Iranian cyberspies have
apparently for years been extracting information from American
lawmakers, ambassadors, and even a four-star Navy admiral… by
friending them on Facebook.
Cybersecurity company iSight Partners discovered the security
threat and on Wednesday released a report on it. The
organization claims that
spies have since 2011 targeted “at least 2,000 people” and that
targets include “senior U.S. military and diplomatic personnel,
congressional personnel, Washington D.C. area journalists, U.S.
think tanks, defense contractors in the U.S. and Israel” and
“additional victims in the U.K. as well as Saudi Arabia and Iraq
were targeted.”
As part of this intelligence-gathering campaign, dubbed
“Newscaster” by iSight, Iranian operatives created profiles on
social media sites like Facebook and LinkedIn. They posed as
“young, attractive women” according
to Bloomberg. The Iranians would build trust by sending
their targets links to a non-malicious but fake news site called
“NewsOnAir.org.” Then, “as the ruse went on, they would send their
targets links to, for instance, a YouTube video of a weapons
system,”
explains The Washington Post. “When the target clicked
on the link, he would be redirected to a spoof page — maybe a Gmail
log-in or company e-mail log-in page — designed to steal his log-in
and password information.” This is called “phishing,” and it’s one
of the oldest tricks in the book of scamming people out of
sensitive information on the web.
“Specific defense technology as well as military and diplomatic
information” is likely the target of this campaign,” states iSight,
but exactly what was taken and how much of it is unknown. The
company hasn’t named any of the targets.
Facebook has already taken down the fake profiles and LinkedIn
is investigating the ones on their own site.
“This attack is decently technical, but most of it is cleverness
and time,” Jason Healey of the Atlantic Council’s cyber statecraft
initiative told Bloomberg. “Iran believes they are facing
dangerous attacks by Israel, dangerous attacks by the U.S.,
and they know they have to come up with some clever stuff.”
Perhaps it’s a privilege of authority to have to worry about
friend requests from femme fatales compromising international
security, but it’s a problem that these officials could have
avoided simply by not connecting with complete strangers on the
Internet.
from Hit & Run http://ift.tt/1k8be1F
via IFTTT