How to hack telegram account kali linux
Exclusive: Hackers accessed Telegram messaging accounts in Iran - researchers
By Joseph Menn, Yeganeh Torbati
7 Min Read
SAN FRANCISCO/WASHINGTON (Reuters) - Iranian hackers have compromised more than a dozen accounts on the Telegram instant messaging service and identified the phone numbers of 15 million Iranian users, the largest known breach of the encrypted communications system, cyber researchers told Reuters.
Amir Rashidi, an Internet security researcher who has worked with Telegram users who were victims of hacking, works at the offices of International Campaign for Human Rights in Iran, in the Brooklyn borough of New York, U.S., July 27, 2016. REUTERS/Brendan McDermid
The attacks, which took place this year and have not been previously reported, jeopardized the communications of activists, journalists and other people in sensitive positions in Iran, where Telegram is used by some 20 million people, said independent cyber researcher Collin Anderson and Amnesty International technologist Claudio Guarnieri, who have been studying Iranian hacking groups for three years.
MORE REUTERS TOP STORIES:
Didi's China dominance over Uber offers roadmap for ride-hailing rivals
Commentary: The real reason Washington calls Putin a thug
First Republican lawmaker breaks with party, backs Democrat Clinton
Telegram promotes itself as an ultra secure instant messaging system because all data is encrypted from start to finish, known in the industry as end-to-end encryption. A number of other messaging services, including Facebook Inc's FB.O WhatsApp, say they have similar capabilities.
Headquartered in Berlin, Telegram says it has 100 million active subscribers and is widely used in the Middle East, including by the Islamic State militant group, as well as in Central and Southeast Asia, and Latin America.
Telegram’s vulnerability, according to Anderson and Guarnieri, lies in its use of SMS text messages to activate new devices. When users want to log on to Telegram from a new phone, the company sends them authorization codes via SMS, which can be intercepted by the phone company and shared with the hackers, the researchers said.
Armed with the codes, the hackers can add new devices to a person’s Telegram account, enabling them to read chat histories as well as new messages.
“We have over a dozen cases in which Telegram accounts have been compromised, through ways that sound like basically coordination with the cellphone company,” Anderson said in an interview.
Slideshow ( 4 images )Telegram’s reliance on SMS verification makes it vulnerable in any country where cellphone companies are owned or heavily influenced by the government, the researchers said.
A spokesman for Telegram said customers can defend against such attacks by not just relying on SMS verification. Telegram allows - though it does not require - customers to create passwords, which can be reset with so-called “recovery” emails.
“If you have a strong Telegram password and your recovery email is secure, there’s nothing an attacker can do,” said Markus Ra, the spokesman.
Iranian officials were not available to comment.
Iran has in the past denied government links to hacking.
ROCKET KITTEN
The Telegram hackers, the researchers said, belonged to a group known as Rocket Kitten, which used Persian-language references in their code and carried out “a common pattern of spearphishing campaigns reflecting the interests and activities of the Iranian security apparatus.”
Anderson and Guarnieri declined to comment on whether the hackers were employed by the Iranian government. Other cyber experts have said Rocket Kitten’s attacks were similar to ones attributed to Iran’s powerful Revolutionary Guards.
The researchers said the Telegram victims included political activists involved in reformist movements and opposition organizations. They declined to name the targets, citing concerns for their safety.
“We see instances in which people ... are targeted prior to their arrest,” Anderson said. “We see a continuous alignment across these actions.”
The researchers said they also found evidence that the hackers took advantage of a programing interface built into Telegram to identify at least 15 million Iranian phone numbers with Telegram accounts registered to them, as well as the associated user IDs.
That information could provide a map of the Iranian user base that could be useful for future attacks and investigations, they said.
“A systematic de-anonymization and classification of people who employ encryption tools (of some sort, at least) for an entire nation” has never been exposed before, Guarnieri said.
Ra said Telegram has blocked similar “mapping” attempts in the past and was trying to improve its detection and blocking strategies.
Cyber experts say Iranian hackers have become increasingly sophisticated, able to adapt to evolving social media habits. Rocket Kitten’s targets included members of the Saudi royal family, Israeli nuclear scientists, NATO officials and Iranian dissidents, U.S.-Israeli security firm Check Point said last November.
