Toplum TV Facebook page hacked via SMS interception

On November 3, the founders of Toplum TV, an online news platform, said their Facebook page was hacked. Hackers(s) removed several videos, including one Toplum TV shared yesterday, which was a discussion with an opposition politician Ali Karimli. According to the founders who spoke to AIW, the hacker(s) accessed the page through another founder’s Facebook account, deleted videos, page likes, and changed the name of the page. At the time of reporting this story, the Facebook page was recovered.

In a Facebook post, Alasgar Mammadli, one of the founders of the platform explained in detail how the hacker(s) accessed Toplum TV’s Facebook page by compromising his personal account first.

Translation: This morning at 8.54AM local time, my Facebook account was compromised. The compromise was made possible using my personal mobile phone number. The hacker acquired access to personal information illegally. I only learned about what happened half hour later as I was stuck in city traffic, and had limited access both to my mobile phone and personal computer.  The compromise was made possible by intercepting an SMS sent to my mobile sim card. Meaning, messages sent to my mobile number, were used in parallel by technical supervisors overseeing the telecommunication system in accordance with telecommunication law. Having accessed my personal account [the hacker(s)] were able to access Toplum TV Facebook page, changing its name, [only] deleting archived videos of live debates with Popular Front and Musavat party leaders, and removing several thousand Page likes. Clearly, the reason behind what happened is political intervention. The absolute lack of tolerance to public debates on Toplum TV’s platform has reached such a level, that the perpetrators unafraid, have committed a criminal act prohibited by Articles 271, 272, and 273 of the Criminal Code. This compromise is an act of crime and a grave violation of freedom of speech, privacy, and security of personal data. I demand that serious investigation and preventive action be taken by relevant authorities working within the information security space.

Toplum TV encouraged its readers and followers in a tweet to support their page after hacking:

Translation: Toplum TV’s Facebook page was compromised and its name changed to their name “toplan”. To support independent media, like our Facebook page, and help restore deleted followers.

SMS interceptions are commonly used in Azerbaijan. Below, are a few excerpts from a recent report published by AIW in partnership with International Partnership for Human Rights on the topic: 

The interception of SMS exchanges remains an acute problem in Azerbaijan. In recent years, scores of political activists, journalists, rights defenders, and independent media platforms have had their social media accounts compromised. In many of these cases, those affected have had SMS notification enabled as two-step verification (2FA) procedure for accessing their Facebook accounts. As a result, when their accounts were compromised, they were unable to restore access to the accounts relying on traditional troubleshooting steps offered by social media platforms such as Facebook. Thus, they were unable to retrieve password reset codes sent by Facebook by SMS as their messages were intercepted by the operators, only to be passed on to the relevant government bodies. This experience shows that mobile companies have been involved in many of these attacks. However, none of the operators have taken the blame, so far. The earliest example of SMS surveillance goes back to 2009 when 43 Azerbaijanis voted for Armenia’s entry in the Eurovision Song Contest through votes cast by SMS. A number of these people were summoned and questioned by the security services. In an interview with Azadliq Radio (the Azerbaijani service of Radio Free Europe/Radio Liberty), one of these televoters, Rovshan Nasirli said that the authorities demanded an “explanation” for his vote and told him it was a “matter of national security”. He told the service: “They were trying to put psychological pressure on me, saying things like: ‘You have no sense of ethnic pride. How come you voted for Armenia?’ They made me write out an explanation, and then they let me go.” The authorities did not deny that they had identified and summoned people who voted for Armenia, and argued that they were merely trying to understand the motives of these people.

Three years after the Eurovision scandal, an investigative documentary aired on Swedish TV called ‘’Mission: Investigate” revealed how the Swedish telecommunications giant TeliaSonera, which at the time owned a majority stake of Azercell, allowed “black boxes” to be installed within their telecommunications networks in Azerbaijan from as early as 2008. These boxes enabled security services and police to monitor all network communication, including internet traffic and phone calls in real-time without any judicial oversight. The exposure of these black boxes explains the type of technology the government was deploying already at the time of Eurovision in 2009. The investigation aired by Swedish TV also confirmed that wiretaps were used as evidence in politically motivated cases.

