Earlier this week, Iranian authorities reportedly arrested former BBC journalist Bahman Daroshafaei. After detaining him, the authorities took control of his account on the chat messaging app Telegram and started reaching out to his contacts, according to Iranian activists living abroad.
The activists are worried the authorities could use Daroshafaei's account to trick his friends and colleagues into giving up sensitive information, or to infect them with malware and spyware. In the last few years, Iran's government has aggressively tried to impersonate activists or journalists in order to hack others through phishing emails or even phone calls. Now that Telegram is becoming more popular in the country, with a reported 20 million users, it seems like Iranian government hackers are taking their usual tactics to this new platform.
On Wednesday, Fatemeh Shams, an Iranian poet and scholar, and also a friend of Daroshafaei, posted a warning on her Facebook account.
"Someone has been talking to me for two hours from Bahman's hacked Telegram account and now is chatting with my friends with my account," she wrote, according to a translation. "If anyone messaged you on Telegram [from my account] please ignore it. I've lost access to my account."
"Someone has been talking to me for two hours from Bahman's hacked Telegram account."
After hearing similar reports of Daroshafaei's Telegram account being used after his arrest, Amir Rashidi, a researcher at the advocacy group The International Campaign for Human Rights in Iran reached out to Telegram to get Daroshafaei's account disabled and prevent others from using it.
But despite both his private and public calls for help, Rashidi told me that Telegram hasn't responded to him yet. Rashidi said that he and other Iranian activists in the diaspora usually work with companies like Twitter, Facebook, or Google to disable or block the accounts of people arrested, precisely to prevent Iranian authorities from abusing them. Usually, Rashidi said in a phone interview, those companies are responsive, unlike Telegram.
Rashidi said that Telegram needs to be more transparent and act more like Google and Facebook. "They help civil society and [Telegram should] to do that too," he said.
"Telegram is leaving its app unbelievably insecure and is probably in bed with the Iranian government."
Nima Fatemi, an Iranian independent security researcher, is worried that more and more Iranians are relying on Telegram for their communications.
"Telegram is leaving its app unbelievably insecure and is probably in bed with the Iranian government," Fatemi said in a chat on Thursday.
Fatemi referred to longstanding security concerns with Telegram, namely the fact that chats are not encrypted by default—unless you use the "secret chat" feature—and that even the "secure" end-to-end encrypted chats use an encryption protocol that may be broken, according to a recent study.
Telegram, as well as its founder Pavel Durov, did not respond to multiple requests for comment done via Telegram, as well as email. (The Iranian mission at the UN also did not respond to a request for comment.)
This is not the first time that Iran is accused of using the Telegram accounts of people they detain. In November of last year, Iranian authorities arrested Issa Saharkhiz, an Iranian journalists and political figure. After his arrest, Saharkhiz's son complained that his father's Telegram account had been taken over.
In that case, Saharkhiz's son was able to talk to Durov on Twitter, where he told him that Iranian authorities "took all his [father's] phones, tablets and laptop and are using it as he is arrested and we have no idea where he is."
At that point, Durov said he was "sorry to hear that," but also that "unfortunately, all his chat history is available on the device unless he had set up a strong local password."
This seems to be the latest controversy surrounding Iran and Telegram. In June of last year, it appeared Iran was willing to censor and perhaps even block Telegram completely (Iran has been blocking Twitter and Facebook for years). Months later, Telegram accused the Iranian government of wanting to spy on its users. Eventually, however, Telegram remained unblocked, and apparently started collaborating with the government to stop automatic accounts, or bots, that were spreading pornography.
Throughout these rocky months, Iranian internet freedom activists have been complaining that Telegram hasn't been transparent enough in explaining exactly what the Iranian government asked the company to do, and what the company accepted to do.
"I don't know why they're not clear," Rashidi told me. "There's a lot of questions around Telegram and always they're refusing to answer the questions clearly. That's why people can not believe anything that Telegram says."