Iranian Cyber Espionage: A Troubling New Escalation b4in.org/a4hQ By Gabi Siboni , Sami Kronenfeld Anyone following the development of Iran’s cyber capabilities is not surprised that Iran has slowly become a significant power in the cyber arena. Recently, a long term Iranian cyber espionage campaign in the United States was uncovered that made use of “social engineering” and phishing in order to gather information from important officials in the United States, Israel, Great Britain, and other countries. Even if the details revealed do not indicate Iranian use of advanced technology tools, they do show an evolving operational capability to carry out complex operations in cyberspace involving intelligence gathering and the use of an extensive and complex operational infrastructure. The attack, dubbed “Newscaster,” apparently began in 2011, around the time when the Stuxnet attack, intended to damage Iranian centrifuges, was exposed. The attackers collected intelligence and built personal profiles on social networking sites in order to create a complex and coordinated web of virtual identities with fictitious ties to media personalities, officials from the US administration and the military, diplomats, members of Congress, defense contractors, and others. They created detailed false social networking profiles on sites such as Facebook, LinkedIn, Twitter, and Google+ with credible and convincing covers and backgrounds. The attackers even set up a virtual system to support the background stories of the false personas, including a fictitious news website, NewsOnAir.org, where six of them ostensibly worked. The use of false personas is not new in the world of cyber espionage. However, the ability to create a set of false identities supported by a system of maintenance and management, in a way that can persuade the victims over time that the identity is real, shows that Iran has upgraded its operational capabilities in cyberspace. Once these personas were created, the Iranians began to manage them and to make contact with officials whom they considered close to the administration and viewed as potential sources of valuable information. Among their targets were past and present government officials, journalists, think tank fellows, and defense industry figures. The attackers were patient and used sophisticated means of making contact and establishing trust with their targets, using the victims’ social circles and effectively exploiting the various platforms provided by the social networks. The goal was to create sufficient trust to allow them to send e-mails with malicious code. And in fact, once they succeeded in establishing this trust, they sent e-mails with code that installed itself on a victim’s computer or directed the user to a fake page requiring private information so that this information would reach the attackers. More b4in.org/a4hQ
Posted on: Wed, 18 Jun 2014 23:20:37 +0000
Trending Topics
Recently Viewed Topics
© 2015