Go Back   Professional Soldiers > The Pipeline (Special Forces Training) > 18F

Thread Tools Display Modes
Old 05-31-2014, 21:11   #1
Area Commander
frostfire's Avatar
Join Date: Nov 2004
Location: land of Airborne and Special Operations
Posts: 2,135
Iranian hackers use fake Facebook accounts to spy on U.S., others

Beware of those "friend requests" and "connect with" on facebook, linkedin, twitter, youtube, etc.


In an unprecedented, three-year cyber espionage campaign, Iranian hackers created false social networking accounts and a bogus news website to spy on military and political leaders in the United States, Israel and other countries, a cyber intelligence firm said on Thursday.

ISight Partners, which uncovered the operation, said the targets include a four-star U.S. Navy admiral, U.S. lawmakers and ambassadors, and personnel from Afghanistan, Britain, Iraq, Israel, Saudi Arabia and Syria.

The firm declined to identify victims and said it could not say what data had been stolen by the hackers, who were seeking credentials to access government and corporate networks, as well as intelligence on weapons systems and diplomatic negotiations. "If it's been going on for so long, clearly they have had success," iSight Executive Vice President Tiffany Jones told Reuters. The privately held company is based in Dallas, Texas and provides intelligence on cyber threats.

true ISight dubbed the operation "Newscaster" because it said the Iranian hackers created six "personas" who appeared to work for a fake news site, NewsOnAir.org, which used content from the Associated Press, BBC, Reuters and other media outlets. The hackers created another eight personas who purported to work for defense contractors and other organizations, iSight said.

The hackers set up false accounts on Facebook and other social networks for these 14 personas, populated profiles with fictitious personal content, and then tried to befriend targets, according to iSight.

To build credibility, hackers approached high-value targets after establishing ties with victims' friends, colleagues, relatives and other connections over social networks including Facebook Inc (FB.O), Google Inc (GOOGL.O) LinkedIn Corp (LNKD.N) and Twitter Inc (TWTR.N).

The hackers would initially send the targets content that was not malicious, such as links to news articles on NewsOnAir.org, in a bid to establish trust. Then they would send links that infected PCs with malicious software, or direct targets to web portals that ask for network log-in credentials, iSight said.

The hackers used the 14 personas to make connections with more than 2,000 people, the firm said, adding that it believed the group ultimately targeted several hundred individuals.

"This campaign is not loud. It is low and slow," said Jones. "They want to be stealth. They want to be under the radar."

ISight said it had alerted some victims and social networking sites as well as the U.S. Federal Bureau of Investigation and overseas authorities. An FBI spokeswoman declined to comment.

Facebook Inc (FB.O) spokesman Jay Nancarrow said his company had discovered the hacking group while investigating suspicious friend requests and other activity on its website.

"We removed all of the offending profiles we found to be associated with the fake NewsOnAir organization and we have used this case to further refine our systems that catch fake accounts," Nancarrow said.

LinkedIn spokesman Doug Madey said the site was investigating the report, though none of the fake profiles were currently active.

Twitter declined to comment. Google did not respond to a request for comment.


ISight disclosed its findings as evidence emerges that Iranian hackers are becoming increasingly aggressive in the wake of the 2010 Stuxnet computer virus attack on Tehran's nuclear program, widely believed to have been launched by the United States and Israel.

ISight said it could not ascertain whether the hackers were tied to Tehran, though it believed they were supported by a nation state because of the operation's complexity.

The firm said NewsOnAir.org was registered in Tehran and likely hosted in Iran. The Persian term "Parastoo" was used as a password for malware associated with the group, which appeared to work during business hours in Tehran, according to iSight.

Among the 14 false personas were reporters for NewsOnAir, including one with the same name as a Reuters journalist in Washington; six employees who purportedly worked for defense contractors; a systems administrator with the U.S. Navy; and an accountant working for a payment processor.

A spokesman for Thomson Reuters Corp, which owns Reuters, (TRI.N) (TRI.TO) declined to comment.

Chris Hadnagy, author of "Unmasking the Social Engineer," said Newscaster was by far the most sophisticated hacking campaign involving social networking sites that has been uncovered so far. "We're going to see more and more of this vector being used. It is probably a lot deeper than we realize right now," said Hadnagy, who runs a website, www.social-engineer.com.
"we also rejoice in our sufferings, because we know that suffering produces perseverance; perseverance, character; and character, hope" Rom. 5:3-4

"So we can suffer, and in suffering we know who we are" David Goggins

"Aide-toi, Dieu t'aidera " Jehanne, la Pucelle

Der, der Geld verliert, verliert einiges;
Der, der einen Freund verliert, verliert viel mehr;
Der, der das Vertrauen verliert, verliert alles.

frostfire is offline   Reply With Quote
Old 05-31-2014, 21:21   #2
Quiet Professional
MtnGoat's Avatar
Join Date: Feb 2006
Location: Asscrackistan
Posts: 4,289
Nothing new here, yet it's sad how so many still don't get this. Social a Engineering networking is simple to defeat, yet people don't educate their people.

Just link the Robin Sage conducted on LinkedIn.
"Berg Heil"

History teaches that when you become indifferent and lose the will to fight someone who has the will to fight will take over."


Intelligence failures are failures of command [just] as operations failures are command failures.
MtnGoat is offline   Reply With Quote
Old 06-01-2014, 10:39   #3
Team Sergeant
Quiet Professional
Team Sergeant's Avatar
Join Date: Jan 2004
Location: Phoenix, AZ
Posts: 20,929
How is it "spying" if it's posted in the open?

How I enjoy the terrorism and spying "experts" commentary.......

Has DHS issued a "THE SKY IS GOING TO FALL" alert lately?
"The Spartans do not ask how many are the enemy, but where they are."
Team Sergeant is offline   Reply With Quote
Old 06-01-2014, 11:37   #4
Trapper John
Quiet Professional
Trapper John's Avatar
Join Date: Nov 2012
Location: Harrisburg, PA
Posts: 3,733
This is just silly.
Honor Above All Else
Trapper John is offline   Reply With Quote
Old 06-04-2014, 03:08   #5
Quiet Professional
WarriorDiplomat's Avatar
Join Date: May 2010
Location: C.S. Colorado
Posts: 1,989
Originally Posted by Team Sergeant View Post
How is it "spying" if it's posted in the open?

How I enjoy the terrorism and spying "experts" commentary.......

Has DHS issued a "THE SKY IS GOING TO FALL" alert lately?
Yeah more like Psyops
WarriorDiplomat is offline   Reply With Quote
Old 06-04-2014, 03:17   #6
Quiet Professional
WarriorDiplomat's Avatar
Join Date: May 2010
Location: C.S. Colorado
Posts: 1,989
Originally Posted by Brush Okie View Post
Its funny this post came out. I got a friend request from some 20 something hottie I never heard of wanting to be my friend today. Yea right. While I doubt it is some foreign service it is more likely some excon or other scammer looking to scam info and other bullshit sales. That is VERY common in socil networks to get info for scams.
Well if the tactic works for pedophiles, fake charities and some generous people in Nigeria who keep trying give me alot of money and all i have to do is send them 1000 then why not FIS
WarriorDiplomat is offline   Reply With Quote

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump

All times are GMT -6. The time now is 08:04.

Copyright 2004-2021 by Professional Soldiers
Site Designed, Maintained, & Hosted by Hilliker Technologies