Slashdot Mirror

← Back to Stories (view on slashdot.org)

VOIP Provider Viber Attacked By Syrian Electronic Army

Posted by Unknown on from the bad-hackers dept.

An anonymous reader writes "The hacking group known as the Syrian Electronic Army have hacked into Viber, defacing its support website, and posting what they claim is evidence of surveillance by the free phone-messaging app. The Syrian Electronic Army posted a message claiming the 'Israeli-based Viber is spying and tracking you' alongside what appeared to be a screenshot of an internal Viber database containing users' phone numbers, device UDIDs, IP address, operating system, and Viber version information." Viber is saying the attack was minor: "...the hack only allowed access to two minor systems, a customer support panel and a support administration system. According to the company's official response, 'no sensitive user data was exposed and Viber's databases were not "hacked."' Apparently, an employee simply fell victim to a phishing attack.

15 of 33 comments (clear)

  1. probably true by Trepidity · · Score: 1

    From Wikipedia,

    Viber Media is a Cyprus-based company with development centers in Belarus and Israel. The company was founded by American-Israeli entrepreneur Talmon Marco.

    From that, you can surmise how many different governments are likely to have access to its call "metadata".

    --
    10 PRINT CHR$(205.5+RND(1)); : GOTO 10
    1. Re:probably true by mrmeval · · Score: 2, Insightful

      Considering the shit this administration has pulled against the Israeli's I think they'd hand them shit and more shit. Why should they make them look good by giving them any intel?

      --
      I'd go on a Vegan diet but the delivery time from Vega is too long. --brownkitty
    2. Re:probably true by Xenkar · · Score: 1, Interesting

      http://www.dailykos.com/story/2011/12/08/1043424/-10-Things-Obama-Has-Done-To-Strengthen-Israel

      With the amount of gratitude you show the United States, I'm amazed that we spend so much money on Israel. We could be using that money to fix our infrastructure, upgrade to a nationwide fibre internet, and perhaps switch to single payer healthcare.

      We don't want to attack Iran just because Netanyahu brought out a Wiley E Coyote diagram at the UN. I'm sorry if that offends you. Israel has been crying wolf about Iran for decades.

      The problem with crying wolf is that eventually people start ignoring you. Hell, I've been the victim of it even though I never cried wolf. I was bleeding badly after getting a nasty cut in the woods and I had to haul myself to safety as a child because adults thought I was just a kid playing around by screaming "HELP!"

    3. Re:probably true by erikkemperman · · Score: 1

      Replying to undo wrong mod. Should've been Informative but got Funny.

      --
      Gosh, thanks. That must be why the other ships call me Meatfucker -- GCU Grey Area (Eccentric)
  2. Communication... by Anonymous Coward · · Score: 1

    ...should be point-to-point and use encryption. Anything else is a major design flaw.
    This whole cloud business needs these types of attacks to show what a bad idea it is.

  3. Of course it's for surveillance. by LikwidCirkel · · Score: 1

    "free phone-messaging app" is all anyone should need to know to recognize something as a surveillance tool.

    1. Re:Of course it's for surveillance. by Nerdfest · · Score: 1

      Yeah, but don't let the fact that you pay for it lull you into a false sense of security. If you don't control the encryption keys (and really, have access to the source) you should be suspicious. Don't think your text messages are intercepted?

    2. Re:Of course it's for surveillance. by longk · · Score: 1

      Every router on the internet is an interception device. Interception doesn't necessarily mean spying. But yes, I get your point. Of course everyone who legally can will harvest and exploit data. To think otherwise is naive.

  4. just how big is this "army" ? by ClassicASP · · Score: 1

    i'm just curious. are we talking about an army of just a few talented hackers here? or is there a list of members as long as that list that they defaced the homepage with?

    1. Re:just how big is this "army" ? by Spy+Handler · · Score: 2

      It's about as big as the Mongolian navy.

  5. "Evidence of tracking?" really? by Nermal · · Score: 4, Insightful

    Someone please explain how a VOIP service is supposed to work /without/ a table associating numbers with UUIDs, software versions, etc? *eyeroll*

    1. Re:"Evidence of tracking?" really? by longk · · Score: 1

      I dunno, my SIP phone works just fine without all this information.

    2. Re:"Evidence of tracking?" really? by Anonymous Coward · · Score: 1

      Your SIP provider surely has a table identifying you to route calls, and your phone surely sends its software version when it connects. Certainly every SIP server software I've seen can list this too. Without some sort of provider to connect to, your SIP phone will be very quiet.

    3. Re: "Evidence of tracking?" really? by Nermal · · Score: 1

      >> "They HAVE an ID, Pass and IP"
      > Which of those are "UUIDs, software versions"?

      Regarding part of your question, the answer to "which of those is a UUID?" is.... "ID". That was a fun game! But surely if you're informed enough to be willing to just dismiss the previous commenter as an idiot, you would know that a UUID is just a randomly-generated ID number, which is much more practical than distinguishing users by username.

      You would also, of course, be able to infer that storing software version information might make more sense in the context of a software provider managing updates and support than in the context of a secret plot to reveal to the government who hasn't upgraded to the latest version yet.

  6. Syrian Electronic Army? by Anarchduke · · Score: 2

    The name reminds me of groups like the People's Front of Judea

    --
    who prays for Satan? Who in 18 centuries has had the humanity to pray for the 1 sinner that needed it most? ~Mark Twain