Iranian bot that endangers anonymity of users on Twitter and Telegram in favor of the Iranian regime
On March 30, 2020, Comparitech website reported that the data of 42 million Telegram members, including their unique ID and phone numbers, were leaked by an unofficial [fake] version of telegram. This data leak was initially discovered by Bob Diachenko, who’s a cybersecurity researcher.
“A Telegram spokesperson told Comparitech, “We can confirm that the data seems to have originated from third-party forks extracting user contacts. Unfortunately, despite our warnings, people in Iran are still using unverified apps. Telegram apps are open source, so it’s important to use our official apps that support verifiable builds.” The database contained more than 42 million records consisting of user data originating from Iran. ● User account IDs ● Usernames ● Phone numbers ● Hashes and secret keys”
We must note that Iranian regime’s cyber activities, since the previous months and years, right after appointing Jahromi [who is designated by the U.S. and has records of working in the ministry of intelligence] as Rouhani administration’s ICT minister, have increased. Thanks to the Iran-based companies, they have prepared systems for monitoring the Iranian users!
The database that was discovered by Bob belonged to a system that was called “Shekar”. This system, which is deployed on a server in Iran and is allegedly under control of the Iranian regime’s operators, has raised a lot of concerns.
Right after the Iranian regime blocked Telegram messenger, some third-party apps that helped users to bypass the Iranian filtering were deployed and published. Most of those apps had Iran-based servers and were under control of the ICT ministry and “University of Tehran” and were collecting user data.
In 2019, Google and Google Protect have removed most of those fake Telegram messengers, yet some are still active.
Last year, a Telegram bot got quite popular amongst the English and Persian users on Instagram and especially Twitter. The bot was called “Harf Be Man” [Words to me], it made users able to send “anonymous” messages on Telegram. According to the bot creator, Amir Shokati, the bot has 12 million users and has hosted over 50 million anonymous messages.
According to our intel, the Iranian Cyber Police and the IRGC Intelligence department have started tracking anonymous users through accessing that bot’s messages and matching the users with the leaked database. They are monitoring “text messages” “video messages” and “voice messages” that were supposed to be on an anonymous platform.
This is what’s happening now:
1. “Collecting the Telegram [unique] ID number”
2. Searching and matching the ID number with the previously leaked database
3. Finding user’s phone number and username
We urge Instagram and Twitter to block the links that have the below structure in order to prevent their users from falling in Iranian regime’s trap:
t[.]me/BChatBot?start
t[.]me/HarfBeManBot?start
UPDATE 8 December 2021:
Here, you may see a list of those bots:
t[.]me/BegoMago_Bot
t[.]me/DustYabBot
t[.]me/ichate
t[.]me/MeloGapBot and t[.]me/BiChatBot?star…
harfbeman[.]pw