POPULAR IN THE MIDDLE EAST
Telegram was founded in 2013 by Pavel Durov, known for starting VKontakte, Russia’s version of Facebook, before fleeing the country under pressure from the government.
While Facebook and Twitter are banned in Iran, Telegram is widely used by groups across the political spectrum.
They shared content on Telegram “channels” and urged followers to vote ahead of Iran’s parliamentary elections in February 2016.
Last October, Durov wrote in a post on Twitter that Iranian authorities had demanded the company provide them with “spying and censorship tools.” He said Telegram ignored the request and was blocked for two hours on Oct. 20, 2015.
Ra said the company has not changed its stance on censorship and does not maintain any servers in Iran.
After complaints from Iranian activists, Durov wrote on Twitter in April that people in “troubled countries” should set passwords for added security.
Amir Rashidi, an internet security researcher at the New York-based International Campaign for Human Rights in Iran, has worked with Iranian hacking victims. He said he knew of Telegram users who were spied on even after they had set passwords.
Ra said that in those cases the recovery email had likely been hacked.
Anderson and Guarnieri will present their findings at the Black Hat security conference in Las Vegas on Thursday.
Their complete research is set to be published by the Carnegie Endowment for International Peace, a Washington-based think tank, later this year.
Reporting by Joseph Menn in San Francisco and Yeganeh Torbati in Washington; Additional reporting by Michelle Nichols at the United Nations and Parisa Hafezi in Ankara; Editing by Jonathan Weber and Tiffany Wu
How to hack a Telegram account?
by Nanah
Share as much as possible! :)
5/5 - (3 votes)
At the moment, of the other accounts on social networks, Telegram is one of the networks targeted by the hack. This is valid for accounts that have a lot of subscribers. Moreover, these accounts have recently been the victim of hackers, find out how to hack a Telegram account.
To protect your account or spy on someone else's account, I recommend:
- mspy
Table of Contents
How to know if Telegram accounts are hacked?
Through phishing, you can detect if your account is hacked.
So the user receives a message from a Telegram account with a pseudonym that looks like an official name. The TelegramAdmin, the latter indicates suspicious activity from your account and that the user must confirm his account or he will be blocked. Thereafter, a link is provided to confirm the account. Also, the website looks like a real Telegram login page. Thus, the hacker asks the user to enter his phone number, a confirmation code. And if, authentication is enabled, the password will be generated.
However, if it is a forgotten password, hackers ask the user to continue with the normal password recovery process. Thus, he will click on the link, receive a recovery code from the real Telegram page in order to deliver the code to the fake Telegram page. When the account owner has entered all this information, the crooks have everything they need in order to gain access to the account. He can then link it to another phone number. As a result, they have access to the account and its channels.
How to protect your account?
In order to avoid all forms of piracy, you must protect your account. Here's what you need to do:
- For example, you can enable two-factor authentication for your account. Thanks to this, your account will be more secure;
- You should also beware of messages from unknown accounts, also beware of suspicious links. For your information, Telegram administrator accounts have verification badges on account information. So, if you receive a message from "Telegram" without a badge, it's a scam. Moreover, the latter marks the message as spam, it is a more revealing sign;
- If you also enter your personal information on the internet, make sure that the connection is secure. Take a close look at the page's domain name in the address bar;
- Finally, you can also install a security solution capable of combating phishing on each device that allows it.
It is possible to hack a Telegram account, however, it is completely prohibited by law.
Tool that allows you to monitor a Telegram Account:
For parents, couples or people who are close, and you want to be able to monitor and spy on the Telegram account and everything your child, spouse, boyfriend or other does
There is currently only one tool that I advise you to test
- View someone's private messages on Telegram
It's a tool that's perfect for seeing someone's messages without them knowing, so go try it out!
For those who have lost their account and want to recover it, you should know that the tool just above allows you to do everything remotely on your phone, so even for yourself I recommend that you install it on your phone ( I myself have it in case someone steals my phone or my Telegram account!)
Another page on our site to help you on your social networks:
- How to hack a TikTok account?
