May 29, 2014
Iranian Hackers Used Social Media To Target US Officials
Peter Suciu for redOrbit.com - Your Universe Online
Iranian hackers may have been utilizing social media as part of an on-going three year campaign that was aimed at befriending US lawmakers, defense contractors and even a four-star general. The plan was apparently to get close to these individuals and then extract data from them.According to a new report from cyber security firm iSight Partners, the ruse involved more than a dozen fake personas – supposedly working at fake US news organizations – which were used to develop connections to the targets via social media websites such as Facebook and LinkedIn. The alleged campaign dates back to at least 2011 and it is reportedly still under way.
While the ploy was primarily focused on US and Israeli targets in both the private and public sectors, it reportedly also targeted similar officials in countries such as the United Kingdom, Saudi Arabia, Syria and Iraq.
"iSIGHT Partners believes Iranian threat actors are using more than a dozen fake personas on social networking sites (Facebook, Twitter, LinkedIn, Google+, YouTube, Blogger) in a coordinated, long-term cyber espionage campaign," the cyber security firm posted on its website on Wednesday. "At least 2,000 people/targets are, or have been, caught in the snare and are connected to the false personas.
"This campaign, working undetected since 2011, targets senior US military and diplomatic personnel, congressional personnel, Washington D.C. area journalists, US think tanks, defense contractors in the US and Israel, as well as others who are vocal supporters of Israel to covertly obtain log-in credentials to the email systems of their victims," iSight Partners added. "Additional victims in the U.K. as well as Saudi Arabia and Iraq were targeted."
This effort – which is believed to be linked to Iran's government – could indicate that Tehran has reached a hacking effort that could rival those of the United States and China. US intelligence experts have not considered Iran to be a first-tier cyber power and instead had placed it alongside North Korea or Syria. However, this campaign shows some serious efforts were made.
"It is such a complex and broad-reaching, long-term espionage campaign for the Iranians," Tiffany Jones, a senior vice president at iSight and a former National Security Council aide in the George W. Bush administration, told Market Watch. "What they lack in technical sophistication, they make up in creativity and persistence."
According to Jeremy Kirk of IDG News Service, not only did the hackers create fake yet credible-looking online personas on social networks, but these included profile photos, which media reports said were often of "attractive women" and "were copied from random photos." Moreover, the hackers also created a fake online news organization reportedly called "NewsOnAir.org," which was still posting content as of Wednesday night.
The site apparently operated by copying news stories from legitimate publishers including Reuters, the BBC and the Associated Press.
It was through the fake profiles that the hackers then sought to befriend associates of the real targets, who were eventually approached online. The victims were reportedly receptive to the social media invitations after seeing that the fake person had existing connections. The fake journalists, who went by names such as Sara McKibben and Adia Mitchell also "interacted" with one another on social media to further make for a more convincing ruse.
While there are reports that the hackers employed malware at times, they primarily used social engineering tactics such as tricking them into divulging login credentials for Web-based services. Other methods seemed to have included phishing-type attacks where the targets were directed to fake Google Gmail login pages, or other spoofed Web-based login pages.
Bloomberg's Michael Riley noted that while great efforts were made it was also "at times (a) sloppy attempt." The ruse had layers of problems it seems, not the least of which was the fact that OnTheAir.org was registered in Tehran.
Riley also reported: "It also looked like the work of clock-punchers: The hackers took Tehran-time lunch breaks and went quiet from Thursday afternoon to Saturday morning, a schedule consistent with Iran's work week."
As for whether this will hurt legitimate news organizations' efforts is unclear, but iSight suggested, "Don't be worried, but do be vigilant. As always, do not create trusted connections with unknown organizations and/or individuals. Never provide login credentials with any site or person who contacts to you (rather than you contacting it), use strong passwords and regularly change them."