How Iran duped high-ranking US officials with fake website
-
Mark Clayton Staff writer
Iran appears to be the hidden hand behind a three-year cyber-espionage campaign aimed at stealing information from leading high-ranking US military and diplomatic officials via an elaborate fake online news operation, according to a new report.
In spirit, if not daring, the fake news operation offers a whiff of e-payback for the CIA鈥檚 own fake movie-making gambit of 35 years ago, as dramatized in the movie 鈥淎rgo,鈥 in which US Embassy staff who evaded Iranian revolutionary hostage-takers were rescued.
Fake news stories, a fake media mogul who supposedly owned the news site they appeared on, his fake friends, and fake reporters who worked for him were all part of an extensive structure of fictitious personas, pictures, and messages strung across a host of social media sites including LinkedIn, Facebook, and Twitter.
That network was used to win 鈥渇riend鈥 status from about 2,000 targeted people 鈥 including senior military officers and diplomats, says the report by iSight Partners, a Dallas cyber-security company.
Once connected, the cyber-spy 鈥渇riend鈥 sent the targets poisoned links to websites that then stole the targets鈥 passwords and other login information. That聽 permitted the spies to harvest e-mail and other data from those systems.
Dubbed 鈥淣ewscaster鈥 by iSight investigators, the operation employed a slick but entirely fake site called NewsOnAir.org. On the site, the text of actual news stories was plagiarized and credited to fake journalists. Twitter was often used to send links to the articles to victims. Fake web pages of what appeared to be Yahoo, Google, and Outlook Web Access appeared, requiring login information, which was sent to computer servers in Iran.
鈥淭he network was principally leveraged against US and Israeli targets in public and private sectors ... with deliberate attempts to connect with certain entities suggest an interest in political, military, diplomatic, and technical intelligence,鈥 the report said. 鈥淭he majority of personas purport to be journalists, members of the military or defense contractors.鈥
The fake network, while not especially technically sophisticated, shows that Iran is expanding its offensive cyber-capabilities, experts say.
鈥淭his is an Iranian attempt to get smart on US policymaking 鈥 quite probably to give them insight into how the US will respond or react in these nuclear talks,鈥 says Ilan Berman, vice president of the American Foreign Policy Council, a Washington think tank.
The news site and other fake sites associated with it appear to have been created about the time that Iran was crunched by US sanctions and under tremendous pressure to negotiate on reducing its nuclear program, adds John Bumgarner, a former intelligence officer.
鈥淪omeone went to a lot of effort to put this together,鈥 he says. 鈥淚t does seem to parallel the Iranian nuclear program.... And this was a way for Iran to get a look behind the curtain at US intentions.鈥
Iran is widely credited with carrying out damaging cyber-attacks on oil and gas company computers in Saudi Arabia and Qatar in August 2012. A spate of intense distributed denial of service (DDoS) attacks against US banks began in fall 2012, running for about a year before inexplicably petering out.
Along the way, it seems to have expanded its cyber-spying. While not nearly as sophisticated as the US, Russia, China, or France, Iran鈥檚 cyber-espionage efforts included a recent four-month incursion into a US Navy network that put US cyber-counter intelligence on notice, other experts say.
鈥淭hey鈥檝e put in place the structures, strategy, and have acquired software tools from the black market,鈥 James Lewis, a cyber expert with the Center for Strategic and International Studies, concurred in a recent interview. 鈥淭hey have groups whose job it is to hack.鈥
