The Iranian hackers may have spent years in running a creative and most dedicated cyber espionage campaign to steal government credentials with the help of Social Media including Facebook, Twitter, LinkedIn, Google+, YouTube and Blogger.
A Dallas-based computer-security firm, iSIGHT Partners, has exposed today a three-year old cyber espionage campaign which they believe to have originated in Iran, targeting a number of military and political leaders in the United States, Israel and other countries by creating false social networking accounts and a fake news website.
The security firm dubbed the cyber espionage operation as ‘Newscaster’, under which the iranian hackers are using more than a dozen social-media accounts of fake personas on social media sites such as Facebook, Twitter, and LinkedIn and targeted at least 2,000 people.
Since 2011, the Iranian hackers group has targeted current and former senior U.S. military officials, including a four-star U.S. Navy admiral, U.S. lawmakers and ambassadors, members of the U.S.-Israeli lobby, diplomats, journalists from Washington D.C., as well as personnel from more than 10 U.S. and Israeli defense contractors, according to the cyber security research firm.
“We've never seen a cyber espionage campaign from the Iranians as complex, broad reaching and persistent as this one,” says Tiffany Jones, senior vice president of client services at iSIGHT “The dozen or so primary fictitious personas have done a pretty successful job over the last few years in gleaning thousands of connections and ultimately targeting legitimate individuals through their social media networks.”
The core part of the operation is the fake news site known as NewsOnAir.org, registered in Tehran and located on a server that hosted mostly Iranian Web sites. The website is owned and operated by a fake media mogul named Joseph Nillson, whom they illustrated using a photo of Alexander McCall Smith, author of The No.1 Ladies’ Detective Agency.
This fake news website served the articles from other legitimate news sites but post under the names of six fake authors and thereby linked the published article from the fake identities in order to masquerade their targets. The fake personas impersonated to be working as a journalist, government employee or a defense contractor.
Once they gain the trust of their targets and befriend them through fake profiles, the hackers sent malicious links by emails which when accessed, would unleash malware designed primarily to steal email account credentials. The link directs people to fake login screens in order to steal their usernames and passwords.
The firm has not revealed the identity of the victims and the kind of data the hackers had stolen, who were seeking credentials to access government and corporate networks, as well as infect machines with malicious software. It’s also unclear that how many credentials hackers had captured till now.
“If it’s been going on for so long, clearly they have had success,” iSight Executive Vice President Tiffany Jones told Reuters.
The purpose of the hack is also not clear, but the cyber-threat intelligence firm suggested that Newscaster's accesses may support the development of weapon systems or provide insight into U.S. military actions and negotiations with Middle Eastern countries.