Only a few days ago, we have reported about a string of hacking campaigns targeting defense contractors in the U.S. in what may seem to be a desperate move by a hacker group from Iran called Ajax Security Team. Now, a fresh report indicates another cyber crime in the form of espionage perpetrated by Iranian hackers against the U.S. government and military officials, as well as Israeli leaders.
Cyberintelligence company ISight Partners was the first to spill the beans on the cyber espionage, which has been going on for three years.
It was found out that the hackers – it remains unknown whether this group is the same team that constituted the Ajax team – have been spying on their intended targets, namely U.S. legislators, a high-ranking Navy official, and envoys to countries in the Middle East and in Britain, using bogus accounts with Facebook, Twitter, LinkedIn and Google+. A fake news website, newsonair.org, also served as a pretext of decent intentions.
Why it took three years before the espionage was uncovered has yet to be explained. ISight could not as well figure out the extent of the breach with respect to data that has been compromised, credentials of government officials stolen to access classified information and sensitive networks, and non-public data regarding the defense systems of the U.S. and Israel, which has a longstanding rift with Iran.
ISight reported that the Iranian hackers forged six names of fake journalists that allegedly wrote for the bogus news site, which also syndicated contents from Associated Press and Reuter – part of a plan to give the impression that the site is indeed reliable, or will look so to the targeted officials. Then a spate of feigned Facebook accounts were created for these nonexistent persons to add the intended victims as friends in order to spy on their daily activities, or deeper than that.
The method used here falls under the category of social engineering, an elaborate manipulation of social events to gain advantage at the expense of others.
The hackers went as far as connecting with the victims’ circles on Google+ and Twitter in order to establish a seemingly strong link with the target.
All is set, the hackers would then send emails to the target that at first sight may look benign, but actually contain malicious links to NewsOnAir.org and attachments.
The hackers did not only attack government and military officials, they also targeted thousands of individuals.
Facebook in particular detected the hackers accidentally while the social networking site was looking into reports of abnormal friend requests and other suspicious activities on Facebook, and has moved to delete their fake accounts.