The extent to which hackers think up elaborate schemes to win people's trust online never ceases to amaze. The latest ones to be so bold are a crew of Iranian hackers who won the trust of American leaders by building a fake news site, along with phony social media profiles for all its fake writers. And it worked.
Security experts at iSight just revealed the details of a three-year-long campaign believed to be masterminded by Iranian spies. This scheme involved creating a fake news organisation, NewsOnAir.org, that they filled with stole stories from Reuters, CNN, BBC and others. They used to site to add credibility to a vast network of fake social media profiles that they'd created for the fake news site's writers and editors. All of this effort was simply so that members of Congress, military leaders, defence contractors, lobbyists and journalists would trust them and accept their friend requests. From there, the hackers would gain access to all kinds of personal information.
If this sounds incredibly elaborate, that's because it is. "We've never seen a cyber espionage campaign from the Iranians as complex, broad reaching and persistent as this one," Tiffany Jones, senior vice president of client services at iSight, told Wired. "The dozen or so primary fictitious personas have done a pretty successful job over the last few years in gleaning thousands of connections and ultimately targeting legitimate individuals through their social media networks."
However complex this particular scheme was, the curious art of impersonation is actually fairly common in the hacker community. A couple years ago, a destructive form of malware that impersonated Microsoft code started popping up in the Middle East, and some even think it was Iranian in origin. Our own NSA similarly impersonated both Google and Facebook to spy.
It's like that old New Yorker cartoon, you know. Even the latest social networking technology makes it pretty easy create fake personas, and the more comfortable we get with seeing random profiles online, the less we scrutinize them. Or maybe we should just get congressmen to stop accepting friend requests from cute strangers with ties to a sketchy news site. [Reuters, Wired]