Feeds

Hackers pose as hacks: Iranian crew uses Facebook to spy on US defence bods – report

Three-year-old campaign also targets UK, Saudi Arabia, Iraq

Remote control for virtualized desktops

An Iran-based hacking network used fake Facebook and other social media profiles to "befriend" and spy on US lawmakers and defence contractors in the US and Israel, among other targets, according to a new report.

According to the study, the hackers attempted to get "friendly" with US lawmakers, defence contractors and "at least one four-star general" using fake personas on social networking sites (Facebook, Twitter, LinkedIn, Google+, YouTube, Blogger).

Dallas-based cybersecurity intelligence firm iSight Partners reports that the ongoing campaign – which has seemingly stretched back over the past three years – is also targeting victims in the UK as well as Saudi Arabia and Iraq.

The social network engineering was used in a co-ordinated effort ultimately aimed at obtaining the log-in credentials to the email systems of their victims. The fake profiles claim to work in journalism (using a fake news outlet featuring plagiarised content called NewsOnAir.org to back up these claims), government, and defence contracting.

Journalist was the preferred mask used by the cyber-spies but they used various other disguises, said the report, including posing as recruiters for the defence industry and systems administrators for the US Navy.

Intended marks are befriended before being hit by spear-phishing scams ultimately aimed at extracting sensitive passwords. As many as 2,000 were targeted by cyber spies posing as journalists, according to the analysis by iSight partners.

iSight is unable to say how effective the Iranian network of cyber-spies has been. "It is reasonable to assume that a vast amount of social content was compromised in addition to some number of log-in credentials that can be used to access additional systems and information," it said.

Charles Tendell, founder of Azorian Cyber Security and a former US military intelligence officer, told El Reg that the mechanism of the attack was plausible enough to have ensnared at least a few victims.

"The proliferation of news organizations and sites worldwide lulled officials into a false sense of security that they were dealing with legitimate media," Tendell explained. "The ease with which one can create a front news organization and site is a perfect cover to launch cyber attacks, including gaining the trust of individuals so they'll unknowingly allow the hack. This includes clicking harmful links or opening damaging files that unleash the attack."

Facebook, Linkedin zap fake profiles

The details of the campaign are noteworthy but none of the individuals elements will come as much of a surprise to more attentive Reg readers or other with an interest in cyber-espionage. We already know that fake social media profiles are commonplace .

The report does not prove that the hacking crew was linked to the Iranian government.

The Iranian authorities, along with those in North Korea, are active in using social media for propaganda purposes while cracking down hard on its use by the general population - especially after the event of the Arab Spring three years ago where social media was used as an effective tool to mobilise protests in Egypt and beyond.

"‪#sockpuppets‬ cyber personas Iranian use of Facebook not that elaborate and very commonplace," noted Treadstone 71, a private sector intelligence analyst, on Twitter.

Defence contractors and aerospace firms are a prime target for multiple intelligence agencies and assorted hackers around the world. Intelligence analysts generally rate Iran as a solid second-tier cyber power, alongside the likes of North Korea and Syria, but some way behind China and Russia.

“This attack is decently technical, but most of it is cleverness and time,” said Jason Healey, director of the cyber statecraft initiative at the Atlantic Council in Washington, told Bloomberg.

Facebook and LinkedIn are well into the process of tracking down and deleting fake profiles (many of which featured the pictures of young, attractive women), the news agency adds.

US intelligence officials have previously apportioned blame for a wave of DDoS attacks against US banks in 2012 and 2103 to Iranian military. However no proof has ever been offered and those particular attacks might just as easily have been the work of angry hacktivists.

What's more credible are suggestions that Iran got serious about boosting its cyber capabilities since the Stuxnet worm sabotaged systems at a key nuclear enrichment facility. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Webcam hacker pervs in MASS HOME INVASION
You thought you were all alone? Nope – change your password, says ICO
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Meet OneRNG: a fully-open entropy generator for a paranoid age
Kiwis to seek random investors for crowd-funded randomiser
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Simplify SSL certificate management across the enterprise
Simple steps to take control of SSL across the enterprise, and recommendations for a management platform for full visibility and single-point of control for these Certificates.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.