- How to hack an Instagram account?
- How to hack a Facebook account?
- How to hack a Telegram account?
- How to hack a WhatsApp account?
- How to hack a Twitter account?
- How to hack a Messenger account?
- How to hack an Onlyfan account?
- How to hack a SnapChat account?
- How to hack a Youtube account?
- How to hack a Pinterest account?
- How to hack a Line account?
The best hacking course with Kali Linux in Russian
If you need to access a server, fix someone else's network, or play around with someone's website, Kali Linux is here to help.
In this article we will consider an excellent video course on hacking sites, SQL injections and other interesting things that are most convenient to implement with Kali Linux.
The first part of the course covers installing a Kali Linux distribution on a VMWare virtual machine with all the built-in tools. For training, the OWASP Broken Web Application virtual machine will be used, in which there are sites with vulnerabilities: we will torment them. We will also update the operating system.
https://www.youtube.com/watch?v=rMnYTZFRAqQ
We recommend watching a video on installing Kali Linux from a flash drive:
https://www.youtube.com/watch?v=IIlh-iPn160
And of course, install Kali Linux on this very flash drive, while saving all user data:
https://www.youtube.com/watch?v=LMla679bTOY&t=29s
:
https://www.youtube.com/watch?v=3YxMZ8pCPsY
In the next video, the author talks about the site's XSS vulnerability, through which a remote computer will be hacked.
XSS is a very old but still working hacking technology. If you have your own site, check if it executes user scripts if you enter them, for example, in the comment field? A lot of resources were hacked through this gap using the Beef tool...
https://www.youtube.com/watch?v=3v4bKlVkB40
0004
https://www.youtube.com/watch?v=CFbOwP3D2eI
This is the second part of the cross-site scripting tutorial. In the video, the author shows how to execute a scripted Reflected attack on a user through a site with a security breach. Using the Burp Suite tool, we get the hash of the link that opens the script and plant our terrible hook on an unsuspecting user. When the user opens the landing page, their computer will be in our hands.
https://www.youtube.com/watch?v=HAxPiuqSW2Q
Another useful hacking tutorial using the Burp Suite, but without having to use paid tools:
https://www.youtube.com/watch?v=juUv3Z4d2vw
browser to protect "cookies" from an attacker.
We will steal cookies from the Chrome browser of the user who was hacked in the last lesson. We still use the Beef feature-packed tool and JS scripts to introduce ourselves to the site under the name of our test user.
https://www.youtube.com/watch?v=MfbiSfS10jQ
Another way to steal cookies using Kali Linux:
https://www.youtube.com/watch?v=rhOMonKhmRM
B In this video, the author will show how using the built-in Aircrack-ng tool in Kali Linux, you can access a secure router. It will look at how to create a flash drive from a Live CD with Linux for those cases when your computer does not have a wireless adapter or it is not supported by Aircrack-ng. The router on which the MAC filter is enabled will be hacked, WPA2 encryption + the network name will be hidden.
https://www.youtube.com/watch?v=TUcMbbG-XH8
We also picked up a video that doesn't cut off. The author explains possible vulnerabilities and how to exploit them as clearly as possible.
You will learn why a Wi-Fi network cannot be 100% secure.
https://www.youtube.com/watch?v=P-coZnvM8g0
In the first part of this lesson, we will figure out how to "slip" the login and password to the target server if we do not know this. This common type of attack involves deceiving the SQL database through the substitution of passed parameters. This may require additional knowledge of web server responses and understanding of basic things in MySQL.
https://www.youtube.com/watch?v=xD5de1vRXWw
We continue to study the process of hacking a site through a login and password. This tutorial uses the browser's local proxy and Burp Suite's built-in tool to intercept parameters being sent from the web server to the database. To understand the lesson and facilitate the application of knowledge in practice, it would be good to know the intricacies of how GET / POST requests work, as well as an in-depth understanding of SQL syntax.
https://www.youtube.com/watch?v=ZAGAZxcYrC4
The second video on SQL injection, although short, is very informative:
https://www.
