It’s kind of the oldest trick in the book. Catfishing is where you pretend to be someone you’re not online so that you can trick someone else into doing something. And based on a new report, this is exactly how pro-Assad hackers have been robbing intel from opposition forces: They have been posing as hot girls on Skype and stealing battle plans from the Syrian rebel army.
The security research firm FireEye just published the details of a years-long investigation called “Behind the Syrian Conflict’s Digital Frontlines“. The report describes how pro-Assad forces used catfishing methods to install malware on the phones and computers of Syrian rebels, and then proceeded to steal at least 7.7GB worth of data from some 12,356 contacts in at least eight countries. That’s a lot of information.
The operation sounds almost surgical. The hackers would create fake profiles on Skype or Facebook that included a country-appropriate name and a “femme fatale” avatar. They’d then initiate contact and quickly find out if the victim was using a smartphone or a computer, knowing this would enable them to send the right malware.
After developing a rapport with the victim through small talk, they’d ask to swap photos:
HACKER: Are you opening it on your mobile?
IMAN: Computer and mobile
IMAN:… What is your date of birth?
TARGET: What a nice coincidence
TARGET: [Sent File New-Imam-Picture.pif]
Surprise! The hacker’s photo is a fake, and it’s full of malware that gave attackers full access to the victim’s computer, including valuable military intelligence. (Apparently, Syrian rebel forces would keep photographs of battle plans on their phones and laptops.) What kinds of intel? All kinds:
Sometimes, the threat group would take whole sets of files pertaining to upcoming large-scale military operations. These included correspondence, rosters, annotated satellite images, battle maps, orders of battle, geographic coordinates for attacks, and lists of weapons from a range of fighting groups.
The New York Times details at least one key battle that appears to have been thwarted by hacking-related activities. Essentially, the rebels had planned to take a stretch of highway, but they never carried out the attack. It was revealed in the security research that pro-Assad hackers had stolen much of the rebels’ plans ahead of the battle. In a sense, this is a peek into the future of warfare. [FireEye, NYT, CNBC]