allegations? Share your views in the comments.