youtube.com/watch?v=juLLm8q1BNY
You can also refer to the extended lecture:
https://www. youtube.com/watch?v=eE-W2_M_mMU
In this video we will get Windows user passwords. Because passwords are stored as one-way encryption, you will need a special tool to decrypt the string and get what you are looking for. The Cain and Abel program will be used. This manipulation cannot be called a hack, but rather a decryption, but despite this, the information is useful.
https://www.youtube.com/watch?v=hDuF1-Ls0sY
- Using someone else's Internet or "Tell me your Wi-Fi password"
- Best hacker resources: TOP 10 YouTube channels
- 9 web vulnerability resources
- How to become a real hacker or Capture The Flag
How is Telegram broken? On SMS interception and mobile network vulnerability
Let Telegram be considered one of the most secure messengers, but its users are periodically hacked.
Last Friday, our colleagues from Tut.by reported that unknown people from Ukrainian IP addresses tried to access the Telegram accounts of at least six employees of the organization. Literally an hour before, our conversation with Russian human rights activist and Amnesty International expert Oleg Kozlovsky ended. He told how in 2016 his Telegram account was hacked and unknown people got access to correspondence.
As it turned out, the topic of hacking a secure messenger remains relevant to this day. And this is due not only to hackers, but also to the vulnerability of the technical protocol of mobile networks, which allows you to intercept SMS messages. We will talk about this today. But let's start with history.
Hacking in the middle of the night
Unidentified persons were able to log into the account of Russian human rights activist Oleg Kozlovsky on one April night in 2016.
He found out about it only the next morning, as the operator at night turned off his incoming messages and the Internet for a short time. This is what the hack looked like from the victim's point of view.
- I received a message in Telegram about connecting a new device. Someone connected via Linux supposedly from a server from the USA. Then it turned out that the connection was made through a network of encrypted servers. It was at night when I was sleeping.
I wrote to Telegram technical support. They confirmed that there was such a connection, SMS- message was sent, and a person connected using the code from it.
Oleg turned to his operator. First, I received details on my number, where I saw connected and disconnected services. And then he called.
- I was told that, at the request of the operator's security service, a number of services were turned off, and then turned back on. At night, they turned off the delivery of messages, mobile Internet and notifications about disconnecting and connecting services.
Accordingly, no notifications about manipulations came to the phone.
After 15 minutes, someone connects to my account, requests an SMS with a code. It doesn't reach my phone. And somehow this code is intercepted. They enter it, go into my account and, most likely, immediately download all the chats. And after another half an hour or an hour, all MTS services connect back.
When Oleg voiced these facts, the operator did not acknowledge them and declared a mistake. But at the same time, when Kozlovsky's account was hacked, a similar situation occurred with two more activists. One of them is Georgy Alburov, an employee of the Anti-Corruption Foundation.
- One way or another, but MTS (Russian. - Note Onliner) did not recognize his participation. From my point of view, this meant that some employees were in cahoots with the attackers. Whether it was the secret services, or it was done for money... I don't know.
Oleg did not have two-step authentication enabled, and an additional password was not set, which we will discuss below.
This allowed the attackers to gain access to open chats. Perhaps the files that were sent in chats were also downloaded. But, as he himself notes, there was nothing interesting there. Five years have passed, and no one has yet tried to blackmail him, correspondence has not appeared on the Internet.
According to Oleg, he encountered resistance from the Investigative Committee of Russia, where he took the statement about initiating a case on unauthorized access to computer information and a couple of other articles.
It took only a few years for the inspection to start. Then came the refusal to initiate a criminal case. But this was useful: MTS officially responded to the investigation.
According to the operator's response, he registered an attack from an external network on the SS7 signaling network against the company's subscribers in order to force them to register on the third-party operator's node. 16 subscribers were under attack, 85 unauthorized requests such as Location Update were received.
As a source in the telecom industry explained to us, this wording hides attempts to fictitiously register subscribers in someone else's switch in one of the networks of MTS roaming partners, simulating the work of a subscriber in roaming so that incoming calls and messages go through this "guest" switch .
The document says that the duty specialist of the MTS Information Security Department decided that night to protect subscribers and turn off SMS, informing them about adding and deleting services, as well as mobile Internet for an hour. According to the same letter, the actions of the employee were recognized as redundant due to his lack of competence. The employee was reprimanded, later he quit of his own free will.
