One of the biggest concerns of civil activists and the general Iranian user community over the past two years has become the tapping of text messages by state intelligence and security organizations. The concern is well-founded: many online services such as Telegram, Facebook, and Gmail send access codes as an SMS to authenticate their users and if hackers gain access to these codes, they can easily access the accounts.
In this method, hackers who have the phone numbers of their victims go to the login page of the Telegram app, choose “Send code via SMS,” tap the user’s text messages, intercept the five-digit number the company sends to the user’s mobile phone via SMS, and enter the user’s account.
Dozens of such attacks on the Gmail, Telegram, Facebook and Instagram accounts of journalists and political activists in Iran have been reported to CHRI by the victims. CHRI’s research indicates that the targets of state hacking are chosen due to their political activities, as there is no evidence of any non-political citizens among the victims of this hacking method.
This form of cyberattack is only possible with the cooperation of companies who provide phone services and Iran’s Telecommunications Company. It is not possible for anyone except those who have access to these companies and their infrastructure to carry out these attacks. As such, one can conclude these are state-sponsored cyberattacks.