The Dallas based cyber intelligence firm, ISight Partners, exposed an ample three-year cyber espionage campaign, where Iranian hackers used fake social networking accounts together with a fake news portal for spying on political and military leaders in the US, Israel and other countries.
Although the real identities of the victims weren’t published, through the targets we can find a four-star US Navy admiral, US lawmakers and ambassadors, members of the US-Israeli lobby, and personnel from Britain, Saudi Arabia, Syria, Iraq and Afghanistan.
“If it’s been going on for so long, clearly they have had success,” iSight Executive Vice President Tiffany Jones told Reuters.
This operation has been going on since at least 2011, iSight specifying that it is the most elaborate cyber espionage campaign to date using social networks.
This campaign is known under the name “Newscaster” because hackers invented six “personas” who supposedly work for a fake news site, NewsOnAir.org, which used content from the popular media outlets: Associated Press, BBC, Reuters, etc. As iSight explained, the plan also implies another eight personas who looks to be hired for defense contractors and other organizations.
They set up false accounts on Facebook and other social networks for these personas, populated their profiles with false personal information. Then the hackers would approach high-value targets by first establishing connections with the victims’ friends, classmates, colleagues and relatives over popular social networks such as Facebook, Google, YouTube, LinkedIn Corp and Twitter.
Over 2000 people were connected by the 14 personas, made by the Iranian hackers. To establish trust, initially the targets received links to news articles on NewsOnAir.org, just after they send links with malicious software or direct link to web portals asking for network log-in credentials.
“This campaign is not loud. It is low and slow,” said Jones. “They want to be stealth. They want to be under the radar.”
ISight already alerted some of the victims, social networking sites and the FBI. Jay Nancarrow, Facebook’s spokesman, certified that his company discovered the hacking group while analyzing suspicious friend requests on its network.
“We removed all of the offending profiles we found to be associated with the fake NewsOnAir organization and we have used this case to further refine our systems that catch fake accounts at various points of interaction on the site and block malware from spreading,” Nancarrow said.
LinkedIn is also investigating the profiles shown by iSight, but none of them are currently active, according to spokesman Doug Madey.
Iranian hackers have intensified their cyber hacking activity following the Stuxnet attack. This computer virus is believed to have been launched in 2010 by the United States and Israel against Tehran’s nuclear program. Also just earlier this month FireEye, a cybersecurity company, reported that Iranian hacking group Ajax Security Team became the first one to use custom-built malicious software for espionage.
Due to the scale of the operation, iSight said that the hacker group could as well be tied with the Tehran government, as this requires quite some support.
The operation consisted of 14 false personas (reporters for NewsOnAir, including one with the same name as an US Reuters journalist), six employees who supposedly worked for defense contractors, a system administrator in the US Navy and an accountant working for a payment processor.