User ID leak: Iran using coronavirus crisis to spy on ordinary Iranians

As the world rightly focuses on addressing the coronavirus pandemic, a lesser discussed issue is how the Iranian regime is taking advantage of the status quo in many different ways. And with China’s support.

42 million Iranian “Telegram” user IDs and phone numbers leaked online, according to a recent report. Iran’s regime has a history of using apps to place the general public, especially activists and dissidents, under a watchful eye.

The incident follows a similar case in 2016 when Reuters reported 15 million Telegram user IDs, phone numbers, and one-time verification codes were identified by Iranian hackers, resulting in more than a dozen compromised accounts.

The information contained in this recently exposed database poses a clear risk to users. Not only does it reveal who in Iran uses Telegram (or a Telegram fork), it also opens them up to attack.

SIM swap attacks are one example. A SIM-swap attack occurs when the attacker convinces a phone carrier to move a phone number to a new SIM card, allowing them to send and receive the victim’s SMS messages and phone calls. The attacker could then receive their one-time access verification codes, granting full access to app accounts and messages.

Affected users could also be at risk of targeted phishing or scams using the phone numbers in the database.

IRGC role

Just recently Google Play removed an Android app developed by Iran’s regime—supposedly launched “to test and keep track of COVID-19 (coronavirus) infections”—while users accuse the regime of collecting phone numbers and real-time geo-location data.

Once installed, the app asks for access to real-time geo-location details, which it would immediately upload to a remote server. Furthermore, it was soon discovered that the app had been developed by a company that has previously built other apps for the Iranian regime.

Smart Land Strategy, linked to Iran’s Revolutionary Guards (IRGC), previously built Telegram Gold and HotGram, both removed from Play Store for secretly collecting user data and reports of the apps being developed at the behest of Iran’s intelligence agencies, according to a report.

“… the Iranian government could be using the current COVID-19 pandemic as a ruse to trick millions of Iranians into installing the app, collect their device and location details, and then install malware on their devices through a subsequent update,” the report warns.

Malign past & China’s support

Back in February 2018, the Iranian opposition coalition National Council of Resistance of Iran (NCRI) held a press conference in Washington warning, “… the regime has created close to 100 spyware apps, including Mobogram, Telegram Farsi, Hotgram, Wispi, and Telegram Talayi, that resemble popular apps and spy on the unwitting Iranians who download them by mistake.”

NCRI press conference in Washington, DC
Alireza Jafarzadeh, Deputy Director of the Washington office of the dissident National Council of Resistance of Iran (NCRI), speaking to reporters at a Feb. 15, 2018 news conference on “cyberwarfare” being waged by Iran’s government. (Photo courtesy of NCRI)

Iran’s regime is now taking advantage of the coronavirus crisis to launch an app aimed at spying on ordinary Iranians further indicates the mullahs are lying about the numbers of COVID-19 deaths and cases and are only concerned about maintaining their establishment in power.

Back in March 2012, a Chinese telecommunications equipment company sold Iran’s largest telecom firm a powerful surveillance system capable of monitoring landline, mobile and internet communications, according to Reuters citing interviews and contract documents show.

“The system was part of a 98.6 million euro ($130.6 million at the time) contract for networking equipment supplied by Shenzhen, China-based ZTE Corp to the Telecommunication Co of Iran (TCI), according to the documents. Government-controlled TCI has a near monopoly on Iran’s landline telephone services and much of Iran’s internet traffic is required to flow through its network.

“Human rights groups say they have documented numerous cases in which the Iranian government tracked down and arrested critics by monitoring their telephone calls or internet activities. Iran this month set up a Supreme Council of Cyberspace, headed by President Mahmoud Ahmadinejad, who said it would protect ‘against internet evils,’ according to Iranian state television.”

Months later, the FBI launched an investigation into allegations that a top Chinese maker of phone equipment supplied Iran with U.S.-made hardware and software, including a powerful surveillance system, in violation of federal laws and a trade embargo, according to the Wired citing a report by The Smoking Gun.

Investigators, who began their probe earlier in 2012, also found evidence that the company planned to obstruct a Department of Commerce inquiry into the contract behind the sales.

Apologists/lobbyists to the rescue

Chief Iran apologist/lobbyist Trita Parsi was quick to push Iranian Foreign Minister Mohammad Javad Zarif’s talking points about U.S. sanctions after Google took actions against Iran’s spying app.

Negar Mortazavi, another known Iranian apologist/lobbyists, claimed this could “help people self-diagnose the coronavirus.” Self-diagnosing is scientifically impossible. But that is not important for Mortazavi.

Why? Because as an Iran apologist/lobbyist with close ties to Zarif, her sole focus is to push Tehran’s talking points. Even the article cited by Mortazavi in her tweet reads:

“But that app was booted from Google’s Play Store recently, reports ZDNet.”

Why? Because of “misleading claims,” according to the report, that it could detect COVID-19 infections, something that is impossible through an app.

Another important reminder: Iran’s regime uses indigenous apps to gain information about Iranian dissidents. Even despite the ongoing coronavirus, security and maintaining their grip on power is the regime’s number one priority.

One thought on “User ID leak: Iran using coronavirus crisis to spy on ordinary Iranians

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s