Published On: Thu, May 29th, 2014

Iran hackers use fake Facebook profiles to spy on US and Britain

A cyber intelligence firm has uncovered an elaborate, three-year long, cyber espionage campaign in which Iranian hackers used social media and a fake news site to spy on military and political leaders from countries including Britain and the United States.

In a program that had gone undetected since 2011, Iranian hackers created a fake news website and false personas on social networking sites such as Facebook and Twitter in order to gather information on at least 2000 people, including politicians, diplomats, and military personnel.

Although insight, the US based company that identified the hacking campaign, said it had no proof to tie the Iranian hackers to the government in Tehran, it said believed they were supported by a nation state because of the complexity of the operation.

The hackers focused on the US and Israel, and other countries seen as being supportive to Israel.

They sought “to covertly obtain log-in credentials to the email systems” of their targets, as well as collect personal information through accessing their social networking pages, the company said in a statement on Thursday.

The hackers had also “intimated their interest in specific defence technology, as well as military and diplomat information by their targeting”, the company said.

Iran stepped up it’s use of cyber espionage in response to the Stuxnet attack on it’s nuclear program in 2010 – a cyber campaign widely believed to have been led by the US and Israel.

Earlier this month FireEye Inc, another cyber security company, said that a group known as the Ajax Security Team has become the first Iranian hacking group to use custom-built malicious software for espionage.

The cyber espionage campaign exposed by iSight, which has been named “NEWSCASTER” by the company, involved creating a series of fake personas who claimed to work in journalism, government and defence contracting.

The hackers went to elaborate lengths to make the accounts appear credible, including by creating the fictitious journalism website The news site posted content on its websites from other, real, news outlets.

Then the personas connected, linked, followed and “friended” their targets, gathering the common content – location, relationship status, activities, from the targets’ accounts.

The accounts were then also hit with “spear-phising” messages: false links that seemed legitimate and asked recipients to log-in, thus capturing their passwords.

The firm declined to identify the victims and said it could not say what data had been stolen by the hackers, who were seeking credentials to access government and corporate networks, as well as infect machines with malicious software.

“If it’s been going on for so long, clearly they have had success,” Tiffany Jones, the iSight executive vice president told Reuters.

The company said it only had “limited knowledge” of what exact information NEWSCASTER had managed to glean in the three years that it was operational, but it inferred that the intelligence gathered might be ultimately to learn, for example, about the disposition of the US military, or to “impart an advantage in negotiations between Iran and the US”.