placeholder

Encrypted traffic interception on Hetzner and Linode targeting the largest Russian XMPP (Jabber) messaging service —

TL;DR: we have discovered XMPP (Jabber) instant messaging protocol encrypted TLS connection wiretapping (Man-in-the-Middle attack) of jabber.ru (aka xmpp.ru) service’s servers on Hetzner and Linode hosting providers in Germany. The attacker has issued several new TLS certificates using Let’s Enc...

Click to view the original at notes.valdikss.org.ru

Hasnain says:

Yikes.

“All jabber.ru and xmpp.ru communications between these dates should be assumed compromised. Given the nature of the interception, the attacker have been able to execute any action as if it is executed from the authorized account, without knowing the account password. This means that the attacker could download account's roster, lifetime unencrypted server-side message history, send new messages or alter them in real time.

End-to-end encrypted communications, such as OMEMO, OTR or PGP, are protected from the interception only if both parties have validated the encryption keys. The users are asked to check their accounts for new unauthorized OMEMO and PGP keys in their PEP storage, and change passwords.

We tend to assume this is lawful interception Hetzner and Linode were forced to setup based on German police request.
Another possible, although much more unlikely scenario is an intrusion on the internal networks of both Hetzner and Linode targeting specifically jabber.ru — much harder to believe but not entirely impossible.

As of 20 Oct 2023, we’re still waiting for the adequate reply from Hetzner and Linode to our inquiries.”

Posted on 2023-10-21T01:11:30+0000