Iranian hackers ‘used Facebook to spy on US’
Operatives set up fake personas and befriended US and Western officials, according to internet security firm.
Iranian hackers set up fake Facebook accounts and tried to befriend US and Western officials in an effort to spy on them, an internet security firm has said.
The hackers created fake personas and populated their profiles with fictitious personal content, and then tried to befriend targets, the Reuters news agency reported.
Targets are believed to include a US navy admiral, politicians, ambassadors, lobbyists and officials from several other countries including the UK and Saudi Arabia, according to the internet firm, iSight Partners.
ISight declined to identify the victims and said it could not say what data had been stolen. “If it’s been going on for so long, clearly they have had success,” said Tiffany Jones, a company executive.
The firm said Iranian hackers created six online personas, who appeared to work for a website, newsonair.org, and another eight who purported to work for defence contractors and other organisations.
The operation has been active since at least 2011 and is thought to be the most elaborate cyber espionage campaign using “social engineering” uncovered to date, iSight said.
To build credibility, the hackers would approach high-value targets by first establishing ties with friends of the target, classmates, colleagues, relatives and other connections over social networks run by Facebook, Google, LinkedIn and Twitter.
Then they would send links that infected PCs with malicious software, or direct targets to web portals that ask for network log-in credentials.
The firm said hackers made connections with more than 2,000 people, adding that it believed the group ultimately targeted several hundred individuals in a “low and slow” campaign.
A spokesman for Facebook said it had discovered the hacking group and had removed the accounts.
LinkedIn said the site was investigating the report, though none of the 14 fake profiles uncovered by iSight were currently active.
ISight said it did not know if the hackers were tied to the government in Tehran, though it believed they were supported by a nation state because of the complexity of the operation.
The firm said newsonair.org was registered in Tehran and probably hosted by an Iranian provider.
Among the 14 false personas were reporters for newsonair, including one with the same name as a Reuters journalist in Washington; six employees who purportedly worked for defence contractors; a systems administrator with the US navy, and an accountant working for a payment processor.