Computer experts from the Buenos Aires prosecutor's office determined that the so-called "Sim Swapping" hacking operation suffered by the Security Minister, Marcelo D'Alessandro,
allows the creation, editing or deletion of Telegram messaging chats.
The conclusion of the experts that is in a report presented in an open case before the head of the Specialized Unit in Computer Crimes and Contraventions, Daniela Dupuy
coincides with the statements of D'Alessandro
according to which some of his chats had been edited.
Clarín
had access to the report in judicial sources.
look too
Exclusive: How was the "SIM Swap" operation to hack Marcelo D'Alessandro's cell phone
A "Sim Swapping" operation consists of creating
a twin Sim card
and thus being able to control, from another cell phone, the victim's phone.
The call that activated the maneuver against D'Alessandro
came from the prison in Eldorado, Misiones, or its surroundings,
as
Clarín
announced exclusively 15 days ago.
The report that is in an open case due to a complaint by the minister on leave was prepared by the Forensic Computer Office of the judicial investigations body of the Buenos Aires public prosecutor directed by Marcos Vissani.
Based on D'Alessandro's chats, the Minister of Justice of the Nation, Martín Soria, by order of President Alberto Fernández, denounced the minister with the use of a license before the Justice
for 26 alleged crimes
.
Deputy K and former director of AFI Counterintelligence, Rodolfo Tailhade, joined Soria's complaint.
D'Alessandro's cell phone was hacked on October 19 and a first leak was revealed after an oral court sentenced the vice president to 6 years in prison on December 6 in the Highway case.
And the other leak was uploaded to the web on December 30, after the Court issued a precautionary measure in the case that the government of Horacio Rodríguez Larreta opened against the national government for the removal of the co-participation.
But D'Alessandro denounced Tailhade in court as an alleged accomplice in the hack.
The deputy who is part of the environment of Vice President Cristina Kirchner denied having participated in the maneuver and said that
he learned from a journalist K
that a second leak of chats had been uploaded, on December 30, to a ghost website.
For his part, the AFI comptroller, Agustín Rossi, denied that there is a "military table" in the organization headed by the former head of the Army, General César Milani, but
admitted, before a request for information from the opposition, that two former officials of Intelligence of the Ministry of Defense now work with him.
The expert report states that "it can be stated that by installing the Telegram application on a mobile device whose SIM card was obtained through SIM Swapping,
full control of the installed application is obtained
."
This control "implies
the complete possibility
of manipulation of the victim's account, understood as access,
creation, modification and total or partial deletion
of the communication history, both in private conversations and in group conversations, access to contacts, among others.
Instead, the expert report concluded that "control of the Telegram application is not possible if the account has two-step verification activated, and no devices linked to the account are registered."
However, "it is important to note that in the specific case
it is not possible to determine the moment
in which the exposed security measures were applied to the victim's Telegram account", that is, D'Alessandro.
This second conclusion has to do with the fact that D'Alessandro suffered two hacks because the alleged chats with Silvio Robles, spokesman for the president of the Court, Horacio Rosatti, date
from November 9
, after the Buenos Aires minister had taken security measures on his cellphone.
The three-page report, at the beginning, explains what the "Sim Swapping" operation is like and says that once this process is finished
"the attackers already have full control of the installed application (Telegram)
, which implies the complete possibility of manipulation of the victim's account, understood as access, creation, modification and total or partial deletion of the communication history, both in private conversations and in group conversations, access to contacts, among others”.
He then points out that "because Telegram is a messaging service based on storage (storage) on dedicated servers, conversations are stored on Telegram's own servers and end-to-end cryptography
is not applied by default
."
"This means that the attackers, by accessing the account,
have full control,
including, as indicated above, access, creation, modification and total or partial deletion of communication history."
Next, it clarifies that "the Telegram application offers the possibility of generating private conversations called
"Secret Chat"
on which it applies point-to-point cryptography only in conversations carried out from the mobile devices of two interlocutors".
When creating the "Secret Chat", "the public-private keys are generated between both devices and only those devices will be able to access the conversation.
These secret conversations can only be viewed on the devices where they were generated and
are not stored on Telegram's servers,
so the attackers who gain access to the account do not have the power to access them."
look too
Rodolfo Tailhade ignores the hacking of Marcelo D'Alessandro and asks that the Buenos Aires official be investigated
Regarding the question of whether the attackers can continue to control the cell phone, after taking security measures, he maintains that "there are two measures provided by the Telegram application that guarantee its security."
First of all, “
two-step verification
is a feature that Telegram has as an additional security method.
Once this measure is activated, the application requires the generation of an alphanumeric password that must be remembered at the time of installation.
This functionality prevents the installation of the application in the case of takeover of the telephone line”.
Secondly, “the application has a menu where it is possible to view each of the devices linked to the account, with the IP information and operating system used.
In the event that a user detects an unknown paired device,
she can immediately
unpair it .”
The experts pointed out that the attackers generally seek to create patrimonial damage to the victim, image damage to the victim, extortion of third parties (victim contacts), reception of SMS with Multiple Factor Authentication codes, obtaining private information from the victim and/or
defamation of the victim
.
Now D'Alessandro awaits the result of other expert opinions that seek to determine
who
from the Eldorado prison or its surroundings attacked his cell phone and who uploaded the ghost site where their chats are published to the web.
At this point, as the representative of Juntos por el Cambio, Diego Santilli, and Judge Rodríguez Giménez Uriburu and other politicians, magistrates and journalists were also hacked, it is clear that they were not simple scammers but
an organization
with the capacity to carry out such a maneuver.
look too
Diego Santilli asked Judge Servini to dismiss the case for the hacking of his cell phone
look too
Hacking politicians: so far no federal judge asked about the cell phones of the prisoners in the Eldorado jail