Shahkar System hack could mark the beginning of more troubles
our investigations at Iran Cyber News Agency have noted a distressing trend that we would like to bring to our readers. A huge amount of hacked and leaked Iranian data is for sale on the dark web and surface web forums.
Iran’s data for sale – a disturbing trend
We have previously reported to our readers the hack of several Iranian databases including what is believed to be at least 14 million vehicle profiles for the Rahvar traffic police and 72 million Bank Melli customer data profiles. it has now come to light that another large-scale hack of Iranian data may have been conducted and is being sold online.
Shahkar system exploited
In yet another turn of events our investigators have discovered a group or individual selling 69 million Iranian detail from the Shahkar System which is an e-government project funded by the Iranian government. It seems this system has somehow been compromised with a hacker by the name of LoveLife selling the massive data set and asking $4 500 worth of Bitcoin for the leak. If true, the hacker states that the data includes:
- Name
- Surname
- National ID
- Birthdate
- Birth city
- Address
- postal code
- phone number
ICNA currently does not have access to the data and so cannot confirm if it is valid or not although there is a sample of the data available on the forum.
Shahkar System explained
The Shakar System is an electronic authentication system available on a mobile app with the intention to prevent fraud and is part of the country’s larger e-government strategy to facilitate some government services, reduce expenses, and ease traffic jams all digitally and online.
Initially the app was rolled out to the telecommunications operators but has since expanded to many different sectors such as energy and health. It acts as an intermediate between service operators and authentication authorities with the purpose for operators to validate the user requesting the service before actually providing them the service.
The Shahkar System is now at the heart of the e-government project which can make it an extremely valuable and attractive target for hackers who mean us harm.
Possible connections with the fuel hack
It is indeed interesting that at the time of a major country-wide cyber attack against our fuel distribution network, there is also a massive data breach of the Shakhar System. The curiousness of these two events happening so close together is because the smart card system that manages the payment and purchasing of fuel at our nations fuel pumps is managed and authenticated through the Shakar System.
It is not a far reach to think that the same group ransoming this data is also the group who took down the smart payment system that has now descended our country into chaos with many individuals not able to carry out their business due to being unable to procure fuel.