Iranian Hackers Use Facebook to Spy

Over a span of three years, Iranian hackers created fake social network profiles and a fake new site to spy on foreign leaders, including U.S. military and political leaders, according to a report.

ISight Partners, a digital intelligence company, announced the three-year operation called "Newscaster" that spied on a U.S. admiral and other leader, according to Reuters. The hackers also spied on Afghani, British, Iraqi, Israeli, Saudi Arabian and Syrian officials. The company didn't identify the victims nor did it say what data was stolen, only that the hackers wanted credentials for network access and intelligence on weapons and diplomacy.

"If it's been going on for so long, clearly they have had success," iSight Executive Vice President Tiffany Jones told Reuters.

The operation was called "Newscaster" because the hackers created six personas who worked for a fake news site. The hackers also created eight personas that worked for defense contractors and others. The hackers would make contact with their targets by creating a relationship with the victim's friends or family through Facebook, Google, LinkedIn and Twitter. Then the hackers would send the victims links to news articles on to "establish trust." Later they would send links that sent them to malware which would infect their computers, or send them to portals that would require log-in credentials.
The campaign netted more than 2,000 connections but the group only wanted a few hundred high-value targets.
"This campaign is not loud. It is low and slow," said Jones. "They want to be stealth. They want to be under the radar."
Facebook Inc spokesman Jay Nancarrow the company discovered the hackers during their own investigation. "We removed all of the offending profiles we found to be associated with the fake NewsOnAir organization and we have used this case to further refine our systems that catch fake accounts at various points of interaction on the site," Nancarrow said.
LinkedIn said its was investigating the report, while Twitter and Google weren't reached for comment. 
The spy ring seems to use the same effective tricks most hackers use -- getting people to click on links to malware. It's not surprising it worked so well, but we would have hoped that higher-level government officials would have been more suspicious.
Contact Us