why Russia is still “hijacking” Telegram

In 2023, it will seem strange to someone that it is necessary to explain the need to install two-factor authentication or additional passcodes on personal devices and instant messengers. But at the end of last week in Tatarstan, the accounts of several dozen large company executives and officials, including those in the IT sector, were “hijacked”. How it came to this, the technical support specialists of GAU IT Park tell.

A calm Friday afternoon was coming to an end when several of our employees received calls from embarrassed colleagues from different organizations at once. They asked to find out what kind of strange messages they received from colleagues. When people for whom such amounts are not relevant continued to receive messages asking them to borrow 20 thousand rubles, we realized that we needed to update our manual.

What’s happening

The hacking scheme is again banal this time: please vote in the contest. The mailing went through the contacts of the phone book of the hacked person. You receive a message from your acquaintance/friend/relative containing a link. By clicking on the link to vote (important: the link is almost always created using a link shortening service), you will be taken to a page with the message “Login to vote for contestants” and a field for entering a phone number. The phone number is supposedly needed to confirm the uniqueness of the voice. After entering the number, a screen opens for entering the confirmation code, which the “organizers of the contest” supposedly sent you in Telegram.

If you enter the code and you have Telegram two-factor authentication turned off, your account is now owned by the attackers. They will be able to link it to another phone, use it in new schemes in the future, download correspondence data, demand a ransom from you for account return, etc. Considering the fact that many people like to use the messenger as a file sharing service, it is obvious how many interesting things can be seen on the phone. Through you, the hacking scheme will now continue through your phone book.

Why is it happening?

How did it happen that so many people, including serious leaders, fell for a banal and seemingly obvious divorce? There were several factors. First, psychological. If the link came from a serious person who has been working in management and IT for decades, then the thought of not believing him comes, alas, not the first. The second is the psychological factor. Requests to vote for drawing contests come to those who have children and grandchildren, so it is not surprising that for their sake, without disdaining status, you can click on the link … Thirdly, the already outdated faith in Telegram as the most reliable messenger plays a role, which is read. So we get a huge number of stolen accounts and confirmation that we still live in a post-Soviet society of very naive people. And no calls to the security services of “banks” and other trainers of cynicism will change the open hearts and defenseless accounts of our population.

Despite the fact that saving the population from cyber threats is not a direct responsibility for the IT park, the work of the technical department stopped for some time. We were forced to update the account protection manual and once again send it out not only to employees (by the way, there were no cases of hacking among IT park employees), but also to colleagues from ministries, departments and companies.

What to do

1. Never click on such links! You may also be asked to press a button, offer to receive a gift, etc. If you suspect something, call the person and make sure it’s them and not the intruder.

2. Revoke access to your account from other devices. We launch Telegram, go to the “Settings” section, to the “Privacy” item. We go into it and in the “Security” section we find the item “Devices”. It contains all the devices on which you are logged into your account. End all suspicious sessions. Important: sometimes it is not possible to end extraneous sessions, an inscription appears with a suggestion to end the session later. In this case, it is better to delete your account and create it again.

3. Turn on two-factor authentication. On Android: go to “Settings” – “Privacy”, select the option “2-Step Verification” and turn it on. After that, create a password and click Finish. On Apple: section “Settings” – “Privacy” and the option “Cloud password”. Next, in the same way, you need to come up with a password and click “Finish”.

4. Turn on the passcode (and remember it).

And double-check children and grandchildren!