In 2014, an OCCRP investigation revealed how mobile operators were directly passing on information about their users to the respective government authorities. In a country where the government enjoys unprecedented control over the ICT industry and where some of the key players in the market such as mobile operators and ISPs are affiliated with the government or its officials, the findings of the investigation were not at all surprising. The 2014 investigation quoted the director of the Media Rights Institute, Rashid Hajili as saying that both mobile companies and ISPs were obliged to provide special facilities to the Ministry of National Security (MNS)91 for surveillance purposes in accordance with existing legal provisions as explained earlier. In the case of mobile companies, no court approval was sought to eavesdrop on the conversations and SMS exchanges of their customers – a common practice to this day. One of the first accounts of collaboration between mobile companies and the government is that of journalist Agil Khalil. In 2008, Khalil was working on a story about the alleged involvement of MNS employees in corrupt land deals. After taking photographs for the story, he was approached by MNS agents and beaten. The journalist escaped from his attackers and managed to take photos of them. Khalil filed a complaint with the police, and an investigation was opened but eventually dropped, without the perpetrators having been prosecuted or even identified. Soon after turning to the police, the journalist realized that he was being followed. When he filed another complaint with the police about the surveillance, police again failed to follow up. A few days later, Khalil was subjected to a new attack: this time, an unknown assailant stabbed and injured him. Khalil again turned to the police, accusing both the MNS and the mobile operator Azercell (whose services he was using ) of being responsible for the attack. He argued that the operator had helped the MNS to track down his whereabouts, thereby facilitating the attack. The involvement of Azercell in the case became more evident when the operator provided a local court, which examined the journalist’s complaint, with alleged SMS exchanges between Khalil and a man named Sergey Strekalin, who the MNS claimed was Khalil’s lover and had stabbed the journalist out of jealousy. When Khalil’s lawyer requested access to these SMS exchanges, Azercell refused, which called into question the authenticity of these messages. Khalil left Azerbaijan the same year after another attempted attack against him and the continued failure of the authorities to hold his assailants accountable. He took his case to the ECtHR, as a result of which the Azerbaijani government made a so-called unilateral declaration (an official admission) before this court in 2015 that it had violated Khalil’s right to life, freedom from ill-treatment, and freedom of expression and agreed to pay 28 000 EUR in compensation to him. As the government made this admission, there was no ECtHR ruling on the case.

In September, Toplum TV reported it lost 16k followers on its Facebook page. Facebook failed to explain how and why this took place. 

editor facing slander and insult charges

In Azerbaijan, editor of an online news website sozcu.az, Elshan Alisoy is facing slander and insult charges and a hefty fine. The charges leveled against the editor are related to the claims, raised by the Vice President of SOCAR [Azerbaijan State Oil Company] Mikayil Ismayilov. 

The vice president’s demands include a 100,000 AZN compensation [58.8 thousandUSD] for moral damage, charges of slander [Article 147], and insult [Article 148] of the Criminal Code of Azerbaijan and closed-door hearing, over an article, Alisoy shared on Facebook. 

On June 22, a preparatory meeting was held in the Agsu District Court according to reporting by Turan News Agency. The agency reports that the hearing on the merits is scheduled for June 25. 

The editor’s lawyer, Nemat Karimli, says the acceptance of the claim into proceedings is unlawful. “According to Article 60 of the Law on Media, a person who reprints [reshares] an article published in another media is not responsible for the content.”

Titled, “The dark empire of Mikayil Ismayilov” the original article, that the blogger shared on his Facebook, was originally published by an online platform azadsoz.com [free word] on May 18, alleging that Mikayil Ismayilov oversees the management of the entire financial process in SOCAR’s covert operations.

Reposting the article, Elshan Alisoy, wrote the following comment, “Dear God, why they need all this wealth… Mikail Ismayilov is one of the 12 vice presidents of SOCAR. I call this, gluttony and barbarity.”  

The hearing in the case is scheduled for June 25. 

the tale of blocked websites

In July of last year, in their response to the Government of Azerbaijan, four of the websites that were blocked for access in Azerbaijan in 2017, reiterated their claim that the ban violates their right to freedom of expression. According to EHRAC, this response came following the Government’s [of Azerbaijan] submissions to the European Court of Human Rights (“ECtHR”). 

EHRAC (European Human Rights Advocacy Center) represents four of the websites – Meydan TV, Azadliq Info, Azerbaycan Saadi, and Turan TV and has been working in tandem with local legal partners on the case. 

At the time of blocking these websites in 2017, the Government of Azerbaijan argued “a number of articles published by the four critical news websites included calls aimed at “forcible change of the constitutional order”, “organization of mass riots”, and other illegal activities.” 

In reality, all four websites are considered independent and/or platforms affiliated with opposition parties or their critical position against broader government practices and policies adopted by the ruling government of Azerbaijan. As a result, the decision to block them was based on the legal claims that lacked evidence. This was further reflected in the review process when the decision to block these platforms was implemented. According to EHRAC, “no effective and independent review took place in the first instance decision to block access to the websites in 2017, and in subsequent appeals. The courts simply accepted the authorities’ allegations at face value and made no attempt to adequately consider or explain why the content was unlawful.”

The intentions behind the blocking decision were further reflected in subsequent actions taken by the Government of Azerbaijan against the online platforms. Such that, at the time of the first decision to block these websites for access in 2017, the Azerbaijani Government claimed these websites continued disseminating their content through VPN services or social media platforms and therefore the action taken against them did not cause significant changes to the published content. However, in February 2020, the Ministry of Transportation, Communications and High Technologies “requested the domestic courts to impose a ban on the applicants’ ability to share their content through VPN services and social media platforms.” 

While access to the said websites remains blocked in Azerbaijan further developments signal a consistent pattern of censorship and impunity.

arqument.az remains blocked

On December 24, 2019, the administrative-economic court in Baku rejected the claim by arqument.az against Transportation, Communication and High Technologies ministry. Arqument.az took the ministry to court following its decision to block arqument.az inside the country.

The website’s editor Shamshad Agayev intends to appeal the decision.

Arqument.az was blocked on August 8, 2018, following a decision issued by Sabail District Court. A few days later, Baku Court of Appeal annulled district court’s decision.

But arqument.az was blocked once again in April 2019 after publishing coverage of protests in Jalilabad district. The website was also subject to cyber attacks after being blocked.