- This is indeed a vulnerable channel. Everything that is transmitted via SMS can be read not only by special services, but also by hackers, and not necessarily super cool and incredibly advanced. Both equipment and software systems for such hacking are sold.
In addition, mobile operators also have access, for which not all employees are honest.
The SS7 vulnerability
SS7, which was mentioned in that letter from the Russian MTS, is a set of signaling telephone protocols. It was developed half a century ago, and today it is widely used in the provision of most services: when establishing a telephone call, calling from a mobile phone to a fixed number, roaming, sending SMS messages, and so on. The vulnerability of this protocol was periodically discussed by European, Russian and American experts.
The introduction of SS7 in Europe dates back to the time when GSM mobile networks were built, in which, when roaming, the “visitor” network switch (MSC / VLR) must access the subscriber’s “home” network home network home register (HLR), which stores data about this subscriber. Currently, SS7 constitutes the signaling infrastructure of almost all fixed and mobile operators and is used to transmit connection and routing information.
However, the outdated security concepts at its core make this protocol vulnerable to hackers. For example, there were many articles about vulnerabilities found that can be used to determine the location of a subscriber, listen in on a conversation, or, for example, intercept his SMS message.
German Tobias Engel in 2014 at a hacker conference in Berlin spoke about the SS7 vulnerability and demonstrated how he tracked the movements of several subscribers for two weeks (with their prior consent). They themselves provided him with their phone numbers, and he, by polling the network, was able to build a small map of their movements. So, for example, one of the subscribers lived and worked in Seattle in mid-December, and then went home to the Netherlands for Christmas. Tobias removed the last point from the presentation, as it was too close to the Dutchman's home.
As the specialist noted then, private companies around the world offered tools based on the SS7 vulnerability as Lawful Interception - means for law enforcement and intelligence agencies to intercept within the law.
Practically all intelligence agencies of all countries have direct access to the networks of operators and can easily both listen to conversations and read SMS. This is all legal, such equipment is standardized and is called SORM in the post-Soviet space.
But we moved a little aside.
Previously, it was enough for an attacker to have a computer with special software and be connected to the operator's network in the form of an SS7 signal point. With the proper level of knowledge, it was possible to deceive the network of another operator by passing off a hacker device as a guest MSC / VLR switch.
How is a cybersecurity attack described? An attacker connects to the SS7 signaling network of a foreign operator and sends the Send Routing Info for SM (SRI4SM) service command to the network channel, specifying the phone number of the attacked subscriber as a parameter. The subscriber's home network sends back the following technical information: IMSI (International Mobile Subscriber Identity) and the MSC address at which it currently provides services to the subscriber.
Further, thanks to the received data, the attacker registers the victim's number in the dummy VLR via the Insert Subscriber Data (ISD) message, simulating that the subscriber has arrived on vacation and registered in the new network while roaming. After that, the attacker can receive SMS messages sent to this subscriber.
However, switching equipment providers, banks, telecom operators, messenger owners and other Internet service providers are also aware of this and are on the alert. For example, Internet service providers and banks use two-factor authentication. Mobile telecom operators use protection through SMS Home Routing. This method is used to counter attacks that request the information needed to deliver an incoming SMS message to a subscriber. Previously, in response to it, the subscriber identifier (IMSI) and the address of the node serving it (VLR) were sent. Now, each such request is sent to the SMS Home Routing system, which returns a non-existent subscriber identifier and its own address instead of the real VLR address in which the subscriber is registered.
Thus, for requests from other networks, it is possible to completely hide the real identifiers of subscribers and the addresses of the network equipment at which they are registered.
In addition, a register of network equipment addresses is maintained, which is specially registered and configured. Therefore, in order to use SS7 at the network level, an attacker must at least be connected directly to the equipment of some telecom operator. But these are risks for such an operator, since its network will simply be blocked upon detection, and this threatens it with a loss of reputation and business. Therefore, in telecommunications networks this is not common. And since all these pseudo-systems of intruders in most cases appear to be foreign operators (they report that you are in international roaming), for your own reinsurance, it is enough for a subscriber in his home network to turn off international roaming on his phone.
