Technology

"My Friend was Arrested in Iran, and then my Email was Hacked"

September 29, 2015
IranWire
6 min read
"My Friend was Arrested in Iran, and then my Email was Hacked"

Before we begin the interview, the lawyer reminds me that we must not mention the name of his Iranian friend who was arrested two weeks ago. “My friend’s family in Iran are trying to secure his release. Iranian officials have promised that the misunderstanding will be cleared up soon and they will let him go,” he says. “So I do not want you to include any reference to his name.”

A European lawyer who works with Iranian and European companies, my interviewee has recently been targeted by government-affiliated Iranian hackers. After the arrest of his friend, not only did they hack his email and Facebook accounts, but also the accounts of at least 20 of his friends. “I want everybody to hear this so future targets can be more careful about their online security,” he says.

The story began when his friend traveled back to Iran. “Two or three months ago his mother passed away,” the lawyer says. “He went to Iran to visit his family and to organize his share of his inheritance. Throughout his stay, we were in touch via phone or email almost every day. After the nuclear agreement was signed in July many of our clients have been interested in investing in Iran or expanding their existing investments. They contacted us to find out whether Iran offered any investment opportunities and to find out generally what is going on in the country.”

“My Iranian friend owns a successful firm here [in Europe] and was interested in doing business with Iran,” he says. “His children have grown up and now both he and his Iranian wife want to visit Iran more regularly. He kept me informed about what was going on with the Iranian economic scene. A few days before he was due to return he told me that he was going to extend his trip so he and a few of his old friends could travel to a city in northern Iran for a few days. When he arrived there, he told me that for some reason his phone was not working, but that he would keep in contact through email.”

At this point, the lawyer was not suspicious.“I have been to Iran several times and I know that such inconveniences can happen there a lot. So what my friend told me did not surprise me in any way, especially since he continued to send me emails in fluent English.”

But a few days later, a European diplomat and a former classmate from college contacted the lawyer and told him they had received “phishing” emails that appeared to come from his private account.

Until then, the lawyer was not familiar with phishing. According to Merriam-Webster, phishing is “a scam by which an email user is duped into revealing personal or confidential information which the scammer can use illicitly.” The emails appear to be completely legitimate and usually appear to come from individuals, companies or organizations known by the target, including personal friends, banks or professional contacts. The fraudulent emails contain requests, or include links to phishing sites that request, personal information including bank details, passwords, credit card information, or private contact details.

 

Phishing Attacks on at Least 1000 Contacts

The lawyer arranged a meeting with his former classmate, and they decide to consult an internet security expert. “It was probably about 4 pm. I sent an email to my daughter and took a half-hour metro ride to get to the office of the security expert,” he says. “When I left the station I found out that 24 people had tried to contact me without success. When I arrived at the office of the security expert, I discovered that I had lost control of my email account. Within just 45 minutes the hackers had sent emails to about 1000 people on my contacts list.”

It turned out that a few days earlier his email account and the Facebook page he had set up for his children had been hacked. In addition to this, many of his friends and acquaintances had received phishing emails or been hacked. The hackers had used his address to launch the attacks.

The security expert asked the lawyer and his friend a range of questions. He began by asking whether either of them had clicked on a link or had opened an attachment. “I really did not remember anything,” says the lawyer. “Then the expert asked me if I had received any strange emails recently. After many questions and answers, I remembered the email from my friend about his trip.”

After discovering that the phishing attack had originated with his Iranian friend’s email, the lawyer tried to contact his friend in Iran. But then things took an unexpected turn. “He wasn’t answering his mobile so I called his home phone,” he says. “His wife, who has always been friendly and cheerful, picked up the phone. The moment she heard my voice she told me in English that I had the wrong number.”

After this the lawyer contacted anybody whose email might have been hacked to warn them.

Many of the people the lawyer contacted told him that they had recently received emails from him, only to find out afterwards that their accounts had been the targets of phishing attacks. “Some of these friends are current or former cabinet ministers or members of parliament. I studied at one the best universities in the world, so it should not come as a surprise that I have such friends.”

A few days later, the lawyer received a call from an unknown number. It was the wife of his Iranian friend. She told him that her husband had been arrested a few days earlier as he was about to fly out of Iran. By sending phishing emails through his account, the hackers had been able to compromise the email accounts of all his contacts. “My friend’s wife told me that my friend has been charged with espionage. They have warned his family that if they talk about it, the situation will get worse for him,” he says.

The lawyer’s voice breaks up and his eyes fill with tears as he talks. “My friend loves his country Iran,” he says. “All the information that he gave me was directed toward investments. His family and I have no idea what to do.”

These recent attacks are not isolated, and have been ongoing for some time. And there is reason to believe they may even be on the increase. Over the last two weeks, there have been reports that Iranian phishers have hacked, or have tried to hack, the accounts of Iranian journalists and civil activists. The fact that these attacks come at a time when President Rouhani is due to address the United Nations General Assembly — amid widespread hope that Iran’s economy will benefit from greater economic investment as sanctions are eased — makes it all the more disturbing.

 

Related articles:

Phishy Business: Activists Targeted in Hacking Surge

Iranian Journalists Targeted by Hackers

 

To read more stories like this, sign up to our weekly email. 

 

comments

Provinces

The “We Can’t Breathe Either” Campaign

September 29, 2015
OstanWire
2 min read
The “We Can’t Breathe Either” Campaign