Categories: SecurityWorkspace

Iran Spies ‘Using Facebook To Snoop On US Government’

Iran’s intelligence agents are using fake profiles on social networks in attempts to trick US government and military personnel to divulge passwords for their accounts, a security company has claimed.

The snoops are using more than a dozen fake personas on social networking sites, including Facebook, Twitter, LinkedIn, Google+, YouTube and Blogger, and are connected from those services to at least 2,000 targets, cyber intelligence firm iSight Partners said. They pretend to be journalists, government officials and defense contractors.

UK groups were targeted, as were senior US military and diplomatic personnel, as well as American journalists, think tanks, defence contractors, the company said, claiming the operation was “unprecedented in complexity, scale, and longevity”.

Iran ‘Newscaster’ operation

The “Newscaster” campaign, which also saw the spies create a fake news website newsonair.org, went undetected for three years, having kicked off in 2011. The Facebook account for the news site no longer exists, whilst the Twitter account has not posted a message since January.

“The targeting, operational schedule, and infrastructure used in this campaign is consistent with Iranian origins,” iSight said, adding that the working hours of the group were in sync with those in Iran. It could not provide any definitive proof the hackers were from the country, however.

“These credible personas … connected, linked, followed, and ‘friended’ target victims, giving them access to information on location, activities, and relationships from updates and other common content.

“Accounts were then targeted with ‘spear-phishing’ messages.  Links which appeared to be legitimate asked recipients to log-in to false pages, thus capturing credential information. It is not clear at this time how many credentials the attack has captured to date.”

The spies were also using a strain of simple malware that was able to steal data, iSight said. The company suspected the campaign might have yielded some critical insight for the Iranians.

“Iranian actors may have used accesses gained through this activity to support the development of weapon systems, provide insight into the disposition of the US military or the US alliance with Israel, or impart an advantage in negotiations between Iran and the US.”

iSight admitted it had “limited knowledge of Newscaster targeting” and could not be certain the Iranian government sponsored the operation. Corporate intermediaries and other third parties could be responsible, it suggested, noting the perpetrators “made many mistakes and were detected by potential victims”.

The Iranian embassy in London was not available for comment at the time of publication.

Why the focus on Iran?

Various reports have suggested Iran is growing its cyber capability. FireEye released research linking the Ajax Security Team hackers, who hit Iranian users of anti-censorship technology and US government entities, with Iran.

FireEye said it believed Iran was increasingly reaching out to hacker groups within the country.

Some security experts have questioned the motivations behind recent reports from US security companies related to Iran’s alleged cyber campaigns. “There are genuine threats and capabilities with some nation states but focus seems to be on certain players at different times. That with the ‘quality’ of some reports raises questions about motives of those involved,” said security consultant Brian Honan, speaking to TechWeekEurope over Twitter.

“Genuine threats or marketing opportunities?” he added.

What do you know about Internet security? Find out with our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

View Comments

  • stop spreading false inforamtion, just because a company says it doesnt make it true. if a company says that NSA is collecting data would you report that? no you wouldnt because this is part of the western propaganda to give biased and misinterpreted or even untrue information

    • That's kinda the point of news, really - reporting what other people say, letting the readers make up their mind. But I hope you will agree that our coverage of the NSA surveillance scandal has been quite thorough.

  • Iran has a long and dubious history of cyber-attacks as it has gone after US businesses, utility networks and government agencies. Now there are new revelations of even setting up fake social media profiles and news sites in order to befriend lawmakers, staff, journalists and others online and introduce malware to capture passwords and gain access to new networks. The broad effort is more evidence that Iran tries to project a “moderate” image on the one hand, but is really focused on manipulating nuclear talks in order to get crippling economic sanctions lifted without giving up its weapons capability or without any linking to improvements in brutal human rights violations. For anyone online, the worst thing we had to worry about with the NSA was getting recorded, in Iran’s case, the worse thing to worry about it actually becoming friends with a stealth Iranian Revolutionary Guard member

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

5 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

7 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

8 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

9 hours ago