Iran’s intelligence agents are using fake profiles on social networks in attempts to trick US government and military personnel to divulge passwords for their accounts, a security company has claimed.
The snoops are using more than a dozen fake personas on social networking sites, including Facebook, Twitter, LinkedIn, Google+, YouTube and Blogger, and are connected from those services to at least 2,000 targets, cyber intelligence firm iSight Partners said. They pretend to be journalists, government officials and defense contractors.
The “Newscaster” campaign, which also saw the spies create a fake news website newsonair.org, went undetected for three years, having kicked off in 2011. The Facebook account for the news site no longer exists, whilst the Twitter account has not posted a message since January.
“The targeting, operational schedule, and infrastructure used in this campaign is consistent with Iranian origins,” iSight said, adding that the working hours of the group were in sync with those in Iran. It could not provide any definitive proof the hackers were from the country, however.
“These credible personas … connected, linked, followed, and ‘friended’ target victims, giving them access to information on location, activities, and relationships from updates and other common content.
“Accounts were then targeted with ‘spear-phishing’ messages. Links which appeared to be legitimate asked recipients to log-in to false pages, thus capturing credential information. It is not clear at this time how many credentials the attack has captured to date.”
The spies were also using a strain of simple malware that was able to steal data, iSight said. The company suspected the campaign might have yielded some critical insight for the Iranians.
“Iranian actors may have used accesses gained through this activity to support the development of weapon systems, provide insight into the disposition of the US military or the US alliance with Israel, or impart an advantage in negotiations between Iran and the US.”
iSight admitted it had “limited knowledge of Newscaster targeting” and could not be certain the Iranian government sponsored the operation. Corporate intermediaries and other third parties could be responsible, it suggested, noting the perpetrators “made many mistakes and were detected by potential victims”.
The Iranian embassy in London was not available for comment at the time of publication.
Various reports have suggested Iran is growing its cyber capability. FireEye released research linking the Ajax Security Team hackers, who hit Iranian users of anti-censorship technology and US government entities, with Iran.
FireEye said it believed Iran was increasingly reaching out to hacker groups within the country.
Some security experts have questioned the motivations behind recent reports from US security companies related to Iran’s alleged cyber campaigns. “There are genuine threats and capabilities with some nation states but focus seems to be on certain players at different times. That with the ‘quality’ of some reports raises questions about motives of those involved,” said security consultant Brian Honan, speaking to TechWeekEurope over Twitter.
“Genuine threats or marketing opportunities?” he added.
What do you know about Internet security? Find out with our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…
View Comments
stop spreading false inforamtion, just because a company says it doesnt make it true. if a company says that NSA is collecting data would you report that? no you wouldnt because this is part of the western propaganda to give biased and misinterpreted or even untrue information
That's kinda the point of news, really - reporting what other people say, letting the readers make up their mind. But I hope you will agree that our coverage of the NSA surveillance scandal has been quite thorough.
You might also want to read the final section of the article...
Iran has a long and dubious history of cyber-attacks as it has gone after US businesses, utility networks and government agencies. Now there are new revelations of even setting up fake social media profiles and news sites in order to befriend lawmakers, staff, journalists and others online and introduce malware to capture passwords and gain access to new networks. The broad effort is more evidence that Iran tries to project a “moderate” image on the one hand, but is really focused on manipulating nuclear talks in order to get crippling economic sanctions lifted without giving up its weapons capability or without any linking to improvements in brutal human rights violations. For anyone online, the worst thing we had to worry about with the NSA was getting recorded, in Iran’s case, the worse thing to worry about it actually becoming friends with a stealth Iranian Revolutionary Guard member