Iranians have been conducting a targeted, three-year espionage campaign against high-ranking US officials and a four-star admiral among others, according to a report from private cybersecurity firm iSight Partners which says that it has been tracking the campaign for six months.
“It is such a complex and broad-reaching, long-term espionage campaign for the Iranians,” said iSight senior vice president and former National Security Council aide Tiffany Jones, reports Siobhan Gorman for The Wall Street Journal. “What they lack in technical sophistication, they make up in creativity and persistence.”
Social attacks have a long history of success
That Iran is trying to spy on US officials isn’t surprising, but the details of the operation show how effective social attacks can be when a technical attack isn’t feasible. Iran allegedly created a fake news agency called NewsOnAir.org, made contact with military and government officials, think tankers, defense contractors, and others through Facebook Inc (NASDAQ:FB), LinkedIn Corp (NYSE:LNKD) and other social networking sites posing as journalists making contacts. They would then send links to articles or YouTube videos that would redirect to fake login pages with the intention of collecting their passwords.
You’d like to believe that government officials would know better than to fall for internet phishing, but National Security Agency whistleblower Edward Snowden gained access to many of the confidential files that he has leaked by simply asking colleagues for their passwords. When an Iranian nuclear facility was hit by the Stuxnet virus a few years back, many speculated that hackers got past the air gap by planting infected memory sticks for a curious engineer to plug into the system.
iSight hasn’t said specifically who was targeted or what systems might be compromised, but the potential is quite high. If the unnamed admiral accidentally gave hackers access to his email, for example, they might have sent infected documents to his colleagues without his realizing, gaining access to much more than just the information in his email account.
The NSA should be on top of things like this
The iSight report also shows the limits of mass surveillance. The NSA has been hard at work creating vulnerabilities in the backbone of the internet and gathering untold amounts of data, but they were apparently unable to spot a fake news organization phishing for information on Facebook Inc (NASDAQ:FB). Critics have argued that mass surveillance, even aside from the civil rights issues, isn’t an effective way to defend US interests, and this story is a case in point.