iTnews
  • Home
  • News
  • Technology
  • Security

Elaborate Iranian hacking scheme targets US lawmakers

By Jim Finkle on May 30, 2014 12:10PM
Elaborate Iranian hacking scheme targets US lawmakers

Attackers build fake news website, social network.

In an unprecedented, three-year cyber espionage campaign, Iranian hackers created false social networking accounts and a bogus news website to spy on military and political leaders in the United States, Israel and other countries, a cyber intelligence firm said on Thursday.

ISight Partners, which uncovered the operation, said the targets include a four-star US Navy admiral, US lawmakers and ambassadors, and personnel from Afghanistan, Britain, Iraq, Israel, Saudi Arabia and Syria.

The firm declined to identify victims and said it could not say what data had been stolen by the hackers, who were seeking credentials to access government and corporate networks, as well as intelligence on weapons systems and diplomatic negotiations.

"If it's been going on for so long, clearly they have had success," iSight Executive Vice President Tiffany Jones told Reuters. 

ISight dubbed the operation "Newscaster" because it said the Iranian hackers created six "personas" who appeared to work for a fake news site, NewsOnAir.org, which used content from the Associated Press, BBC, Reuters and other media outlets. The hackers created another eight personas who purported to work for defense contractors and other organisations, iSight said.

The hackers set up false accounts on Facebook and other social networks for these 14 personas, populated profiles with fictitious personal content, and then tried to befriend targets, according to iSight.

To build credibility, hackers approached high-value targets after establishing ties with victims' friends, colleagues, relatives and other connections over social networks including Facebook, Google, LinkedIn, and Twitter.

The hackers would initially send the targets content that was not malicious, such as links to news articles on NewsOnAir.org, in a bid to establish trust. Then they would send links that infected PCs with malicious software, or direct targets to web portals that ask for network log-in credentials, iSight said.

The hackers used the 14 personas to make connections with more than 2000 people, the firm said, adding that it believed the group ultimately targeted several hundred individuals.

"This campaign is not loud. It is low and slow," said Jones. "They want to be stealth. They want to be under the radar."

ISight said it had alerted some victims and social networking sites as well as the US Federal Bureau of Investigation and overseas authorities. An FBI spokeswoman declined to comment.

Facebook spokesman Jay Nancarrow said his company had discovered the hacking group while investigating suspicious friend requests and other activity on its website.

"We removed all of the offending profiles we found to be associated with the fake NewsOnAir organisation and we have used this case to further refine our systems that catch fake accounts," Nancarrow said.

LinkedIn spokesman Doug Madey said the site was investigating the report, though none of the fake profiles were currently active.

Twitter declined to comment. Google did not respond to a request for comment.

Post Stuxnet era

ISight disclosed its findings as evidence emerges that Iranian hackers are becoming increasingly aggressive in the wake of the 2010 Stuxnet computer virus attack on Tehran's nuclear program, widely believed to have been launched by the United States and Israel.

ISight said it could not ascertain whether the hackers were tied to Tehran, though it believed they were supported by a nation state because of the operation's complexity.

The firm said NewsOnAir.org was registered in Tehran and likely hosted in Iran. The Persian term "Parastoo" was used as a password for malware associated with the group, which appeared to work during business hours in Tehran, according to iSight.

Among the 14 false personas were reporters for NewsOnAir, including one with the same name as a Reuters journalist in Washington; six employees who purportedly worked for defence contractors; a systems administrator with the US Navy; and an accountant working for a payment processor.

A spokesman for Thomson Reuters, which owns Reuters, declined to comment.

Chris Hadnagy, author of "Unmasking the Social Engineer," said Newscaster was by far the most sophisticated hacking campaign involving social networking sites that has been uncovered so far.

"We're going to see more and more of this vector being used. It is probably a lot deeper than we realise right now," said Hadnagy.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright Reuters
© 2019 Thomson Reuters. Click for Restrictions.
Tags:
hackeriransecuritysocial engineeringsocial mediaus

Partner Content

Accenture and Google Cloud team up to create a loveable, Australian-first, renewable energy product
Promoted Content Accenture and Google Cloud team up to create a loveable, Australian-first, renewable energy product
How to turn digital complexity into competitive advantage
Promoted Content How to turn digital complexity into competitive advantage
Why rethinking your CMS is crucial for customer retention
Promoted Content Why rethinking your CMS is crucial for customer retention
Security "mindset shift" needed to protect organisations
Promoted Content Security "mindset shift" needed to protect organisations

Sponsored Whitepapers

Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership

Events

  • Micro Focus Information Management & Governance (IM&G) Forum 2022
  • CRN Channel Meets: CyberSecurity Live Event
  • IoT Insights: Secure By Design for manufacturing
  • Cyber Security for Government Summit
  • Forrester Technology & Innovation Asia Pacific 2022
By Jim Finkle
May 30 2014
12:10PM
0 Comments

Related Articles

  • Facebook says Iranian hackers used site to spy on US military personnel
  • Crypto crash threatens North Korea's stolen funds
  • Suspected Okta hackers arrested by British police
  • New Iranian hacker backdoor evades security products
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Qantas calls time on IBM, Fujitsu in tech modernisation

Qantas calls time on IBM, Fujitsu in tech modernisation
Service NSW hits digital services goal two years early

Service NSW hits digital services goal two years early
NBN Co taking orders for 'non-premises' connections

NBN Co taking orders for 'non-premises' connections
Australian scientists build world's first quantum computer IC

Australian scientists build world's first quantum computer IC

Digital Nation

COVER STORY: Operationalising net zero through the power of IoT
COVER STORY: Operationalising net zero through the power of IoT
IBM global chief data officer on the rise of the number crunchers
IBM global chief data officer on the rise of the number crunchers
The security threat of quantum computing
The security threat of quantum computing
Integrity, ethics and board decisions in the digital age
Integrity, ethics and board decisions in the digital age
Crypto experts optimistic about future of Bitcoin: Block
Crypto experts optimistic about future of Bitcoin: Block
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.