One of the more amusing aspects of social media is the number of fake and/or troll accounts that people use as an outlet when they don’t want to, or can’t, identify themselves. This can also be turned around for a nefarious end. It appears that a group of Iranian hackers with an alleged affiliation with the government of Iran are using this type of ruse to bait unsuspecting government officials as well as journalists.
A team of Iranian hackers operated a fake news website and cultivated more than a dozen online personas – complete with family photos, mundane status updates, and personal blogs – in a sophisticated plot to steal the credentials of more than 2,000 high-level U.S. and Israeli government officials, according to a report by a cyber intelligence group.
This isn’t anything new to be frank. We’ve seen presentations such as one that was given by Nathan Hamiel and Shawn Moyer at Defcon 16. Their presentation entitled “Satan is on my Friends list” tackled how easily many social platforms can be attacked with blended threats including social engineering. This is an attack which tricks a person or persons to divulge information that they wouldn’t otherwise share. A confidence trickster.
So, why do these types of attacks work? Simple reason being is that there is a lack of time and effort spent on educating end users as to how to stay safe online. Sure, security practitioners can scoff from behind their laptop screens but, the simple reality is that the people that are targeted are rarely technically savvy in the first place.
Here is the video of the talk I mentioned earlier:
Another reason that social engineering attacks are so successful is that people are willing to believe. Even if someone semi-famous were to follow them on Twitter or Facebook often there would be a level of excitement and the rational judgement would be put in check. I know that I have experienced this in the past myself but, I fortunately had the moments pause when my doubt was triggered.
Now, take this and weaponize the idea and you get, the Iranian angle.
The hackers created and populated a range of social media accounts for each of six “reporters” with the fake news website NewsOnAir.org, which repurposes articles from Reuters, The Associated Press, the BBC and others, and was still publishing fresh content as of Thursday. Another eight personas claimed to work for the U.S. government or defense contractors.
That site is now offline and unfortunately due to their robots.txt file there was no archive available on the Wayback Machine site.
If your organization doesn't have a security awareness program maybe it is high time you start thinking about it. There needs to be a some sort of concerted effort to slam confidence tricksters into the floor.
If not you can welcome that long lost uncle, who also happens to be a Nigerian prince with a rich inheritance, with open arms.
(Image used under CC from wingtorn)