Nuts are tightened, but…
Nevertheless, SS7 attacks continue.
In December 2019, Group-IB's cybercrime investigation department was contacted by several Russian entrepreneurs. Unknown people got access to their correspondence in Telegram. The victims used smartphones on iOS and Android, were subscribers of various federal operators. The attacks were instantaneous.
First, the user in Telegram from the official account of the messenger received a confirmation code for entering, which he did not request. Then an SMS with an activation code arrived, and almost immediately after it came a message about a successful login from a new device.
Attackers got into the account via mobile Internet from IP addresses from Samara.
Specialists did not find any spyware on the affected smartphones. "In all cases, the attackers gained access to the victim's messenger using SMS codes received when logging into the account from a new device," is emphasized in the report.
How did the break-in take place? Experts say that when the messenger is activated on a new device, Telegram first sends a code through the official service channel to all other devices, and only then an SMS message is sent upon request.
Malefactors ostensibly initiate such request and intercept SMS. With the code from the text message, they successfully log in to the messenger and get access to all files, photos and correspondence.
There are two important points in this story: SMS interception (which we talked about above and which they are fighting as best they can) and the lack of two-step authentication for the victims.
Two-step authorization
By default, authentication in Telegram occurs using a verification code. It is one-time and is sent either by SMS or as a message in the messenger if you try to log in from a new device. Telegram sometimes uses the services of mobile operators to send authorization codes. But more than five years ago, the messenger had an additional login step - a password that the user himself sets in the application.
Let's say you use the "cart" on your smartphone all the time, and then you decide to enter the messenger through the web interface in your computer browser.
You enter your phone number, and through the service channel of the messenger itself, from the official Telegram account, you receive a message with a confirmation code. After entering it in the browser, you have successfully logged in.
But if you have two-step authentication enabled, then after the confirmation code, you must also enter a password that only you know.
Experts advise: 2-Step Verification should be enabled in Telegram's privacy settings. In a recent incident with Tut.by employees, it was noted that it was enabled on one of the accounts. Someone was able to correctly enter the confirmation code, but did not cope with the additional password and did not get access to the account's correspondence.
- If we take the technical component, Telegram is very secure. They are great. But really, you should understand that you can get physical access to the device. In this case, the technological component of security will not help, - we quote Alexander Sushko, head of Group-IB in Belarus.
Many attackers install malware on devices. This can be a program that a person downloads himself, or infection through a phishing link. Such malware will allow intercepting correspondence, calls, and SMS.
In addition to malware, these can also be vulnerabilities in telecommunications networks. The same SS7, which allows you to intercept SMS. Knowing about this vulnerability, it is important to set up two-factor authentication with an additional password. It's more secure.
If you have a European or Chinese SIM card linked to your account, it will be more difficult to access your account. But you need trusted people who will give you this access code when you re-authorize.
Two-step verification is enabled in the messenger's privacy settings. On iOS devices, it's called Cloud Password. This password can be linked to an email address, allowing you to retrieve it in case you forget it. But this is optional, the binding can be skipped.
Thus, the Telegram password will be stored only in your head. This is probably a more reliable method if attackers are suddenly able to access your mail as well.
Experts from the telecom industry say that hacking through the SS7 protocol, if possible, is very difficult. Nevertheless, incidents with possible interception of SMS and hacking of Telegram occur. Now you know how to protect yourself. In order not to miss our new videos, subscribe to the YouTube channel , then it will be very interesting.
Revell Build Model 05680 AT-AT 40th Anniversary The Empire Strikes Back
65 parts, plastic, 1:53, 37.8 cm long
Buy
The national model Revell 07669 '62 Shelby Cobra 289
119 Details, plastic, 1:25, length 16.1 cm
Buy
NEWS Model Revell 05403 Vikings ship
131 details, plastic, 1:50, 1:50, 1:50, 1:50, 1:50, 1:50, 1:50, 1:50, 1:50, 1:50, 1:50, 1:50, 1:50, 1:50 length 38.5 cm
Buy
Even more models at a discount in the Catalog
Our Telegram channel.
