Feeds

Hackers pose as hacks: Iranian crew uses Facebook to spy on US defence bods – report

Three-year-old campaign also targets UK, Saudi Arabia, Iraq

Providing a secure and efficient Helpdesk

An Iran-based hacking network used fake Facebook and other social media profiles to "befriend" and spy on US lawmakers and defence contractors in the US and Israel, among other targets, according to a new report.

According to the study, the hackers attempted to get "friendly" with US lawmakers, defence contractors and "at least one four-star general" using fake personas on social networking sites (Facebook, Twitter, LinkedIn, Google+, YouTube, Blogger).

Dallas-based cybersecurity intelligence firm iSight Partners reports that the ongoing campaign – which has seemingly stretched back over the past three years – is also targeting victims in the UK as well as Saudi Arabia and Iraq.

The social network engineering was used in a co-ordinated effort ultimately aimed at obtaining the log-in credentials to the email systems of their victims. The fake profiles claim to work in journalism (using a fake news outlet featuring plagiarised content called NewsOnAir.org to back up these claims), government, and defence contracting.

Journalist was the preferred mask used by the cyber-spies but they used various other disguises, said the report, including posing as recruiters for the defence industry and systems administrators for the US Navy.

Intended marks are befriended before being hit by spear-phishing scams ultimately aimed at extracting sensitive passwords. As many as 2,000 were targeted by cyber spies posing as journalists, according to the analysis by iSight partners.

iSight is unable to say how effective the Iranian network of cyber-spies has been. "It is reasonable to assume that a vast amount of social content was compromised in addition to some number of log-in credentials that can be used to access additional systems and information," it said.

Charles Tendell, founder of Azorian Cyber Security and a former US military intelligence officer, told El Reg that the mechanism of the attack was plausible enough to have ensnared at least a few victims.

"The proliferation of news organizations and sites worldwide lulled officials into a false sense of security that they were dealing with legitimate media," Tendell explained. "The ease with which one can create a front news organization and site is a perfect cover to launch cyber attacks, including gaining the trust of individuals so they'll unknowingly allow the hack. This includes clicking harmful links or opening damaging files that unleash the attack."

Facebook, Linkedin zap fake profiles

The details of the campaign are noteworthy but none of the individuals elements will come as much of a surprise to more attentive Reg readers or other with an interest in cyber-espionage. We already know that fake social media profiles are commonplace .

The report does not prove that the hacking crew was linked to the Iranian government.

The Iranian authorities, along with those in North Korea, are active in using social media for propaganda purposes while cracking down hard on its use by the general population - especially after the event of the Arab Spring three years ago where social media was used as an effective tool to mobilise protests in Egypt and beyond.

"‪#sockpuppets‬ cyber personas Iranian use of Facebook not that elaborate and very commonplace," noted Treadstone 71, a private sector intelligence analyst, on Twitter.

Defence contractors and aerospace firms are a prime target for multiple intelligence agencies and assorted hackers around the world. Intelligence analysts generally rate Iran as a solid second-tier cyber power, alongside the likes of North Korea and Syria, but some way behind China and Russia.

“This attack is decently technical, but most of it is cleverness and time,” said Jason Healey, director of the cyber statecraft initiative at the Atlantic Council in Washington, told Bloomberg.

Facebook and LinkedIn are well into the process of tracking down and deleting fake profiles (many of which featured the pictures of young, attractive women), the news agency adds.

US intelligence officials have previously apportioned blame for a wave of DDoS attacks against US banks in 2012 and 2103 to Iranian military. However no proof has ever been offered and those particular attacks might just as easily have been the work of angry hacktivists.

What's more credible are suggestions that Iran got serious about boosting its cyber capabilities since the Stuxnet worm sabotaged systems at a key nuclear enrichment facility. ®

New hybrid storage solutions

More from The Register

next story
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
TorrentLocker unpicked: Crypto coding shocker defeats extortionists
Lousy XOR opens door into which victims can shove a foot
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.