3 min read

Iranian hackers set up fake news website, and posed as journalists on Facebook to spy on United States and others

Graham CLULEY

May 29, 2014

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Iranian hackers set up fake news website, and posed as journalists on Facebook to spy on United States and others

Security researchers claim to have uncovered a three-year-old internet espionage campaign, targeting military personnel, diplomats, and defence contractors in the United States and Israel.

The campaign, dubbed “NEWSCASTER” by iSIGHT Partners, saw more than a dozen fake profiles created on social networking sites like Facebook, Twitter and LinkedIn, pretending to be journalists, government or defence workers.

The hackers managed to dupe at least 2000 potential targets to connect with them on social networks, increasing their credibility in the eyes of others by being seen to have existing business and social relationships.

Amongst other tactics, the hackers are said to have created a bogus news website – newsonair.org (not to be confused with newsonair.com, a legitimate Indian news operation) – that plagiarised news content from other sources.

From my exploration the site does indeed scrape content from legitimate news outlets. For instance, here is a story that newsonair.org published in September 2013 about the iPhone 5S fingerprint sensor quoting me:

And here is the original article, published by CNN:

Now, scraping legitimate news websites – although deeply annoying to those who have worked hard and spent money creating that content – isn’t sadly unusual, and definitely isn’t evidence of internet espionage.

But it should make observers question the legitimacy of the site, and the journalistic credentials of anyone who claims to be connected with it.

In its report, iSIGHT Partners says that the motivation behind the cybercriminal campaign was to steal login credentials for victim’s email accounts, by sending them phishing messages that asked them to login to webpages (presumably to view breaking news articles).

In some cases these phishing pages would have probably presented themselves as the login pages for social networks like Facebook.

It’s not a sophisticated method of attack, but with many users lazily choosing to recycle the same passwords on multiple websites it could lead to hackers gaining access to the login credentials for other important sites, from where they could glean information and conduct reconnaissance.

In addition, iSIGHT Partners says that the attackers used “not particularly sophisticated” malware to exfiltrate data from compromised computers.

The investigators strongly suspect that the threat originated in Iran. This is partly based upon the location of the victims targeted (United States, Israel, Iraq, UK, Saudi Arabia), but also – perhaps surprisingly – upon the hours that the hackers kept:

Though the timing of the social network attack may seem irregular at first, over multiple years the schedule behind the activity becomes apparent. They maintained a regular schedule, including what appears to be a lengthy lunch break followed by the remainder of the work day. These hours conform to work hours in Tehran. Furthermore, the operators work half the day on Thursday and rarely work on Friday, the Iranian weekend. Other clues, such as the targets on which the operators have chosen to focus and additional technical indicators, lead us to believe NEWSCASTER originates in Iran.

It is, of course, always hard to be 100% certain when pointing a finger at a particular country regarding an internet attack. It is, after all, very easy to cover your tracks on the net, and disguise an internet attack to give the impression of coming from a different country.

It is even harder still to prove an attack was state-sponsored, and had the backing of a particular government.

At the same time, it would be wise not to be naive. Ultimately, you have to ask yourself who would have the most to gain from spying on particular countries and particular organisations within those states.

This particular attack may have been relatively low-tech, but it does underline that everyone needs to be vigilant about who they trust online – whether it be a news website or a new connection on a social network. Vigilance can help prevent your organisation from being the next one successfully targeted.

In addition, always use strong, hard-to-crack passwords and ensure that you are never re-using the same passwords on multiple sites.

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Crypto Exchange Finds Location Data on Hacker, Recovers Some Stolen Funds Crypto Exchange Finds Location Data on Hacker, Recovers Some Stolen Funds
Silviu STAHIE

October 04, 2022

2 min read
German Police Arrest Three People Accused of Running Massive Phishing Campaign German Police Arrest Three People Accused of Running Massive Phishing Campaign
Silviu STAHIE

October 03, 2022

1 min read
Prison for ex-eBay staff who aggressively cyberstalked company's critics with Craigslist sex party ads and funeral wreaths Prison for ex-eBay staff who aggressively cyberstalked company's critics with Craigslist sex party ads and funeral wreaths
Graham CLULEY

September 30, 2022

2 min read