Hackers thought to be linked to the Syrian regime stole valuable military intelligence from rebels by posing as attractive women online.
The method, known as catfishing, seems to have led to a tangible military advantage for the regime, writes Lorenzo Franceschi-Bicchiera of Mashable. Security firm FireEye has published a detailed report on the operation, which seems to have lasted for months towards the end of 2013.
Hackers tricked victims by sending photos laced with malware
The hackers tricked their victims into installing malware onto their machines by sending what were supposed to be photos of beautiful women. Once the malware was installed it gave the hackers access to huge amounts of sensitive data. FireEye claims that although there is no conclusive evidence as to the identity of the attackers, their interest in specific battle plans seems to point to links with Bashar al-Assad’s regime.
“The attackers were interested in the kind of information that could yield a military edge to the regime,” John Scott-Railton, an independent security researcher who contributed to the report, told Mashable.
Interestingly the victims did not become suspicious when the “women” thought it necessary to ask them whether they were using a computer or a phone. The hackers had access to malware developed specifically for Android devices, and were obviously intent on maximizing their results.
As well as gaining access via Skype, the attackers also utilized fake Facebook profiles, encouraging victims to click on links containing Virtual Private Networks (VPNs), or other documents containing malware.
Who was responsible?
The cyber war in Syria has taken some interesting twists and turns, with some operations attributed to hackers linked to the Syrian Regime, such as the Syrian Electronic Army. However the group has denied any involvement in the Skype honeytrap attack.
Security experts think that the attack was carried out by a new group, given differences in hacking tactics and software. A leaked document would appear to show similarities between training given to Hezbollah members by the Syrian intelligence services in Lebanon and the latest hack, but there is no proof that Hezbollah was involved.