Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Instagram security - FYI

Nariman Gharib nariman.gh at gmail.com
Fri Jul 14 11:17:49 PDT 2017


Hi Libtech,

Just want to share a quick story with you all.

In my country Iran, many of Iranian users are using Instagram because the
service is not block within country, and unfortunately many activists,
artists, journalists are using this service to talk to each other. some use
Telegram but not via secure chat, and also Signal is blocked within
country, so for these ordinary people, it's a easiest way they can
communicate with each other.

Recently I have seen some Iranian attackers, as far as I know, they are
Government - sponsored tried to hack some of our journalists at ManotoTV,
in one case they have managed to get into the account. we saw the same
story with 'Shahin Najafi' and another Iranian rapper which they managed to
get in to.

We have reported to our POC at Facebook, They were very helpful but each
time when we get the account back they have managed to get into it again.

we changed email address to something which nobody can guess it, we
un-linked the account with Facebook, we also enabled 2 factor
authentication, also Instagram team put that account behind the "shield" so
next time anyone wants to do something regarding this specific account it's
going to high security queue.  by they have managed to get in just today
again.

you might say ok maybe this London based User is using a compromised phone,
I've checked the phone but his iPHONE is good from what I'm seeing.

you might say ok maybe his email address got compromised but we didn't
receive any email for requesting new password / or / reset password.

I will get the account back soon via Facebook POC but I believe after 5
times they got into his account and changed all information on that
account, it's something going on with Instagram security it self.

So please if any of your friends are using it for communicate with each
other over DM please tell them to stop it.

Thank You


-- 
PGP: 0xa53963936999cbb6
@NarimanGharib <https://twitter.com/narimangharib>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20170714/4a6325f9/attachment.html>


More information about the liberationtech mailing list