Iran General NewsIranian hackers stalked U.S. Officials, report says

Iranian hackers stalked U.S. Officials, report says


Bloomberg: An Iranian hacking network is behind an elaborate three-year campaign to use social networks to strike up friendships with U.S. lawmakers, defense contractors and at least one four-star general, and then extract data from them, according to a new report.



By Michael Riley 

An Iranian hacking network is behind an elaborate three-year campaign to use social networks to strike up friendships with U.S. lawmakers, defense contractors and at least one four-star general, and then extract data from them, according to a new report.

Such an effort, if linked to Iran’s government, would indicate that Tehran is seeking to mount large-scale hacking efforts to rival those of the U.S. and China. Yet the recent and at times sloppy attempt, as outlined in a report released today by Dallas-based cybersecurity company iSight Partners, also provides a window on a cyberspying operation with lapses in sophistication but vast scope and a clever leveraging of victims’ exposure to social media.

According to iSight’s report, the espionage group created a fake news organization and a stable of fabricated journalists. Using those and other personas, the hackers attempted to interact with some 2,000 military, government and diplomatic officials over Facebook Inc. (FB) and other social-media sites with an aim of getting access to e-mail accounts and personal data, the report said.

The operation bore the hallmarks of an organization willing to devote resources and time to take over computers and e-mail accounts of targets, who were not only from the U.S. but also the U.K., Israel, Saudi Arabia and Iraq, the security researchers said. It also looked like the work of clock-punchers: The hackers took Tehran-time lunch breaks and went quiet from Thursday afternoon to Saturday morning, a schedule consistent with Iran’s work week, iSight said.

‘Cyberwarrior Team’

“Two years ago Iran made a promise to raise a team of cyberwarriors, and they are making good on that promise,” said Patrick McBride, iSight’s vice president for marketing. “This is unlike anything we’ve seen in terms of the lengths these guys have gone to create credible personas and get past the filters people have now.”

ISight said that while the efforts were routed through Iran-based computers, it wasn’t clear if the hackers worked directly for Iran’s government.

Hamid Babaei, a representative of Iran’s United Nations mission in New York, didn’t immediately return an e-mail seeking comment.

The U.S. Federal Bureau of Investigation is aware of the report and declined to comment, said Jenny Shearer, a spokeswoman.

In some ways, the hackers’ tactics and targets are similar to those used by China, the U.S. and other countries in extensive digital spying operations that have increasingly caused tension between governments. The issue exploded again this month when the U.S. indicted five Chinese military hackers on charges of breaking into networks of U.S. companies.

Digital Spying

While U.S. intelligence experts have generally considered Iran a second-tier cyber power, alongside the likes of North Korea and Syria, the latest campaign helps confirm that forces in Tehran are intent on upping the country’s capacity for digital spying, security experts say.

The secretive regime in Tehran has sought to bolster its cyber capabilities since 2010, when some of Iran’s uranium processing capacity was destroyed by a cyber-attack attributed to the U.S. and Israel. Since then, Iranian media has carried reports of a directorate to oversee cyber activities, and a growing army of hackers dedicated to the Islamic Republic.

“This attack is decently technical, but most of it is cleverness and time,” said Jason Healey, director of the cyber statecraft initiative at the Atlantic Council in Washington. “Iran believes they are facing dangerous attacks by Israel, dangerous attacks by the U.S., and they know they have to come up with some clever stuff.”

Friending Hackers

The alleged attacks serve as a reminder of social-media vulnerabilities. The hackers connected with friends of the intended targets, the investigators said, to gain trust. Then they would send videos or links to stories, embedding malicious software that allow the hackers to access e-mail and steal data.

ISight didn’t identify any of the alleged targets. It wasn’t certain how many people lost data or had accounts compromised, McBride said.

According to the report, the hackers created a website,, filling it with news stories it attributed to its own journalists, who went by names including Sara McKibben and Adia Mitchell. The same names were found on Facebook pages and LinkedIn Corp. (LNKD) accounts that featured extensive postings. Young, attractive women were often shown in the profile photos, the report said.

The alleged journalists interacted with each other on social-media sites in a way that added to their legitimacy, it added.

Suspicious Profiles

Facebook deleted the suspicious profiles about a week ago, according to Jay Nancarrow, a spokesman, who said the company’s security team had discovered the profiles while investigating “suspicious” friend requests. LinkedIn is investigating the report’s claims, said Hani Durzy, a spokesman. None of the LinkedIn profiles cited in the report are now active, Durzy said.

The group also created personas designed to target U.S. defense contractors and senior military officials, including a job recruiter for the defense industry and a systems administrator for the U.S. Navy, the report said.

The faux-journalists would sometimes use stilted English. They lifted stories directly from large news organizations, putting the articles under the names of their alleged journalists — sometimes using multiple spellings of the same reporter’s name, the report said.

American Banks

U.S. intelligence officials have attributed a wave of attacks against the websites of American banks in 2012 and 2103 to Iranian military hackers. Iranian media reported last year that the chief of its unit dedicated to cyber warfare was found shot dead in the woods northwest of Tehran, a report that publicized both the unit and an air of intrigue surrounding it.

Private security firms have also tracked Iranian patriotic hackers, including a group of student hackers known as Cyber Warriors Team, which took credit for hacking National Aeronautics and Space Administration computers in 2012.

Although the campaign described by iSight stretches back to 2011, Iran is still a relative newcomer at cyber operations. The Chinese military unit to which the five indicted officers belong has been active since at least 2002, according to leaked classified U.S. diplomatic cables published by WikiLeaks.

That may be a challenge for countries trying to master digital spying now, because governments and companies have already begun to sharpen their defenses.


“As more people have bought security technologies, it’s become harder for sure,” said Jacob Olcott, a principal at Good Harbor Security Risk Management in Washington. “It doesn’t mean that major security incidents can’t happen, aren’t happening — but you may be getting closer to stopping the easier stuff.”

Latest news

US Sanctions IRGC’s Foreign Terrorism, Intel Unit Chief

The US government has imposed sanctions targeting the Chief of the Intelligence Unit of Iran’s Islamic Revolutionary Guard Corps...

Iran’s Fruit Production: Exports High, Consumption Low, Prices Soar

Iran's diverse climate, topography, and altitude give rise to a wide variety of fruits, ranging from tropical dates to...

Iran’s impoverished population has skyrocketed

Over the course of a decade, 11 million people (about twice the population of Arizona) have been added to...

Iran’s Medicine Shortage Continues as Production of Sports Supplements Increase

One of the dilemmas before ordinary Iranians is the shortage and skyrocketing price of medicines. All the while, the...

Iranian Regime Presidency Servers Taken Over By Dissidents, Exposing Regime Vulnerabilities

In a significant security breach, the official website of the Iranian regime’s presidency was taken over by Iranian dissidents...

Abolfazl Amir Ataei, 16, Dies After 8 Months In A Coma

Abolfazl Amir Ataei, a 16-year-old teenager in the Iranian capital of Tehran, died on Friday, May 26, after being...

Must read

Larijani: Iran will suspend nuclear spot checks if threatened

Iran Focus: Tehran, Iran, Oct. 10 – Ali Larijani,...

Iran leader’s blog attracts critics

The Guardian: When Mahmoud Ahmadinejad, the Iranian president, wanted...

You might also likeRELATED
Recommended to you